A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture

Traditional password based authentication schemes are mostly considered in single-server environments. They are unfit for the multi-server environments from two aspects. Recently, base on Sood et al.?s protocol (2011), Li et al. proposed an improved dynamic identity based authentication and key agreement protocol for multi-server architecture (2012). Li et al. claim that the proposed scheme can make up the security weaknesses of Sood et al.?s protocol. Unfortunately, our further research shows that Li et al.?s protocol contains several drawbacks and cannot resist some types of known attacks. In this paper, we further propose a lightweight dynamic pseudonym identity based authentication and key agreement protocol for multi-server architecture. In our scheme, service providing servers don?t need to maintain verification tables for users. The proposed protocol provides not only the declared security features in Li et al.?s paper, but also some other security features, such as traceability and identity protection.     

Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment

Recently, Liao and Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment, and claimed that their scheme was intended to provide mutual authentication, two-factor security, replay attack, server spoofing attack, insider and stolen verifier attack, forward secrecy and user anonymity. In this paper, we show that Liao and Wang's scheme is still vulnerable to insider's attack, masquerade attack, server spoofing attack, registration center spoofing attack and is not reparable. Furthermore, it fails to provide mutual authentication. To remedy these flaws, this paper proposes an efficient improvement over Liao–Wang's scheme with more security. The computation cost, security, and efficiency of the improved scheme are well suited to the practical applications environment.     

A new electronic traveler’s check scheme based on one-way hash function

Nowadays, electronic commerce is booming on the Internet and becoming more popular. Many kinds of electronic services have been developed. The most successful are the electronic payment systems such as the electronic cash/check and wallet. Most electronic payment systems are based on an elaborate discrete logarithm that raises an important issue regarding efficiency. Therefore, Hsien et al. proposed an electronic traveler’s check system in 2001 using a discrete logarithm. In this paper, we propose a new electronic traveler’s check system based on one-way hash function to improve efficiency and cost. Furthermore, our proposed scheme supports an on-line and off-line electronic traveler’s check system of practical flexibility for use in the real world.     

无单向Hash函数的数字多签名方案

Shieh等人提出了一种适用于移动代码的并列多签名和顺序多签名方案,但是,Hwang、Chang分别对所依据的基本签名方案提出了伪造攻击.对Shieh的并列多签名方案提出一种伪造攻击,接着提出新的没有使用单向Hash函数和消息冗余模式的基本签名方案,并提出了新的顺序多签名和并列多签名方案.该方案既具有Shieh方案的优点又克服了其不足,还可抵抗已知的伪造攻击.     

Security of robust generalized MQV key agreement protocol without using one-way hash functions

The MQV key agreement protocol has been adopted by IEEE P1363 Committee to become a standard, which uses a digital signature to sign the Diffie–Hellman public keys without using any one-way hash function. Based on the MQV protocol, Harn and Lin proposed a generalized key agreement protocol to enable two parties to establish multiple common secret keys in a single round of message exchange. However, the Harn–Lin protocol suffers from the known-key attack if all the secret keys established are adopted. Recently, Tseng proposed a new generalized MQV key agreement protocol without using one-way hash functions. Tseng claimed that the proposed protocol is robust since the new protocol can withstand the forgery attack and the known-key attack. In this paper we show that this protocol is not secure since the receiver can forge signatures. We also propose an improved authenticated multiple-key agreement protocol, which is secure against the forgery attack and the known-key attack.     

A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards

Advancement in communication technology provides a scalable platform for various services, where a remote user can access the server from anywhere without moving from its place. It provides a unique opportunity for online services such that a user does not need to be physically present at the service center. These services adopt authentication and key agreement protocols in order to ensure authorized and secure access to the resources. Most of the authentication schemes proposed in the literature support a single-server environment, where the user has to register with each server. If a user wishes to access multiple application servers, he/she requires to register with each server. The multi-server authentication introduces a scalable platform such that a user can interact with any server using single registration. Recently, Chuang and Chen proposed an efficient multi-server authenticated key agreement scheme based on a user’s password and biometrics (Chuang and Chen, 2014). Their scheme is a lightweight, which requires the computation of only hash functions. In this paper, we first analyze Chuang and Chen’s scheme and then identify that their scheme does not resist stolen smart card attack which causes the user’s impersonation attack and server spoofing attack. We also show that their scheme fails to protect denial-of-service attack. We aim to propose an efficient improvement on Chuang and Chen’s scheme to overcome the weaknesses of their scheme, while also retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Chuang and Chen’s scheme. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against the replay and man-in-the-middle attacks. In addition, our scheme is comparable in terms of the communication and computational overheads with Chuang and Chen’s scheme and other related existing schemes.     

Analysis and design of a smart card based authentication protocol

Numerous smart card based authentication protocols have been proposed to provide strong system security and robust individual privacy for communication between parties these days. Nevertheless, most of them do not provide formal analysis proof, and the security robustness is doubtful. Chang and Cheng （2011） proposed an efficient remote authentication protocol with smart cards and claimed that their proposed protocol could support secure communication in a multi-server environment. Unfortunately, there are opportunities for security enhancement in current schemes. In this paper, we identify the major weakness, i.e., session key disclosure, of a recently published protocol. We consequently propose a novel authentication scheme for a multi-server envi- ronment and give formal analysis proofs for security guarantees.     

基于HEVC屏幕图像编码的哈希表的优化算法

仿2维匹配算法对屏幕图像中的非连续色调区域有很好的压缩性能,但该算法中哈希表的空间开销较大,不利于硬件实现。为了减小哈希表的空间,通过对原算法优化提出了一种3字节计算哈希值方法,将源数据看作是一个由以YUV三元组为元素组成的数据集合,然后以YUV三元组为单位计算哈希值,这样不但减少了哈希值的计算量,而且使哈希表的存储空间得到很大的节省。实验结果表明,3字节计算哈希值方法使哈希表的存储空间减少为原算法的1/3,所测试屏幕图像的BD-rate性能也有所提高。     

A strong user authentication scheme with smart cards for wireless communications

Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.     

基于智能卡的远程认证体制

介绍了2006年 Manik 提出的远程认证体制,对其存在安全缺陷进行了详细分析.在此基础上,提出一种改进的远程认证体制.该体制使用用户智能卡生成一个立即数并使用两种杂凑运算,以改进整个认证体制的安全性能和计算性能.与现有的其它远程认证体制相比,提出的远程认证体制还实现了用户和远程服务器之间的双向认证.     

在多服务器环境下的双因素动态身份鉴别方案

针对Li等人基于智能卡的多服务器身份认证方案,分析指出了其中存在的安全性问题,提出了一个改进的双因素动态身份鉴别方案.该方案为用户提供了一种关于身份注册信息的自我更新机制,用户可以在不与远程服务器通信的状态下,动态更新身份标志、口令和秘密参数等相关信息.另外,自验证的时间戳技术的借鉴利用,不仅避免了时钟同步问题,而且节约了产生随机数的开销.该方案还实现了用户的动态登录和对用户登录操作的可追踪性.新方案不仅继承了Li方案计算量低、存储量小的优点,而且还提高了认证方案的安全性和实用性,可以适用于实际的网络环境和应用.     

DoS-resistant ID-based password authentication scheme using smart cards

In this paper, we provide a defense mechanism to Kim-Lee-Yoo’s ID-based password authentication scheme, which is vulnerable to impersonation attacks and resource exhaustion attacks. Mutual authentication and communication privacy are regarded as essential requirements in today’s client/server-based architecture; therefore, a lightweight but secure mutual authentication method is introduced in the proposed scheme. Once the mutual authentication is successful, the session key will be established without any further computation. The proposed defense mechanism not only accomplishes the mutual authentication and the session key establishment, but also inherits the security advantages of Kim-Lee-Yoo’s scheme, e.g. it is secure against password guessing attacks and message replay attacks.     

基于Logistic映射的单向散列函数研究

混沌动力学系统在一定的参数范围内出现混沌运动,且其产生的混沌序列具有良好的伪随机性、遍历性和初值敏感性。通过采用Logistic混沌映射构造单向散列函数采生成散列值,实验结果表明：该方法实现简单,对初值有高度的敏感性,具有良好的单向散列性能。     

Using an efficient hash chain and delaying function to improve an e-lottery scheme

A multi-level hash chain structure is employed to improve a fair e-lottery scheme which ensures secure winning number generation and verification and to make verification more efficient. In addition, an implementation of a delaying function based on a secure hash function is presented.     

基于Schnorr签名体制的远程用户认证系统

提出了一个新的基于Schnorr签名体制和智能卡的远程用户认证系统,系统不需要使用传统的通行字表,并可防范重放攻击,能够安全而有效地工作在通信链路不安全的网络环境中。     

A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem

Recently, Yang and Chang proposed an identity-based remote login scheme using elliptic curve cryptography for the users of mobile devices. We have analyzed the security aspects of the Yang and Chang's scheme and identified some security flaws. Also two improvements of the Yang and Chang's scheme have been proposed recently, however, it has been found that the schemes have similar security flaws as in the Yang and Chang's scheme. In order to remove the security pitfalls of the Yang and Chang and the subsequent schemes, we proposed an enhanced remote user mutual authentication scheme that uses elliptic curve cryptography and identity-based cryptosystem with three-way challenge-response handshake technique. It supports flawless mutual authentication of participants, agreement of session key and the leaked key revocation capability. In addition, the proposed scheme possesses low power consumption, low computation cost and better security attributes. As a result, the proposed scheme seems to be more practical and suitable for mobile users for secure Internet banking, online shopping, online voting, etc.     

On-siteDriverID: A secure authentication scheme based on Spanish eID cards for vehicular ad hoc networks

Security in Vehicle Ad Hoc Networks (VANETs) has been a topic of interest since the origins of vehicular communications. Different approaches have been followed as new security threats have emerged in the last few years. The approach of conditional privacy has been widely used as it guarantees authentication among vehicles but not revealing their real identities. Although the real identity of a vehicle can be traced by the authorities, the process to do that is time consuming and typically involves several entities (for instance road authorities that request the identification, license plate records bodies, a judge to allow revealing the identity associated to a license plate…). Moreover, this process is always subsequent to the detection of a road situation that requires knowing the real vehicle identities. However, in vehicular scenarios, authorities would beneficiate from knowing the real drivers’ identity in advance. We propose in this paper On-SiteDriverID, a secure protocol and its application which allows authorities’ vehicles to obtain drivers’ real identities rapidly and on demand on VANET scenarios. Thus, authorities would be able to gather information about drivers and vehicles, allowing them to act in a safer and better manner in situations such as traffic control duties or emergencies. The obtained simulation results in real VANET scenarios based on real maps guarantee that in the 60%–70% of cases the proposed On-SiteDriverID successfully obtains the identity of the drivers.     

An attack on hash function HAVAL-128

Hash function is directly applied to data integrity, and is the security guarantee for many cryptosystems and protocols such as signature, group signature, message authentication code, e-cash, bit commitment, coin-flipping, e-voting, etc. According to the structure of the existing hash functions, they can be mainly divided into two kinds: one is based on the cipher blocks, the other is directly constructed. We name the second the dedicated hash function.According to the different message proce…     

Remote login authentication scheme based on a geometric approach

A smart card-oriented remote login authentication scheme is presented. The proposed scheme can be divided into three phases: registration, login and authentication. In the registration phase, the registering user chooses a password only known to himself. The central authority (CA) assigns an identity for the user, and delivers a smart card to the registered user. The smart card contains some necessary public parameters used in the login and authentication phases. Based on some simple properties of Euclidean geometry, the login and authentication phases can be achieved easily. Impersonation and replay attacks on the proposed scheme are discussed.