An efficient three factor–based authentication scheme in multiserver environment using ECC

Recently, Li et al have developed a smartcard‐based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password‐guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above‐mentioned security flaws, we have proposed an efficient three factor–based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows‐Abadi‐Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual‐authentication and session‐key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes.     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor

User authentication is a prominent security requirement in wireless sensor networks (WSNs) for accessing the real‐time data from the sensors directly by a legitimate user (external party). Several user authentication schemes are proposed in the literature. However, most of them are either vulnerable to different known attacks or they are inefficient. Recently, Althobaiti et al. presented a biometric‐based user authentication scheme for WSNs. Although their scheme is efficient in computation, in this paper, we first show that their scheme has several security pitfalls such as (i) it is not resilient against node capture attack; (ii) it is insecure against impersonation attack; and (iii) it is insecure against man‐in‐the‐middle attack. We then aim to propose a novel biometric‐based user authentication scheme suitable for WSNs in order to withstand the security pitfalls found in Althobaiti et al. scheme. We show through the rigorous security analysis that our scheme is secure and satisfies the desirable security requirements. Furthermore, the simulation results for the formal security verification using the most widely used and accepted Automated Validation of Internet Security Protocols and Applications tool indicate that our scheme is secure. Our scheme is also efficient compared with existing related schemes. Copyright © 2015 John Wiley & Sons, Ltd.     

On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.     

Anonymous and expeditious mobile user authentication scheme for GLOMONET environments

The Global Mobility Network (GLOMONET) is rapidly becoming important as well as a popular feature in today's high‐performance network. The legal mobile users enjoy life using the ubiquitous services via GLOMONET. However, because of the broadcast nature of the wireless channel, providing user authentication along with the privacy and anonymity of the users in GLOMONET is indeed a challenging task. In this article, we come up with a secure and expeditious mobile communication environment using symmetric key cryptosystem to ensure mobile users' anonymity and privacy against eavesdroppers and backward/forward secrecy of the session key. Our scheme can also protect numerous security threats, like man‐in‐the‐middle attack, known session key attack, lost smartcard attack, and forgery attack. Furthermore, we put forward a new technique named as “friendly foreign agent policy,” where many foreign agents can make different groups among themselves and perform important responsibilities to authenticate a legitimate mobile user without interfering his or her home agent even though the mobile user moves to a new location, covered by a new foreign agent (belongs to the same group). Security and performance analyses show that the proposed scheme is secure and more efficient as compared with other competitive schemes for GLOMONET environments.     

An extended ECC‐based anonymity‐preserving 3‐factor remote authentication scheme usable in TMIS

A telecare medicine information system (TMIS) helps in providing an efficient communication platform to patients from home to consult doctors at a clinical center. In TMIS, the patient's confidentiality, security, and mutual authentication are very crucial; so remote authentication plays a vital role for verifying the legitimacy of patients. Recently, Amin and Biswas have devised a remote authentication protocol for TMIS, claiming it to be secured from various malicious vulnerabilities. We examine this protocol and find that it is not able to withstand many attacks that include off‐line and online password‐guessing, identity‐guessing, user impersonation, privileged insider, and known session key temporary information attacks. We propose a 3‐factor–based authentication protocol for TMIS by overcoming these security shortcomings. We present its security verification in formal and informal ways, which assert its resistivity against various security threats. We use the Burrows‐Abadi‐Needham logic for validating it, and with the Automated Validation of Internet Security Protocols and Applications tool, it is simulated. Further, the performance evaluation and the security functionalities justify high degree of security with efficient complexity.     

An anonymous and provably secure authentication scheme for mobile user

Chebyshev chaotic map is an important tool used in the domain of cryptography to develop different schemes for numerous applications. In 2014, Lin put forwarded a mobile user authentication system using dynamic identity and chaotic map. Lin declared that the scheme offers mutual authentication and session key agreement between user and server. Moreover, they stated that the scheme offers user anonymity and resilience against known attacks. However, we carefully examined Lin's scheme and found that it is no longer usable for practical applications as (i) it has no facility to identify the wrong password and identity, which are inputted by the user during login and password update phases, (ii) it has no facility to protect user impersonation attack, and (iii) it has the problem of session key forward secrecy. We put forwarded an enhanced scheme based on extended chaotic map to repair the fragilities of Lin's scheme. We formally examined the security of our scheme and demonstrated that it is provably secured in random oracle model. Further, we presented some informal cryptanalysis to make sure that the enhanced scheme is secure from known attacks. Our scheme is also computation efficient against other competitive protocols. Copyright © 2016 John Wiley & Sons, Ltd.     

A provable and secure mobile user authentication scheme for mobile cloud computing services

The mobile cloud computing (MCC) has enriched the quality of services that the clients access from remote cloud‐based servers. The growth in the number of wireless users for MCC has further augmented the requirement for a robust and efficient authenticated key agreement mechanism. Formerly, the users would access cloud services from various cloud‐based service providers and authenticate one another only after communicating with the trusted third party (TTP). This requirement for the clients to access the TTP during each mutual authentication session, in earlier schemes, contributes to the redundant latency overheads for the protocol. Recently, Tsai et al have presented a bilinear pairing based multi‐server authentication (MSA) protocol, to bypass the TTP, at least during mutual authentication. The scheme construction works fine, as far as the elimination of TTP involvement for authentication has been concerned. However, Tsai et al scheme has been found vulnerable to server spoofing attack and desynchronization attack, and lacks smart card‐based user verification, which renders the protocol inapt for practical implementation in different access networks. Hence, we have proposed an improved model designed with bilinear pairing operations, countering the identified threats as posed to Tsai scheme. Additionally, the proposed scheme is backed up by performance evaluation and formal security analysis.     

UCAP:a PCL secure user authentication protocol in cloud computing

As the combine of cloud computing and Internet breeds many flexible IT services,cloud computing becomes more and more significant.In cloud computing,a user should be authenticated by a trusted third party or a certification authority before using cloud applications and services.Based on this,a protocol composition logic (PCL) secure user authentication protocol named UCAP for cloud computing was proposed.The protocol used a symmetric encryption symmetric encryption based on a trusted third party to achieve the authentication and confidentiality of the protocol session,which comprised the initial authentication phase and the re-authentication phase.In the initial authentication phase,the trusted third party generated a root communication session key.In the re-authentication phase,communication users negotiated a sub session key without the trusted third party.To verify the security properties of the protocol,a sequential compositional proof method was used under the protocol composition logic model.Compared with certain related works,the proposed protocol satisfies the PCL security.The performance of the initial authentication phase in the proposed scheme is slightly better than that of the existing schemes,while the performance of the re-authentication phase is better than that of other protocols due to the absence of the trusted third party.Through the analysis results,the proposed protocol is suitable for the mutual authentication in cloud computing.     

Provable data possession scheme with authentication

To satisfy the requirements of identity authentication and data possession proven in the cloud application scenarios,a provable data possession scheme with authentication was proposed.Based on data tag signature and randomness reusing,the proposed scheme could accomplish several issues with three interactions,including the possession proof of cloud data,the mutual authentication between user and cloud computing server,the session key agreement and confirmation.Compared to the simple combination of authentication key agreement and provable data possession schemes,the proposed scheme has less computation and interactions,and better provable securities.In the random oracle model,the security proof of the proposed scheme is given under the computational Diffie-Hellman assumption.     

An efficient lightweight authentication scheme for human-centered industrial Internet of Things

Internet of Things (IoT) specifies a transparent and coherent integration of assorted and composite nodes. Unification of these nodes with large resources and servers has brought advancement in technology for industrial and government services. The industrial IoT (IIoT), with smart nodes, enhance the development and manufacturing of industrial process, which is on demand now. However, the security concern is substantial, and it is required to control to perform prosperous assimilation of IIoT. Authentication of these smart nodes and establishing mutual trust among them is essential to keep vulnerabilities and potential risks out. Hence, this paper presents an efficient lightweight secure authentication protocol from the perspective of human-centered IIoT. This proposed scheme assumes a registration center which simply generates public and secret information for a node when it initially joins the network. Once registration is done, the registration center is not needed anymore, and advanced processes like mutual authentication, secure key exchange, and communications are independently done by nodes involved. Furthermore, we show that this scheme can reduce exponential computations and computational overhead and resolves various possible attacks.     

Weaknesses and improvements of a remote user authentication scheme using smart cards

In 2005, Liu et al.proposed an improvement to Chien et al.'s remote user authentication scheme, using smart cards, to prevent parallel session attack.This article, however, will demonstrate that Liu et al.'s scheme is vulnerable to masquerading server attack and has the system's secret key forward secrecy problem.Therefore, an improved scheme with better security strength, by using counters instead of timestamps, is proposed.The proposed scheme does not only achieve their scheme's advantages, but also enhances its security by withstanding the weaknesses just mentioned.     

An efficient and secure 3‐factor user‐authentication protocol for multiserver environment

In the last decade, the number of web‐based applications is increasing rapidly, which leads to high demand for user authentication protocol for multiserver environment. Many user‐authentication protocols have been proposed for different applications. Unfortunately, most of them either have some security weaknesses or suffer from unsatisfactory performance. Recently, Ali and Pal proposed a three‐factor user‐authentication protocol for multiserver environment. They claimed that their protocol can provide mutual authentication and is secure against many kinds of attacks. However, we find that Ali and Pal's protocol cannot provide user anonymity and is vulnerable to 4 kinds of attacks. To enhance security, we propose a new user‐authentication protocol for multiserver environment. Then, we provide a formal security analysis and a security discussion, which indicate our protocol is provably secure and can withstand various attacks. Besides, we present a performance analysis to show that our protocol is efficient and practical for real industrial environment.     

Research on pairing-free certificateless batch anonymous authentication scheme for VANET

To solve the problem of security and efficiency of anonymous authentication in vehicular ad hoc network,a pairing-free certificateless batch anonymous authentication scheme was proposed.The public and private keys and pseudonyms were jointly generated by the trusted third party and vehicle,so the system security didn't depend on the tamper device.The scheme can realize authentication,anonymity,traceability,unforgeability,forward or backward security,and so on.Furthermore,under the random oracle model,the scheme can resist Type I and Type II attacks.Because there is no need to use certificates during authentication,the system storage load is effectively reduced.At the same time,the scheme realizes the batch message authentication on the basis of pairing-free operation,so the authentication efficiency is improved.Therefore,the scheme has important theoretical significance and application value in the resource-limited internet of things or embedded environment.     

A provably secure biometrics and ECC‐based authentication and key agreement scheme for WSNs

Wireless sensor networks (WSNs) underpin many applications of the Internet of Things (IoT), ranging from smart cities to unmanned surveillance and others. Efficient user authentication in WSNs, particularly in settings with diverse IoT device configurations and specifications (eg, resource‐constrained IoT devices) and difficult physical conditions (eg, physical disaster area and adversarial environment such as battlefields), remains challenging, both in research and in practice. Here, we put forth a user anonymous authentication scheme, relying on both biometrics and elliptic curve cryptography, to establish desired security features like forward and backward secrecy. We then make use of the Random‐or‐Real (RoR) model to prove the security of our scheme. We have implemented the proposed scheme in an environment compatible with WSNs. We show after conducting the comparison of the proposed scheme with some recent and related existent schemes that it satisfies various essential and desirable security attributes of a WSN environment. We conclude that the proposed scheme is suitable for the WSN scenario demanding high security.     

Privacy‐preserving authentication scheme for on‐road on‐demand refilling of pseudonym in VANET

Privacy in Vehicular Ad Hoc Networks (VANET) is fundamental because the user's safety may be threatened by the identity and the real‐time spatiotemporal data exchanged on the network. This issue is commonly addressed by the use of certified temporal pseudonyms and their updating strategies to ensure the user's unlinkability and anonymity. IEEE 1609.2 Standard specified the process of certifying pseudonym along with certificates structure. However, the communication procedure between the certifying authority and the requesting vehicle was not defined. In this paper, a new privacy‐preserving solution for pseudonym on‐road on‐demand refilling is proposed where the vehicle anonymously authenticates itself to the regional authority subsidiary of the central trusted authority to request a new pseudonyms pool. The authentication method has two phases, the first one uses anonymous tickets, and the second one is a challenge‐based authentication. The anonymous tickets are certificates that do not include the identity of the user. Instead, it contains a reference number and the certifying authority signature. The challenge authentication is identity‐less to preserve the privacy, yet it is used to prevent the misuse of tickets and the impersonation of its owner. Our proposed scheme is analyzed by the use of Burrows, Abadi and Needham (BAN) logic to demonstrate its correctness. It is also specified and checked by using the Security Protocol ANimator (SPAN) and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tools. The logical demonstration proved that this privacy‐preserving authentication is assured. The SPAN and AVISPA tools illustrated that it is resilient to security attacks.     

An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC

The telecare medicine information systems (TMISs) not only help patients to receive incessant health care services but also assist the medical staffs to access patients' electronic health records anytime and from anywhere via Internet. Since the online communications are exposed to numerous security threats, the mutual authentication and key agreement between patients and the medical servers are of prime significance. During the recent years, various user authentication schemes have been suggested for the TMISs. Nonetheless, most of them are susceptible to some known attacks or have high computational cost. Newly, an effective remote user authentication and session key agreement protocol has been introduced by Ravanbakhsh and Nazari for health care systems. Besides the nice contributions of their work, we found that it has two security weaknesses, namely, known session‐specific temporary information attack and lack of perfect forward secrecy. As a result, to overcome these deficiencies, this paper suggests a novel anonymous and unlinkable user authentication and key agreement scheme for TMISs using the elliptic curve cryptosystem (ECC). We have evaluated the security of the proposed scheme by applying the automated validation of internet security protocols and applications (AVISPA) tool with the intention of indicating that our scheme can satisfy the vital security features. In addition, we have compared the proposed protocol with related schemes to show that it has a proper level of performance. The obtained results demonstrate that the new scheme is more preferable considering both efficiency and security criteria.     

Research on batch anonymous authentication scheme for VANET based on bilinear pairing

To solve the problem of efficiency of anonymous authentication in vehicular ad hoc network,a batch anonymous authentication scheme was proposed by using bilinear pairing on elliptic curves .The signature was generated by the roadside unit node (RSU) and the vehicle together.Thus,the burden of VANET certification center was reduced and the authentication efficiency was proved.Meanwhile,the difficulty of the attacker to extract the key was increased.Furthermore,security proofs were given to the scheme in the random oracle model.Analysis shows that the proposed scheme can meet the needs of many kinds of security requirements,the computational overhead is significantly reduced,and the authentication efficiency is improved effectively too.Therefore,the scheme has important theoretical significance and application value under computational capability constrained Internet of things (IoT) environment.     

Efficient and secure message authentication scheme for VANET

A new efficient identity-based message authentication scheme for VANET was proposed. The proposed scheme decreased the complexity of cryptographic operations on signature by using elliptic curve cryptosystem (ECC) to construct authentication protocol without bilinear pairing and provided the function of conditional privacy-preserving. Security analysis demonstrated that the proposed scheme satisfies all security and privacy requirements for VANET. Per-formance analysis show that compared with the most recent proposed schemes the proposed scheme decreases the com-putation cost and communication cost.