Prediction-based secured handover authentication for mobile cloud computing

Mobile cloud computing (MCC) is a new technology that brings cloud computing and mobile networks together. It enhances the quality of service delivered to mobile clients, network operators, and cloud providers. Security in MCC technology, particularly authentication during the handover process, is a big challenge. Current vertical handover authentication protocols encounter different problems such as undesirable delays in real-time applications, the man in the middle attack, and replay attack. In this paper, a new authentication protocol for heterogeneous IEEE 802.11/LTE-A mobile cloud networks are proposed. The proposed protocol is mainly based on the view of the 3GPP access network discovery and selection function, which uses the capacities given by the IEEE 802.11 and the 3GPP long term evolution-advanced (LTE-A) standards interconnection. A prediction scheme, with no additional load over the network, or the user is utilized to handle cloud computing issues arising during authentication in the handover process. The proposed handover authentication protocol outperformed existing protocols in terms of key confidentiality, powerful security, and efficiency which was used to reduce bandwidth consumption.

     

An enhanced bilinear pairing based authenticated key agreement protocol for multiserver environment

To circumvent using of multiple single servers, the theory of multiserver communication exists and numerous authentication protocols put forward for providing secure communication. Very recently, Amin‐Biswas proposes bilinear pairing–based multiserver scheme by describing some security pitfalls of Hsieh‐Leu protocol and claims that it is secured against related security threats. However, this paper claims that Amin‐Biswas protocol is still susceptible to off‐line identity and password guessing attack, user untraceability attack, and server masquerading attack. The cryptographic protocol should be attacks‐free for real‐time application. To achieve attacks‐free security, we put forward smart card–based multiserver authentication protocol by using the concept of bilinear pairing operation. The formal method strand space model has been used to prove the correctness of the proposed scheme. Additionally, rigorous security analysis ensures pliability of common security threats. The performance and security features of our scheme are also compared with that of the similar existing schemes. The comparison results show that our protocol achieves more security features with less complexity.     

Secure user authentication scheme with novel server mutual verification for multiserver environments

The fast growth of mobile services and devices has made the conventional single‐server architecture ineffective from the point of its functional requirements. To extend the scalability and availability of mobile services to various applications, it is required to deploy multiserver architecture. In 2016, Moon et al insisted that Lu et al's scheme is weak to insiders and impersonation attack, then they proposed a biometric‐based scheme for authentication and key agreement of users in multiserver environments. Unfortunately, we analyze Moon et al's scheme and demonstrate that their scheme does not withstand various attacks from a malicious registered server. We propose a user authentication scheme with server mutual verification to overcome these security drawbacks. The proposed scheme withstands an attack from malicious insiders in multiserver environments. We use a threshold cryptography to strengthen the process of server authorization and to provide better security functionalities. We then prove the authentication and session key of the proposed scheme using Burrows‐Abadi‐Needham (BAN) logic and show that our proposed scheme is secure against various attacks.     

Towards generalized ID‐based user authentication for mobile multi‐server environment

With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd.     

Analysis and improvement of a new authenticated group key agreement in a mobile environment

In 2009, Lee et al. (Ann Telecommun 64:735–744, 2009) proposed a new authenticated group key agreement protocol for imbalanced wireless networks. Their protocol based on bilinear pairing was proven the security under computational Diffie–Hellman assumption. It remedies the security weakness of Tseng’s nonauthenticated protocol that cannot ensure the validity of the transmitted messages. In this paper, the authors will show that Lee et al.’s authenticated protocol also is insecure. An adversary can impersonate any mobile users to cheat the powerful node. Furthermore, the authors propose an improvement of Lee et al.’s protocol and prove its security in the Manulis et al.’s model. The new protocol can provide mutual authentication and resist ephemeral key compromise attack via binding user’s static private key and ephemeral key.     

An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings

With the continue evaluation of mobile devices in terms of the capabilities and services, security concerns increase dramatically. To provide secured communication in mobile client–server environment, many user authentication protocols from pairings have been proposed. In 2009, Goriparthi et al. proposed a new user authentication scheme for mobile client–server environment. In 2010, Wu et al. demonstrated that Goriparthi et al.’s protocol fails to provide mutual authentication and key agreement between the client and the server. To improve security, Wu et al. proposed an improved protocol and demonstrated that their protocol is provably secure in random oracle model. Based on Wu et al.’s work, Yoon et al. proposed another scheme to improve performance. However, their scheme just reduces one hash function operation at the both of client side and the server side. In this paper, we present a new user authentication and key agreement protocol using bilinear pairings for mobile client–server environment. Performance analysis shows that our protocol has better performance than Wu et al.’s protocol and Yoon et al.’s protocol. Then our protocol is more suited for mobile client–server environment. Security analysis is also given to demonstrate that our proposed protocol is provably secure against previous attacks.     

An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment

The smart card based password authentication scheme is one of the most important and efficient security mechanism, which is used for providing security to authorized users over an insecure network. In this paper, we analyzed major security flaws of Jangirala et al.’s scheme and proved that it is vulnerable to forgery attack, replay attack, user impersonation attack. Also, Jangirala et al.’s scheme fail to achieve mutual authentication as it claimed. We proposed an improved two factor based dynamic ID based authenticated key agreement protocol for the multiserver environment. The proposed scheme has been simulated using widely accepted AVISPA tool. Furthermore, mutual authentication is proved through BAN logic. The rigorous security and performance analysis depicts that the proposed scheme provides users anonymity, mutual authentication, session key agreement and secure against various active attacks.     

User centric three‐factor authentication protocol for cloud‐assisted wearable devices

Wearable devices, which provide the services of collecting personal data, monitoring health conditions, and so on, are widely used in many fields, ranging from sports to healthcare. Although wearable devices bring convenience to people's lives, they bring about significant security concerns, such as personal privacy disclosure and unauthorized access to wearable devices. To ensure the privacy and security of the sensitive data, it is critical to design an efficient authentication protocol suitable for wearable devices. Recently, Das et al proposed a lightweight authentication protocol, which achieves secure communication between the wearable device and the mobile terminal. However, we find that their protocol is vulnerable to offline password guessing attack and desynchronization attack. Therefore, we put forward a user centric three‐factor authentication scheme for wearable devices assisted by cloud server. Informal security analysis and formal analysis using ProVerif is executed to demonstrate that our protocol not only remedies the flaws of the protocol of Das et al but also meets desired security properties. Comparison with related schemes shows that our protocol satisfies security and usability simultaneously.     

ACDAS: Authenticated controlled data access and sharing scheme for cloud storage

Cloud storage services require cost‐effective, scalable, and self‐managed secure data management functionality. Public cloud storage always enforces users to adopt the restricted generic security consideration provided by the cloud service provider. On the contrary, private cloud storage gives users the opportunity to configure a self‐managed and controlled authenticated data security model to control the accessing and sharing of data in a private cloud. However, this introduces several new challenges to data security. One critical issue is how to enable a secure, authenticated data storage model for data access with controlled data accessibility. In this paper, we propose an authenticated controlled data access and sharing scheme called ACDAS to address this issue. In our proposed scheme, we employ a biometric‐based authentication model for secure access to data storage and sharing. To provide flexible data sharing under the control of a data owner, we propose a variant of a proxy reencryption scheme where the cloud server uses a proxy reencryption key and the data owner generates a credential token during decryption to control the accessibility of the users. The security analysis shows that our proposed scheme is resistant to various attacks, including a stolen verifier attack, a replay attack, a password guessing attack, and a stolen mobile device attack. Further, our proposed scheme satisfies the considered security requirements of a data storage and sharing system. The experimental results demonstrate that ACDAS can achieve the security goals together with the practical efficiency of storage, computation, and communication compared with other related schemes.     

Design and FPGA implementation of an efficient security mechanism for mobile pay‐TV systems

A mobile pay‐TV service is one of the ongoing services of multimedia systems. Designing an efficient mechanism for authentication and key distribution is an important security requirement in mobile pay‐TV systems. Until now, many security protocols have been proposed for mobile pay‐TV systems. However, the existing protocols for mobile pay‐TV systems are vulnerable to various security attacks. Recently, Wang and Qin proposed an authentication scheme for mobile pay‐TV systems using bilinear pairing on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. In this paper, we demonstrate that Wang and Qin's scheme is vulnerable to replay attacks and impersonation attacks. Furthermore, we propose a novel security protocol for mobile pay‐TV systems using the elliptic curve cryptosystem to overcome the weaknesses of Wang and Qin's scheme. In order to improve the efficiency, the proposed scheme is designed in such a way that needs fewer scalar multiplication operations and does not use bilinear pairing, which is an expensive cryptographic operation. Detailed analyses, including verification using the Automated Validation of Internet Security Protocols and Applications tool and implementation on FPGA, demonstrate that the proposed scheme not only withstands active and passive attacks and provides user anonymity but also has a better performance than Wang and Qin's scheme.     

A new authenticated key agreement for session initiation protocol

The session initiation protocol (SIP) is an authentication protocol used in 3G mobile networks. In 2009, Tsai proposed an authenticated key agreement scheme as an enhancement to SIP. Yoon et al. later pointed out that the scheme of Tsai is vulnerable to off‐line password guessing attack, Denning–Sacco attack, and stolen‐verifier attack and does not support perfect forward secrecy (PFS). Yoon et al. further proposed a new scheme with PFS. In this paper, we show that the scheme of Yoon et al. is still vulnerable to stolen‐verifier attack and may also suffer from off‐line password guessing attack. We then propose several countermeasures for solving these problems. In addition, we propose a new security‐enhanced authentication scheme for SIP. Our scheme also maintains low computational complexity. Copyright © 2011 John Wiley & Sons, Ltd.     

Strongly secure ID‐based authenticated key agreement protocol for mobile multi‐server environments

To provide mutual authentication and communication confidentiality between mobile clients and servers, numerous identity‐based authenticated key agreement (ID‐AKA) protocols were proposed to authenticate each other while constructing a common session key. In most of the existing ID‐AKA protocols, ephemeral secrets (random values) are involved in the computations of the common session key between mobile client and server. Thus, these ID‐AKA protocols might become vulnerable because of the ephemeral‐secret‐leakage (ESL) attacks in the sense that if the involved ephemeral secrets are compromised, an adversary could compute session keys and reveal the private keys of participants in an AKA protocol. Very recently, 2 ID‐AKA protocols were proposed to withstand the ESL attacks. One of them is suitable for single server environment and requires no pairing operations on the mobile client side. The other one fits multi‐server environments, but requires 2 expensive pairing operations. In this article, we present a strongly secure ID‐AKA protocol resisting ESL attacks under mobile multi‐server environments. By performance analysis and comparisons, we demonstrate that our protocol requires the lowest communication overhead, does not require any pairing operations, and is well suitable for mobile devices with limited computing capability. For security analysis, our protocol is provably secure under the computational Diffie‐Hellman assumption in the random oracle model.     

Secure anonymous authentication scheme without verification table for mobile satellite communication systems

An authentication scheme is one of the most basic and important security mechanisms for satellite communication systems because it prevents illegal access by an adversary. Lee et al. recently proposed an efficient authentication scheme for mobile satellite communication systems. However, we observed that this authentication scheme is vulnerable to a denial of service (DoS) attack and does not offer perfect forward secrecy. Therefore, we propose a novel secure authentication scheme without verification table for mobile satellite communication systems. The proposed scheme can simultaneously withstand DoS attacks and support user anonymity and user unlinkability. In addition, the proposed scheme is based on the elliptic curve cryptosystem, has low client‐side and server‐side computation costs, and achieves perfect forward secrecy. Copyright © 2013 John Wiley & Sons, Ltd.     

An efficient two‐party authentication key exchange protocol for mobile environment

The primary goal of this research is to ensure secure communications by client‐server architectures in mobile environment. Although various two‐party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two‐party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three‐way challenged‐response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.     

An anonymous and robust multi‐server authentication protocol using multiple registration servers

The concept of multi‐server authentication includes multiple numbers of application servers. The registration/control server is the central point in such environment to provide smooth services to a limited number of legitimate users. However, this type of environment is inappropriate to handle unlimited users since the number of users may grow, and thus, the response time may be very high. To eliminate these shortcomings, we have modified the existing multi‐server authentication architecture and then designed a new scheme by including multiregistration server technique that can provide a smooth environment to support unlimited number of users. The main aspect of our design is to provide a secure authentication environment for multi‐server application using password and smartcard so that the participants can securely communicate with each other. The simulation results are obtained by executing our protocol using AVISPA tool. The results provide concrete evidence about the security safety against active and passive attacks. Furthermore, the justification of correctness of the freshness of the session key negotiation and the mutual authentication between the participants has done been evaluated with the BAN logic model. The comprehensive comparative analysis justifies our argument that our protocol has better applicability in multi‐server environments compared to other protocols with similar nature.     

Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al.

As the core signaling protocol for multimedia services, such as voice over internet protocol, the session initiation protocol (SIP) is receiving much attention and its security is becoming increasingly important. It is critical to develop a roust user authentication protocol for SIP. The original authentication protocol is not strong enough to provide acceptable security level, and a number of authentication protocols have been proposed to strengthen the security. Recently, Zhang et al. proposed an efficient and flexible smart‐card‐based password authenticated key agreement protocol for SIP. They claimed that the protocol enjoys many unique properties and can withstand various attacks. However, we demonstrate that the scheme by Zhang et al. is insecure against the malicious insider impersonation attack. Specifically, a malicious user can impersonate other users registered with the same server. We also proposed an effective fix to remedy the flaw, which remedies the security flaw without sacrificing the efficiency. The lesson learned is that the authenticators must be closely coupled with the identity, and we should prevent the identity from being separated from the authenticators in the future design of two‐factor authentication protocols. Copyright © 2014 John Wiley & Sons, Ltd.     

Robust smart‐card‐based remote user password authentication scheme

Smart‐card‐based remote user password authentication schemes are commonly used for providing authorized users a secure method for remotely accessing resources over insecure networks. In 2009, Xu et al. proposed a smart‐card‐based password authentication scheme. They claimed their scheme can withstand attacks when the information stored on the smart card is disclosed. Recently, Sood et al. and Song discovered that the smart‐card‐based password authentication scheme of Xu et al. is vulnerable to impersonation and internal attacks. They then proposed their respective improved schemes. However, we found that there are still flaws in their schemes: the scheme of Sood et al. does not achieve mutual authentication and the secret key in the login phase of Song's scheme is permanent and thus vulnerable to stolen‐smart‐card and off‐line guessing attacks. In this paper, we will propose an improved and efficient smart‐card‐based password authentication and key agreement scheme. According to our analysis, the proposed scheme not only maintains the original secret requirement but also achieves mutual authentication and withstands the stolen‐smart‐card attack. Copyright © 2012 John Wiley & Sons, Ltd.     

A simplified deniable authentication scheme in cloud‐based pay‐TV system with privacy protection

Cloud computing is a milestones for computing model, which enables on‐demand, flexible, and low‐cost usage of computing resources, especially for cloud storage. Nowadays, the services of cloud‐based pay‐TV systems are emerging endlessly. But these pay‐TV systems' privacy is not given enough attention. The users not only care about their information revealed during transmission processes but are also concerned about whether the video contents that they have seen were recorded by the pay‐TV systems or not. In this work, I propose a novel deniable authentication protocol in a cloud‐based pay‐TV system, named DAP‐TV, aiming to achieve mutual authentication, deniability, and privacy protection in cloud‐based pay‐TV systems. The unique feature of our scheme is deniability which means a pay‐TV system to identify a user is a legal user, but the pay‐TV system cannot prove video contents that the user has seen to any third party over an unsecured network. In additon, our scheme is based on chaotic maps, which is a highly efficient cryptosystem and is firstly used to construct a deniable authentication scheme in pay‐TV systems. Finally, we give the formal security proof and efficiency comparison with recently related works.