A Novel Secure Bilinear Pairing Based Remote User Authentication Scheme with Smart Card

2014

Int J Communication

Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al. proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al. claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al. protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al. protocol by imposing a little extra computation cost.

“…According to step A2 of the proposed scheme, U will be authenticated if Equations (11) and (17) hold. Equation (11) holds if W D W 0 .…”

Section: Proofmentioning

confidence: 99%

An improved password‐based authentication scheme for session initiation protocol using smart cards without verification table

2014

Int J Communication

“…Authenticated key exchange schemes are being widely used in various environments [1][2][3][4][5]. A number of twoparty [6][7][8][9][10][11][12][13][14][15][16][17] and three-party authenticated key agreements [18][19][20][21][22][23][24] are available. Roaming service is provided by ubiquitous networks to permit a mobile node (MN) to use the services extended by his or her home agent (HA) in a foreign agent (FA).…”

Section: Introductionmentioning

confidence: 99%

A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security

Chaudhry

Heydari

et al. 2015

Int J Communication

Ubiquitous networks provide roaming service for mobile nodes enabling them to use the services extended by their home networks in a foreign network. A mutual authentication scheme between the roamed mobile node and the foreign network is needed to be performed through the home network. Various authentication schemes have been developed for such networks, but most of them failed to achieve security in parallel to computational efficiency. Recently, Shin et al. and Wen et al. separately proposed two efficient authentication schemes for roaming service in ubiquitous networks. Both argued their schemes to satisfy all the security requirements for such systems. However, in this paper, we show that Shin et al.'s scheme is susceptible to: (i) user traceability; (ii) user impersonation; (iii) service provider impersonation attacks; and (iv) session key disclosure. Furthermore, we show that Wen et al.'s scheme is also insecure against: (i) session key disclosure; and (ii) known session key attacks. To conquer the security problems, we propose an improved authentication scheme with anonymity for consumer roaming in ubiquitous networks. The proposed scheme not only improved the security but also retained a lower computational cost as compared with existing schemes. We prove the security of proposed scheme in random oracle model. of 20Step 1: MN ! FA: M 1 D ¹M V 1 ; M V 2 ; M V 3 º MN inputs his identity ID MN and password P W MN . MN then computes h.ID M jjh.P W MN // and checks if the result and A MN stored in his mobile device are of 20 4 Mobile node chooses its identity ID MN , password P W MN , and a random number d . Further, MN computes f D h.ID MN kP W MN kd /. Finally, MN sends ID MN and f to the HA by using some secure channel. HA computes K MN D h.ID MN jjx/˚f using secret x. Further, HA pledges a counter ct r MN D 0 for MN and forms a record .ID MN ; ct r MN / in his database. HA then engraves the smart card (SC MN ) with K MN , ct r MN , h.:/, and n. HA issues the smart card (SC MN ) to MN. After obtaining the smart card (SC MN ), MN computes f D h.ID MN˚P W MN˚d / and writes f on SC MN . Finally, the SC MN contains ¹ct r MN ; K MN ; f ; n; d , h.:/º. Login and authentication phaseThe procedure for login and authentication is outlined in Figure 3; the same is illustrated as follows: (1) MN ! FA W M 1 . MN inserts his smart card (SC MN ) in the reader and enters his identity ID MN and password P W MN . SC MN computes f 0 D h.ID MN˚P W MN˚d / and then verifies whether f 0 D f or not. If f 0 ¤ f , the login phase terminates immediately. Otherwise, SC MN computes K MN D K MN˚h .ID MN kP W MN kd /. Then SC MN generates random n MN and computes ct r MN D ct r MN C 1 and V 1 D .ID MN jj K MN jjn MN jjct r MN jjID FA / 2 modn. Finally, MN sends the M 1 D .V 1 ; ct r MN ; ID HA / to FA.Figure 3. Wen et al.'s scheme [38]. Proposition 5 (Secure key establishment)The improved scheme provides secure key establishment. ProofAfter completion of the protocol, the MN, FA, and HA will establish a common session key SK FA D SK MN ...

“…[]. Subsequently, a large number of smart card‐based authentication schemes are proposed [,]. The past research on authentication has ascertained that the development of a correct authentication scheme is exceptionally difficult [] as smart card is a very small device equipped with limited computation, memory, and power resources.…”

Section: Introductionmentioning

confidence: 99%

“…So authentication schemes [] based on symmetric key primitives (hash, message authentication code , exclusive or, symmetric encryption, etc.) look more desirable instead of schemes [] based on expensive asymmetric primitives (point multiplication, exponentiation, pairing, etc. ), but keeping in mind the sensitivity of tasks (e.g., financial and health care) carried out by such schemes, which are also having additional threats as compared with traditional threats, asymmetric cryptography looks more promising which can resist impersonation, password guessing, and replay attacks.…”

Section: Introductionmentioning

confidence: 99%

An enhanced privacy preserving remote user authentication scheme with provable security

Chaudhry

Naqvi

et al. 2015

Security Comm Networks

Very recently, Kumari et al. proposed a symmetric key and smart card‐based remote user password authentication scheme to enhance Chung et al.'s scheme. They claimed their enhanced scheme to provide anonymity while resisting all known attacks. In this paper, we analyze that Kumari et al.'s scheme is still vulnerable to anonymity violation attack as well as smart card stolen attack. Then we propose a supplemented scheme to overcome security weaknesses of Kumari et al.'s scheme. We have analyzed the security of the proposed scheme in random oracle model which confirms the robustness of the scheme against all known attacks. We have also verified the security of our scheme using automated tool ProVerif. Copyright © 2015 John Wiley & Sons, Ltd.