Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography

Recently, Voice over Internet Protocol (VoIP) has been one of the more popular applications in Internet technology. For VoIP and other IP applications, issues surrounding Session Initiation Protocol (SIP) have received significant attention. SIP is a widely used signaling protocol and is capable of operating on Internet Telephony, typically using Hyper Text Transport Protocol (HTTP) digest authentication protocol. Authentication is becoming increasingly crucial because it accesses the server when a user asks to use SIP services. In this paper, we concentrate on the security flaws in the current SIP authentication procedure. We propose a secure ECC-based authentication mechanism to conquer many forms of attacks in previous schemes. By a sophisticated analysis of the security of the ECC-based protocol, we show that it is suitable for applications with higher security requirements.     

Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography

Radio frequency identification (RFID) is a wireless technology for automatic identification and data capture. Security and privacy issues in the RFID systems have attracted much attention. Many approaches have been proposed to achieve the security and privacy goals. One of these approaches is RFID authentication protocols by which a server and tags can authorize each other through an intracity process. Recently, Chou proposed a RFID authentication protocol based on elliptic curve cryptography. However, this paper demonstrates that the Chou’s protocol does not satisfy tag privacy, forward privacy and authentication, and server authentication. Based on these security and privacy problems, we also show that Chou’s protocol is defenseless to impersonation attacks, tag cloning attacks and location tracking attacks. Therefore, we propose a more secure and efficient scheme, which does not only cover all the security flaws and weaknesses of related previous protocols, but also provides more functionality. We prove the security of the proposed improved protocol in the random oracle model.     

基于椭圆曲线和智能卡的口令鉴别方案

针对远程用户鉴别方案的口令在时间戳和用户ID上存在的脆弱性,提出了将求解椭圆曲线离散对数的困难性和生物特征的惟一性相结合的口令鉴别方案(ECCSCS).该方案采用指纹和智能卡双重认证技术,提高了系统的安全性,并达到双向认证的效果.     

New robust biometrics-based mutual authentication scheme with key agreement using elliptic curve cryptography

In this work, we demonstrate that Chaudhry et al.’s recent biometrics-based three factor authentication scheme is vulnerable to the denial of service attack, and it also fails to provide perfect forward secrecy because it only uses the lightweight symmetric key primitives to ensure security. To enhance the information security, this article presents a new robust biometrics-based mutual authentication scheme using elliptic curve cryptography for client-server architecture based applications in mobile environment. The proposed scheme supports session key agreement and flawless mutual authentication of participants, which is proved under the BAN logic. Moreover, the proposed scheme provides prefect security attributes and resists all known attacks, and it has perfect performance in communication cost. Thereby, the proposed scheme is more suitable for client-server architecture based applications.     

基于椭圆曲线密码体制的CDMA网络鉴权设计

由于我国并未掌握蜂窝鉴权与话音加密算法（CAVE）的实现,使得CDMA网络并未实现真正的安全。提出了一种基于椭圆曲线的CDMA网络鉴权方案,通过公钥签名机制完成对用户身份的识别和管理。与CAVE算法相比,该方案除具备自主知识产权外,还减轻了鉴权中心的负担。最后通过实验证明这种鉴权方案是完全可行的。     

Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards

In 2002, Chien et al. proposed an efficient remote authentication scheme using smart cards, in which only few hashing operations are required. Later, Ku et al. gave an improved scheme to repair the security pitfalls found in Chien et al.'s scheme. Also Yoon et al. presented an enhancement on Ku et al.'s scheme. In this paper, we show that both Ku et al.'s scheme and Yoon et al.'s scheme are still vulnerable to the guessing attack, forgery attack and denial of service (DoS) attack. In addition, their schemes lack efficiency when users input wrong passwords. To remedy these flaws, this paper proposes an efficient improvement over Ku et al.'s and Yoon et al.'s schemes with more security. The computation cost, security, and efficiency of the improved scheme are embarking for the real application in the resource-limited environment.     

一个基于智能卡的动态认证方案

讨论了2006年袁丁等人设计的简单高效的口令识别方案（SEPA）,指出该方案无法抵御字典攻击、中间人攻击和服务器拒绝服务攻击。提出了一个基于智能卡的动态认证方案,并对其进行了分析,结果表明新方案提供双向认证,安全性高,运算量低,具有安全、友好、方便的口令更新方式,并且服务器不需维护用于认证的验证表。     

An efficient mutual authentication RFID scheme based on elliptic curve cryptography

Radio frequency identification (RFID) tags have been widely deployed in many applications, such as supply chain management, inventory control, and traffic card payment. However, these applications can suffer from security issues or privacy violations when the underlying data-protection techniques are not properly designed. Hence, many secure RFID authentication protocols have been proposed. According to the resource usage of the tags, secure RFID protocols are classified into four types: full-fledged, simple, lightweight, and ultra-lightweight. In general, non-full-fledged protocols are vulnerable to desynchronization, impersonation, and tracking attacks, and they also lack scalability. If the tag resources allow more flexibility, full-fledged protocols seem to be an attractive solution. In this study, we examine full-fledged RFID authentication protocols and discuss their security issues. We then design a novel RFID authentication protocol based on elliptic curve cryptography, to avoid these issues. In addition, we present a detailed security analysis and a comparison with related studies; the results show that our scheme is more resistant to a variety of attacks and that it has the best scalability, while maintaining competitive levels of efficiency.     

A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

     

基于椭圆曲线密码的智能电网通信认证协议

为了确保通信在智能电网中的安全可靠,越来越多的认证协议被应用在通信过程中。针对Mahmood等（MAHMOOD K,CHAUDHRY S A,NAQVI H,et al.An elliptic curve cryptography based lightweight authentication scheme for smart grid communication.Future Generation Computer Systems,2018,81：557-565）提出的认证协议,指出此协议易受到内部特权人员攻击,缺少更换口令阶段,对用户缺少亲和性,无法保证用户有唯一的用户名,并有一个公式的错误。为改进此协议,提出一个基于椭圆曲线的认证协议。首先,增加用户与设备之间的登录阶段,其次,利用椭圆曲线密码学难题进行信息交互,最后补充口令更换阶段。通过BAN逻辑形式化分析,改进协议安全可行,能抵挡住内部人员攻击,并具有口令更换、用户名唯一、对用户有亲和性的特点。     

一个基于椭圆曲线密码的多服务器环境下三因子认证协议

随着多服务器环境应用的增多,为保证通信双方的信息安全,结合口令,智能卡和生物特征的三因子认证协议越来越多。最近,Chaudhry提出了一个基于椭圆曲线密码的三因子认证协议方案,文章分析此方案,指出其无法抵抗拒绝服务攻击,伪装攻击,用户没有唯一标识符,且无法成功更改口令。为解决这些安全缺陷,文章提出了一个改进的方案,更加合理的利用椭圆曲线数学难题,并使用模糊提取器来结合三因子。文章通过BAN逻辑形式化分析,和对已知攻击手段的分析,证明了改进的方案可行且安全。与Chandhry等方案相比,改进的方案更为安全和实用。     

A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography

As a signaling protocol for controlling communication on the internet, establishing, maintaining, and terminating the sessions, the Session Initiation Protocol (SIP) is widely used in the world of multimedia communication. To ensure communication security, many authentication schemes for the SIP have been proposed. However, those schemes cannot ensure user privacy since they cannot provide user anonymity. To overcome weaknesses in those authentication schemes with anonymity for SIP, we propose an authentication scheme with anonymity using elliptic curve cryptograph. By a sophisticated analysis of the security of the proposed protocol, we show that the proposed scheme not only overcomes weaknesses in previous schemes but also is very efficient. Therefore, it is suitable for applications with higher security requirements.     

A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers

The Internet of Things (IoT) is now a buzzword for Internet connectivity which extends to embedded devices, sensors and other objects connected to the Internet. Rapid development of this technology has led to the usage of various embedded devices in our daily life. However, for resource sharing and communication among these devices, there is a requirement for connecting these embedded devices to a large pool of resources like a cloud. The promising applications of IoT in Government and commercial sectors are possible by integrating cloud servers with these embedded devices. But such an integration of technologies involves security issues like data privacy and authentication of devices whenever information is exchanged between them. Recently, Kalra and Sood proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Kalra and Sood scheme is susceptible to offline password guessing and insider attacks and it does not achieve device anonymity, session key agreement, and mutual authentication. Keeping in view of the shortcomings of Kalra and Sood’s scheme, we have proposed an authentication scheme based on ECC for IoT and cloud servers. In the proposed scheme in this paper, we have formally analyzed the security properties of the designed scheme by the most widely accepted and used Automated Validation of Internet Security Protocols and Applications tool. Security and performance analysis show that when compared with other related schemes, the proposed scheme is more powerful, efficient, and secure with respect to various known attacks.     

基于智能卡的远程认证体制

介绍了2006年 Manik 提出的远程认证体制,对其存在安全缺陷进行了详细分析.在此基础上,提出一种改进的远程认证体制.该体制使用用户智能卡生成一个立即数并使用两种杂凑运算,以改进整个认证体制的安全性能和计算性能.与现有的其它远程认证体制相比,提出的远程认证体制还实现了用户和远程服务器之间的双向认证.     

Single round-trip SIP authentication scheme with provable security for Voice over Internet Protocol using smart card

Multimedia Tools and Applications - In recent years, Voice over Internet Protocol (VoIP) has gained more and more popularity as an application of the Internet technology. For various IP...     

一种远程用户身份认证方案的密码分析和改进

通过密码分析学的验证方案证明Yoon等人提出的基于Hwang等其他人所证明的远程用户使用智能卡的方案中存在着多个安全漏洞,仍然是脆弱和不稳定的.同时给出如何改进并避免这些漏洞的方法.     

A pairing-free certificateless digital multisignature scheme using elliptic curve cryptography

In a digital multisignature scheme, two or more signers are allowed to produce a single signature on a common message, which can be verified by anyone. In the literature, many schemes are available based on the public key infrastructure or identity-based cryptosystem with bilinear pairing and map-to-point (MTP) hash function. The bilinear pairing and the MTP function are time-consuming operations and they need a large super-singular elliptic curve group. Moreover, the cryptosystems based on them are difficult to implement and less efficient for practical use. To the best of our knowledge, certificateless digital multisignature scheme without pairing and MTP hash function has not yet been devised and the same objective has been fulfilled in this paper. Furthermore, we formally prove the security of our scheme in the random oracle model under the assumption that ECDLP is hard.     

基于智能卡的远程口令认证方案

提出了一个基于RSA系统和智能卡的远程口令认证系统方案。相对于其他方案,本方案的客户端用户可以自由选择口令,并根据需要自己及时更新口令,服务器端不用保存用户的任何认证信息。方案基于成熟的RSA密码系统和单向安全的hash函数,操作简单,切实可行。     

Cryptanalysis of a mutual authentication scheme based on nonce and smart cards

To prevent the forged login attacks, Liu et al. recently proposed a new mutual authentication scheme using smart cards. However, we demonstrate that the attacker without any secret information can successfully not only impersonate any user to cheat the server but also impersonate the server to cheat any user. That is, Liu et al.’s scheme fails to defend the forged login attack as the previous version. Our cryptanalysis result is important for security engineers, who are responsible for the design and development of smart card-based user authentication systems.