The application of machine learning in the security analysis of authentication and key agreement protocol was first launched by Ma et al. in 2018. Although they received remarkable results with an accuracy of 72% for the first time, their analysis is limited to replay attack and key confirmation attack. In addition, their suggested framework is based on a multiclassification problem in which every protocol or dataset instance is either secure or prone to a security attack such as replay attack, key confirmation, or other attacks. In this paper, we show that multiclassification is not an appropriate framework for such analysis, since authentication protocols may suffer different attacks simultaneously. Furthermore, we consider more security properties and attacks to analyze protocols against. These properties include strong authentication and Unknown Key Share (UKS) attack, key freshness, key authentication, and password guessing attack. In addition, we propose a much more efficient dataset construction model using a tenth number of features, which improves the solving speed to a large extent. The results indicate that our proposed model outperforms the previous models by at least 10–20 percent in all of the machine learning solving algorithms such that upper-bound performance reaches an accuracy of over 80% in the analysis of all security properties and attacks. Despite the previous models, the classification accuracy of our proposed dataset construction model rises in a rational manner along with the increase of the dataset size.
With the rapid development of Internet of Things (IoT), designing a secure two-factor authentication scheme for IoT is becoming increasingly demanding. Two-factor protocols are deployed to achieve a higher security level than single-factor protocols. Given the resource constraints of IoT devices, other factors such as biometrics are ruled out as additional authentication factors due to their large overhead. Smart cards are also prone to side-channel attacks. Therefore, historical big data have gained interest recently as a novel authentication factor in IoT. In this paper, we show that existing big data-based schemes fail to achieve their claimed security properties such as perfect forward secrecy (PFS), key compromise impersonation (KCI) resilience, and server compromise impersonation (SCI) resilience. Assuming a real strong attacker rather than a weak one, we show that previous schemes not only fail to provide KCI and SCI but also do not provide real two-factor security and revocability and suffer inside attack. Then, we propose our novel scheme which can indeed provide real two-factor security, PFS, KCI, and inside attack resilience and revocability of the client. Furthermore, our performance analysis shows that our scheme has reduced modular exponentiation operation and multiplication for both the client and the server compared to Liu et al.’s scheme which reduces the execution time by one third for security levels of
λ
=
128
. Moreover, in order to cope with the potential threat of quantum computers, we suggest using lightweight XMSS signature schemes which provide the desired security properties with
λ
=
128
bit postquantum security. Finally, we prove the security of our proposed scheme formally using both the real-or-random model and the ProVerif analysis tool.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.