Qi Xie,Deren Chen

DOI: https://doi.org/10.1109/icie.2010.292

2010-01-01

Journal of Networks

Abstract:To use the network services provided by multiple servers in mobile wireless network, a hash function and smart card based multi-server authentication scheme without verification tables and servers' public keys is proposed. The new protocol has many advantages, such as no encryption, signature, verification tables, timestamp, and public keys directory.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Dheerendra Mishra

DOI: https://doi.org/10.48550/arXiv.1401.4790

2014-01-20

Abstract:Advancement in communication technology provides a scalable platform for various services where a remote user can access the server from anywhere without moving from its place. It has provided a unique opportunity for online services, such that the user need not physically present at the service center. These services adopt authentication and key agreement protocols to ensure authorized and secure access to resources. Most of the authentication schemes support single server environment where the user has to register with each server. If a user wishes to access multiple application servers, he requires to register with each of the servers. Although multi-server authentication schemes introduced a scalable platform such that a user can interact with any server using single registration. Recently, Chuang and Chen proposed an efficient multi-server authenticated key agreement scheme based on smart cards along with password and biometrics. This is a lightweight authentication scheme which requires the computation of only hash function. In this article, we present a brief review of Chuang and Chen's scheme. We analyze Chuang and Chen's scheme and identify that their scheme does not resist stolen smart card attack which causes the user's impersonation attack, server spoofing attack and man-in-the middle attack. Additionally, we show that their scheme has a weak key agreement protocol, which does not ensure forward secrecy.

Cryptography and Security

Qi Xie,Ji-Lin Wang,Deren Chen,Xiuyuan Yu

DOI: https://doi.org/10.1109/csse.2008.1043

2008-01-01

Abstract:Recently, Das et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. Liao et al. pointed out some weaknesses of Das et al.psilas scheme, and presented an improved scheme. However, an impersonate attack on Liao et al.psilas scheme is proposed, it proves that their scheme is also insecure. To overcome the weakness, the new scheme is presented. The advantage of the proposed scheme is that there are no secret numbers in the smart card, and can withstand all sorts of attacks.

Dawei Zhao,Haipeng Peng,Shudong Li,Yixian Yang

DOI: https://doi.org/10.48550/arXiv.1305.6350

2013-05-28

Abstract:Recently, Li et al. analyzed Lee et al.'s multi-server authentication scheme and proposed a novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several kinds of attacks. However, through careful analysis, we find that Li et al.'s scheme is vulnerable to stolen smart card and offline dictionary attack, replay attack, impersonation attack and server spoofing attack. By analyzing other similar schemes, we find that the certain type of dynamic ID based multi-server authentication scheme in which only hash functions are used and no registration center participates in the authentication and session key agreement phase is hard to provide perfect efficient and secure authentication. To compensate for these shortcomings, we improve the recently proposed Liao et al.'s multi-server authentication scheme which is based on pairing and self-certified public keys, and propose a novel dynamic ID based remote user authentication scheme for multi-server environments. Liao et al.'s scheme is found vulnerable to offline dictionary attack and denial of service attack, and cannot provide user's anonymity and local password verification. However, our proposed scheme overcomes the shortcomings of Liao et al.'s scheme. Security and performance analyses show the proposed scheme is secure against various attacks and has many excellent features.

Cryptography and Security

Manik Lal Das

DOI: https://doi.org/10.48550/arXiv.0801.0575

2008-01-04

Abstract:The paper presents an authentication scheme for remote systems using smart card. The scheme prevents the scenario of many logged in users with the same login identity, and does not require password/verifier table to validate the users' login request. The scheme provides a user-friendly password change option, and withstands the replay, impersonation, stolen-verifier, guessing, and denial-of-service attacks.

Cryptography and Security

Al-Sakib Khan Pathan,Choong Seon Hong,Tatsuya Suda

DOI: https://doi.org/10.1109/ICCE.2007.341503

2007-12-27

Abstract:This paper proposes a novel remote user authentication scheme using smart cards which allows both the authentication server (AS) and the user to verify authenticity of each other. Our scheme is efficient enough to resist the known attacks that could be launched against remote user authentication process.

Cryptography and Security,Networking and Internet Architecture

Dharminder Dharminder,Uddeshaya Kumar,Pratik Gupta

DOI: https://doi.org/10.1007/s40747-021-00441-7

Abstract:The outbreak of coronavirus has caused widespread global havoc, and the implementation of lockdown to contain the spread of the virus has caused increased levels of online healthcare services. Upgraded network technology gives birth to a new interface "telecare medicine information systems" in short TMIS. In this system, a user from a remote area and a server located at the hospital can establish a connection to share the necessary information between them. But, it is very clear that all the information is always being transmitted over a public channel. Chaotic map possesses a dynamic structure and it plays a very important role in the construction of a secure and efficient authentication protocols, but they are generally found vulnerable to identity-guess, password-guess, impersonation, and stolen smart-card. We have analyzed (Li et al. in Fut Gen Comput Syst 840:149-159, 2018; Madhusudhan and Nayak Chaitanya in A robust authentication scheme for telecare medical information systems, 2008; Zhang et al in Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme, 2017; Dharminder and Gupta in Pratik security analysis and application of Chebyshev Chaotic map in the authentication protocols, 2019) and found that Bergamo's attack (IEEE Trans Circ Syst 52(7):1382-1393, 2005) cannot be resisted by the protocol. Although few of the protocols ensures efficient computations but they cannot ensure an anonymous and secure communication. Therefore, we have proposed a secure and efficient chaotic map based authentication protocol that can be used in telecare medicine information system. This protocol supports verified session keys with only two messages of exchange. Moreover, we have analysed the performance of proposed protocol with relevant protocols and it is being implemented in "Automated Validation of Internet Security Protocols and Applications" respectively.

Manik Lal Das,Ashutosh Saxena,Ved P. Gulati

DOI: https://doi.org/10.1109/TCE.2004.1309441

2007-12-14

Abstract:Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.

Cryptography and Security

Zhuo Hao,Nenghai Yu

DOI: https://doi.org/10.1109/ISDPE.2010.15

2010-01-01

Abstract:Remote user authentication is a critical component of accessing remote services in distributed applications. In this paper we investigate the security vulnerabilities of a previously proposed remote user authentication scheme. After that we propose a security enhanced remote user password authentication scheme, which effectively prevents the adversary's attacks. The proposed authentication scheme is shown to be secure against password guessing attack, masquerade attack and replay attack. By performance analysis, the proposed scheme is shown to be very efficient, both in the computation and the storage cost. The proposed password authentication scheme is very suitable for providing remote authentication in distributed applications.

Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Yuesheng Zhu,Bojun Wang,Cheng Cai

DOI: https://doi.org/10.17706/ijcce.2016.5.3.196-205

2016-01-01

International Journal of Computer and Communication Engineering

Abstract:Traditional smart-card oriented authentication schemes provide a secure method for authorized users to login a remote server through insecure networks. Many modified schemes are presented to enhance the security properties, which include mutual authentication, various attacks resistance, table-free in server, etc. However, the authentication procedures become complicated with abovementioned enhancements, so these enhanced schemes are not practical solutions for the smart card based authentication system. Moreover, since the master key stored in a single server is a sensitive and long-lived secrecy, it is vulnerable to an adversary's agelong attack. Therefore, in this paper, we present an efficient mutual authentication scheme, which provides a practical solution for an industrial application system using smart cards. In addition, our scheme implements the proactive secret sharing method, namely, the master key is divided into several distributed keys, which are separately stored in different servers. Our scheme provides a mechanism to update all distributed keys in every time interval, and detect and then recover the corrupted distributed keys, as well.

Chengqi Wang,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-016-4198-0

IF: 2.577

2016-01-01

Multimedia Tools and Applications

Abstract:With the increase of security requirements, numerous biometrics based authentication schemes that apply the smart card technology are proposed for multimedia medicine information systems in the last several years. Recently, Lu et al. presented a biometrics based authentication and key agreement scheme using extended Chebyshev chaotic maps. Unfortunately, we find that their scheme is still insecure with respect to issues such as flaws in the both login phase and password change phase. And we show that their scheme is vulnerable to the Denial-of-Service attack, user impersonation attack and server masquerade attack, which also fails to achieve the user anonymity. In order to remedy these weaknesses, we retain the useful properties of Lu et al.’s scheme to propose a robust biometrics based authentication and key agreement scheme for multimedia medicine information systems. The informal and formal security analysis of our scheme are given respectively, which demonstrate that our scheme satisfies the desirable security requirements. Furthermore, the proposed scheme provides some significant features which are not considered in most of the related schemes, such as, biometric information protection and user re-registration or revocation. Thus, our scheme resists the known attacks and is efficient for practical applications in the multimedia medicine information systems.

Wenting Li,Yaosheng Shen,Ping Wang

DOI: https://doi.org/10.1007/s11265-017-1305-z

2017-01-01

Abstract:Smart-card-based user authentication is a significant security mechanism that allows remote users to be granted access to services and resources in distributed computing environments. In this paper, we review three password-based authentication schemes with smart cards proposed by Mishra et al., in JISA 2015, Wu et al. in SCN 2015 and Moon et al. in IJNS 2017, respectively. We demonstrate that: (1) Despite being armed with a formal security proof in all schemes, Mishra et al.’s scheme actually cannot achieve the claimed feature of user anonymity and is vulnerable to a new insider attack scenario; and (2) Wu et al.’s scheme remains being susceptible to de-synchronization attack as they stated to overcome the weaknesses of Kumar et al.’s scheme. (3) Moon et al.’s scheme cannot achieve user anonymity and is susceptible to a novel impersonation attack. Furthermore, with the cryptanalysis of these three schemes and our previous protocol design and analysis experience, we figure out two principles to design more robust smart-card-based user authentication schemes. The proposed principles would be helpful to protocol designers for proposing schemes with desirable user friendliness and security.

Chun‐Ta Li,Chun-Ta Li

DOI: https://doi.org/10.1002/sec.1487

IF: 1.968

2016-03-11

Security and Communication Networks

Abstract:Abstract A multi‐server environment helps the users to register at the registration center once and can gain numerous network services and resources provided by remote application servers. In order to protect sensitive data from unauthorized disclosure, to authenticate the identities of network participants, and to preserve user anonymity, many chaotic maps‐based multi‐server authenticated key agreement schemes with user anonymity were proposed. Recently, Zhu proposed a provable privacy‐protection system towards multi‐server architecture, and the main contributions of their proposed system are achieving mutual authentication between network participants and ensuring the anonymity or hiding identities for the login users. However, we analyze the security of Zhu's scheme and show that it is vulnerable to privileged‐insider attack and does not protect user anonymity. We also demonstrate that Zhu's scheme fails to provide mutual authentication between login user and application server and has a design flaw in anonymous authentication. To withstand these security drawbacks, we further design an improved chaotic maps‐based privacy‐protection scheme for multi‐server environments. In comparison with the existing chaotic maps‐based privacy‐protection schemes, our proposed scheme is more secure with acceptable computation costs for multi‐server environments. Copyright © 2016 John Wiley & Sons, Ltd.

computer science, information systems,telecommunications

De-song Wang,Jian-ping Li,Yuan Tang,Fu-long Xu,Yue-hao Yan

DOI: https://doi.org/10.1142/9789812799524_0026

2008-01-01

Abstract:In the recent several years, Lee et al. and Lin-Lai proposed fingerprint-based remote user authentication schemes using smart cards. But their schemes are vulnerable and susceptible to the attack and have practical pitfalls. Their schemes perform only unilateral authentication (only client authentication). In order to overcome the flaw, Khan and Zhang present a strong remote user authentication scheme by using fingerprint-biometric and smart cards. The proposed scheme is an extended and generalized form of ElGamal's signature scheme whose security is based on discrete logarithm problem, which is not yet forged. In addition, computational costs and efficiency of the proposed scheme are better than other related schemes. But as the time lapses, fingerprint of some people will be changed, such as being burned or being wounded. Once such case happened, the user won't be authentication. So we propose the authentication scheme of remote users by using multimodal biometric (fingerprint and face features) and smart cards. Proposed scheme not only overcome drawbacks and problems of previous schemes, but also provide a stronger and more secure authentication of remote users over insecure network.

Hossen Asiful Mustafa,Hasan Muhammad Kafi

DOI: https://doi.org/10.48550/arXiv.1711.01198

2017-11-03

Abstract:Password security can no longer provide enough security in the area of remote user authentication. Considering this security drawback, researchers are trying to find solution with multifactor remote user authentication system. Recently, three factor remote user authentication using biometric and smart card has drawn a considerable attention of the researchers. However, most of the current proposed schemes have security flaws. They are vulnerable to attacks like user impersonation attack, server masquerading attack, password guessing attack, insider attack, denial of service attack, forgery attack, etc. Also, most of them are unable to provide mutual authentication, session key agreement and password, or smart card recovery system. Considering these drawbacks, we propose a secure three factor user authentication scheme using biometric and smart card. Through security analysis, we show that our proposed scheme can overcome drawbacks of existing systems and ensure high security in remote user authentication.

Cryptography and Security

Chengqi Wang,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1371/journal.pone.0149173

IF: 3.7

2016-01-01

PLoS ONE

Abstract:With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.'s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks.

Dheerendra MIshra

DOI: https://doi.org/10.48550/arXiv.1310.5896

2013-10-22

Abstract:The Telecare medicine information system (TMIS) is developed to provide Telecare services to the remote user. A user can access remote medical servers using internet without moving from his place. Although remote user and server exchange their messages/data via public networks. An adversary is considered to be enough powerful that he may have full control over the public network. This makes these Telecare services vulnerable to attacks. To ensure secure communication between the user and server many password based authentication schemes have been proposed. In 2013, Hao et al. presented chaotic maps-based password authentication scheme for TMIS. Recently, Lee identified that Hao et al.'s scheme fails to satisfy key agreement property, such that a malicious server can predetermine the session key. Lee also presented an efficient chaotic map-based password authentication and key agreement scheme using Smart cards for TMIS. In this article, we briefly review Lee's scheme and demonstrates the weakness of Lee's scheme. The study shows that the Lee's scheme inefficiency of password change phase causes denial of service attack and login phase results extra computation and communication overhead.

Cryptography and Security