An efficient two‐party authentication key exchange protocol for mobile environment

The primary goal of this research is to ensure secure communications by client‐server architectures in mobile environment. Although various two‐party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two‐party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three‐way challenged‐response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.     

An efficient and secure 3‐factor user‐authentication protocol for multiserver environment

In the last decade, the number of web‐based applications is increasing rapidly, which leads to high demand for user authentication protocol for multiserver environment. Many user‐authentication protocols have been proposed for different applications. Unfortunately, most of them either have some security weaknesses or suffer from unsatisfactory performance. Recently, Ali and Pal proposed a three‐factor user‐authentication protocol for multiserver environment. They claimed that their protocol can provide mutual authentication and is secure against many kinds of attacks. However, we find that Ali and Pal's protocol cannot provide user anonymity and is vulnerable to 4 kinds of attacks. To enhance security, we propose a new user‐authentication protocol for multiserver environment. Then, we provide a formal security analysis and a security discussion, which indicate our protocol is provably secure and can withstand various attacks. Besides, we present a performance analysis to show that our protocol is efficient and practical for real industrial environment.     

User centric three‐factor authentication protocol for cloud‐assisted wearable devices

Wearable devices, which provide the services of collecting personal data, monitoring health conditions, and so on, are widely used in many fields, ranging from sports to healthcare. Although wearable devices bring convenience to people's lives, they bring about significant security concerns, such as personal privacy disclosure and unauthorized access to wearable devices. To ensure the privacy and security of the sensitive data, it is critical to design an efficient authentication protocol suitable for wearable devices. Recently, Das et al proposed a lightweight authentication protocol, which achieves secure communication between the wearable device and the mobile terminal. However, we find that their protocol is vulnerable to offline password guessing attack and desynchronization attack. Therefore, we put forward a user centric three‐factor authentication scheme for wearable devices assisted by cloud server. Informal security analysis and formal analysis using ProVerif is executed to demonstrate that our protocol not only remedies the flaws of the protocol of Das et al but also meets desired security properties. Comparison with related schemes shows that our protocol satisfies security and usability simultaneously.     

安全高效的无线传感器网络远程身份验证协议

针对无线传感器网络节点资源受限及通信链路易出错的问题,给出一种安全高效的无线传感器网络远程身份验证协议.该协议采用集中式基于簇的分层无线传感器网络选出最优百分比的簇头,并对其与相邻节点的通信进行授权,再最小化节点能耗实现网络负载平衡,然后每个簇头作为服务器在每个传递消息的有效负载内保证数据认证与交换,对相邻节点进行身份...     

An efficient certificateless key exchange protocol for heterogeneous networks in human-centered IoT systems

Human-centered Internet of things (IoT) systems enable human beings to enjoy the ubiquitous services and play more and more important roles in our life. A common application scenario in human-centered IoT systems is that two distributed wireless devices from heterogeneous networks want to communicate with each other. However, key generation centers (KGCs) from different networks usually use independent security parameters. It is difficult for two users with different security parameters to establish a common session key. We propose a certificateless key exchange protocol for two different devices managed by different KGCs to address the issue. The security of the proposed protocol is conducted in the random oracle model with the hardness assumption of elliptic curve computational Diffie-Hellman (ECDH) problem. The main merits of our protocol include the following: (a) it enables users from heterogeneous networks to establish upon a shared session key, (b) it can solve the key escrow problem, (c) it does not use bilinear pairings and obtains computational efficiency, and (d) it achieves stronger security compared with other related protocols.     

一种RFID系统的Tag-Reader双向安全认证协议

为了保证RFID系统的信息安全,本文在分析现有RFID认证协议的基础上,提出一种基于Grain-Mac流密码加密算法的双向安全认证协议,采用流密码和密钥动态更新的方法实现了标签与阅读器的双向认证。仿真结果表明,该协议成本低、效率高、安全性好,且能够有效抵抗拒绝服务攻击,达到了预期的效果。     

椭圆曲线加密结合cookie信息的物联网终端安全认证协议

针对物联网(IoT)中终端设备接入网络服务器的安全性问题,提出了一种基于椭圆曲线加密(ECC)和cookie信息的物联网终端安全认证协议.协议首先将用户身份信息、服务器私钥、随机数和cookie有效期信息组成一个cookie文件,然后利用椭圆曲线加密体制对其进行加密,并将之存储在智能终端.在认证阶段,通过比对由cookie信息计算的安全参数来实现相互身份认证.性能分析表明,该协议在具有较低计算和通信成本的同时,能够有效抵抗多种攻击,提供了较高的安全性,非常适合应用于物联网中资源有限的终端设备.     

Revised anonymous authentication protocol for adaptive client‐server infrastructure

Rapid evolution in information and communication technologies has facilitated us to experience mobile communication in our daily routine. Mobile user can only avail the services from the server, once he/she is able to accomplish authentication process successfully. In the recent past, several researchers have contributed diverse authentication protocols for mobile client‐server environment. Currently, Lu et al designed two‐factor protocol for authenticating mobile client and server to exchange key between them. Lu et al emphasized that their scheme not only offers invincibility against potential security threats but also offers anonymity. Although this article reveals the facts that their protocol is vulnerable against client and server impersonation, man‐in‐the‐middle, server key breach, anonymity violation, client traceability, and session‐specific temporary attacks, therefore, we have enhanced their protocol to mitigate the above mention vulnerabilities. The enhanced protocol's security strength is evaluated through formal and informal security analysis. The security analysis and performance comparison endorses the fact that our protocol is able to offer more security with least possible computation complexity.     

A novel secure group RFID authentication protocol简

The trend of researching group radio frequency identification devices（RFID） authentication protocol has become increasingly popular in recent years. One of the newest work in this area is from Batina and Lee, they presented a privacy-preserving multi-players grouping-proof protocol based on the elliptic curve cryptography（ECC）, and claimed their protocol have the ability to resist five potential attacks, including compromised tag attack, man-in-the-middle attack, colluding tags attack, etc. In this paper, we first take a counterexample to demonstrate their protocol is vulnerable to compromised tag attack. Then we propose a novel secure RFID authentication protocol, and analyze its security by merging formal analysis, provable security, and mathematical inductive method, so as to solve the weakness of Batina and Lee＇s work. Furthermore, compared with another two classic protocols（secure ownership transfer protocol（SOTP） and secure multiple group ownership transfer protocol（SMGOTP））, the performance analysis show that our protocol provides not only a lower tags＇ communication cost at about 50.0% and 14.3%, but also a lower reader＇s computation cost（approximate 14.5% and 55.1% respectively）, when transferring a large number of tags.     

A secure authentication with key agreement scheme using ECC for satellite communication systems

Recently, Liu et al came up with an authentication with key agreement scheme for securing communication over the low‐earth‐orbit satellite communication systems. However, this paper demonstrates that this scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, making it unpractical. Thus, to design a truly secure authentication scheme for satellite communication systems, this paper presents a new scheme, making use of the advantages of elliptic curve cryptography and symmetric cryptography. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience.     

A provable and secure mobile user authentication scheme for mobile cloud computing services

The mobile cloud computing (MCC) has enriched the quality of services that the clients access from remote cloud‐based servers. The growth in the number of wireless users for MCC has further augmented the requirement for a robust and efficient authenticated key agreement mechanism. Formerly, the users would access cloud services from various cloud‐based service providers and authenticate one another only after communicating with the trusted third party (TTP). This requirement for the clients to access the TTP during each mutual authentication session, in earlier schemes, contributes to the redundant latency overheads for the protocol. Recently, Tsai et al have presented a bilinear pairing based multi‐server authentication (MSA) protocol, to bypass the TTP, at least during mutual authentication. The scheme construction works fine, as far as the elimination of TTP involvement for authentication has been concerned. However, Tsai et al scheme has been found vulnerable to server spoofing attack and desynchronization attack, and lacks smart card‐based user verification, which renders the protocol inapt for practical implementation in different access networks. Hence, we have proposed an improved model designed with bilinear pairing operations, countering the identified threats as posed to Tsai scheme. Additionally, the proposed scheme is backed up by performance evaluation and formal security analysis.     

A secure and efficient identity‐based mutual authentication scheme with smart card using elliptic curve cryptography

The e‐commerce has got great development in the past decades and brings great convenience to people. Users can obtain all kinds of services through e‐commerce platform with mobile device from anywhere and at anytime. To make it work well, e‐commerce platform must be secure and provide privacy preserving. To achieve this goal, Islam et al. proposed a dynamic identity‐based remote user mutual authentication scheme with smart card using Elliptic Curve Cryptography(ECC). Islam et al claimed that the security of their scheme was good enough to resist various attacks. However, we demonstrate that their scheme is vulnerable to insider attack and suffers from off‐line password guessing attack if smart card is compromised. To overcome the deficiencies, we present an improved scheme over Islam's scheme. The security proof and analysis shows that our scheme can also provide user anonymity and mutual authentication, and the security is enough to against relay attack, impersonation attack, and other common secure attackers. The performance analysis shows that the proposed scheme is more efficient than Islam et al's scheme.     

An enhanced secure delegation-based anonymous authentication protocol for PCSs

Rapid development of wireless networks brings about many security problems in portable communication systems (PCSs), which can provide mobile users with an opportunity to enjoy global roaming services. In this regard, designing a secure user authentication scheme, especially for recognizing legal roaming users, is indeed a challenging task. It is noticed that there is no delegation-based protocol for PCSs, which can guarantee anonymity, untraceability, perfect forward secrecy, and resistance of denial-of-service (DoS) attack. Therefore, in this article, we put forward a novel delegation-based anonymous and untraceable authentication protocol, which can guarantee to resolve all the abovementioned security issues and hence offer a solution for secure communications for PCSs.     

Provably secure and efficient PUF‐based broadcast authentication schemes for smart grid applications

Many smart grid applications need broadcast communications. Because of the critical role of the broadcasted messages in these applications, their authentication is very important to prevent message forgery attacks. Smart grid consists of plenty of low‐resource devices such as smart meters or phasor measurement units (PMUs) that are located in physically unprotected environments. Therefore, the storage and computational constraints of these devices as well as their security against physical attacks must be considered in designing broadcast authentication schemes. In this paper, we consider two communication models based on the resources of the broadcasters and receivers and propose a physical unclonable function (PUF)–based broadcast authentication scheme for each of them including Broadcast Authentication with High‐Resource Broadcaster (BA‐HRB) and Broadcast Authentication with Low‐Resource Broadcaster (BA‐LRB). We formally prove that both schemes are unforgeable and memory leakage resilient. Moreover, we analyze the performance of our proposed schemes and compare them with related works. The comparison results demonstrate a significant improvement in the storage and computational overhead of our schemes compared with the related works.     

A post quantum secure construction of an authentication protocol for satellite communication

Satellite's communication system is used to communicate under significant distance and circumstances where the other communication systems are not comfortable. Since all the data are exchanged over a public channel, so the security of the data is an essential component for the communicating parties. Both key exchange and authentication are two cryptographic tools to establish a secure communication between two parties. Currently, various kinds of authentication protocols are available to establish a secure network, but all of them depend on number–theoretical (discrete logarithm problem/factorization assumption) hard assumptions. Due to Shor's and Grover's computing algorithm number theoretic assumptions are breakable by quantum computers. Although Kumar and Garg have proposed a quantum attack-resistant protocol for satellite communication, it cannot resist stolen smart card attack. We have analyzed that how Kumar and Garg is vulnerable to the stolen smart card attack using differential power analysis attack described in He et al and Chen and Chen. We have also analyzed the modified version of signal leakage attack and sometimes called improved signal leakage attack on Kumar and Garg's protocol. We have tried to construct a secure and efficient authentication protocol for satellites communication that is secure against quantum computing. This is more efficient as it requires only three messages of exchange. This paper includes security proof and performance of the proposed authentication and key agreement protocol.     

A new privacy and authentication protocol for end‐to‐end mobile users

In this papecr, we propose a new privacy and authentication scheme for end‐to‐end mobile users. There are three goals in our scheme. The first allows two end‐to‐end mobile users to communicate privately each other. The second allows two end‐to‐end mobile users to distribute a session key simply. The third allows two end‐to‐end mobile users to mutually authenticate. Copyright © 2003 John Wiley & Sons, Ltd.     

Time‐assisted authentication protocol

Authentication is the first step toward establishing a service provider and customer association. In a mobile network environment, a lightweight and secure authentication protocol is one of the most significant factors to enhance the degree of service persistence. This work presents a secure and lightweight keying and authentication protocol suite termed time‐assisted authentication protocol (TAP). The TAP improves the security of protocols with the assistance of time‐based encryption keys and scales down the authentication complexity by issuing a reauthentication ticket. While moving across the network, a mobile customer node sends a reauthentication ticket to establish new sessions with service‐providing nodes. Consequently, this reduces the communication and computational complexity of the authentication process. In the keying protocol suite, a key distributor controls the key generation arguments and time factors, while other participants independently generate a keychain based on key generation arguments. We undertake a rigorous security analysis and prove the security strength of TAP using communicating sequential processes and rank function analysis.     

A scalable and secure RFID mutual authentication protocol using ECC for Internet of Things

Very recently, Alamr et al (J. Supercomput 1‐14 doi: 10.1007/s11227‐016‐1861‐1) presented a radio frequency identifier (RFID) authentication protocol for the Internet of Things (IoT) through elliptic curve cryptography (ECC). They claimed the protocol to achieve several security properties and thwart all known attacks. However, this paper shows that their scheme is having correctness and scalability issues. The reader in their protocol can accommodate only one tag, which is not desirable in the IoT environments. The paper finally suggests an improvement to cater the correctness and scalability issues.     

标准模型下可证明安全的RFID双向认证协议

目前RFID(radio frequency identification)系统安全问题日益突出,为了实现RFID系统信息安全与隐私保护,在标准模型提出了一个基于HB协议的RFID双向安全认证协议。利用规约技术证明协议的安全性,将攻击者的困难规约到伪随机函数与真正随机函数的不可区分性上。协议仅使用轻量级的伪随机发生器以及向量点乘运算,具有较高的安全性和效率。通过从安全性及性能两方面与其他认证协议进行比较,表明协议适用于低成本及存储资源受限的RFID标签。