A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity

Amin, Ruhul; Biswas, G. P.

doi:10.1007/s10916-015-0258-7

Cited by 86 publications

(97 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Here, we analyze that our protocol can defy all the relevant security attacks. In this regard, we define some valid assumptions [2,10,20] as follows.…”

Section: Discussion About the Securitymentioning

confidence: 99%

“…Therefore, A intercepts, deletes, modifies, reroutes, and resends the transmitted message. It is worth noting that A cannot intercept any information from the secure network [10].…”

Section: Definitionmentioning

confidence: 99%

“…As mentioned in [7,10], if the insider person A of RC or AS gets 's password PW by some means, she/he can attempt to login different accounts of . Thus, the protection against the insider attack is also an important issue in password-based authentication system.…”

Section: Theorem 10 Our Multiserver Authentication Protocol Can Defymentioning

confidence: 99%

“…In this regard, two-factor authentication protocols using smart-card and password are widely used and designing a robust and efficient two-factor authentication protocol is a critical task. The concept of client-server communication over insecure networks has been introduced for single server environment, and many researchers have proposed numerous authentication protocols [1][2][3] using hash function [4][5][6], RSA cryptosystem [7][8][9], elliptic curve [10], chaotic map [11,12], and bilinear pairing [13]. However, these protocols are unsuitable for multiserver communications.…”

Section: Introductionmentioning

confidence: 99%

“…User anonymity [18,19] is one of the security issues in user authentication protocol, where user's identity should be kept secret from the adversary. There are several application areas such as banking, medical system [7,10], and wireless sensor network [20], where the authorized users want to keep their identity secret from an adversary; that is, the adversary is unable to extract or guess user's original identity from the login and authentication messages. In addition to that, the mutual authentication is another important security aspect, where client and server both can verify each other to avoid man-in-the-middle attack.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

Amin¹,

Islam²,

Khan³

et al. 2017

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

The concept of two-factor multiserver authentication protocol was developed to avoid multiple number of registrations using multiple smart-cards and passwords. Recently, a variety of two-factor multiserver authentication protocols have been developed. It is observed that the existing RSA-based multiserver authentication protocols are not suitable in terms of computation complexities and security attacks. To provide lower complexities and security resilience against known attacks, this article proposes a twofactor (password and smart-card) user authentication protocol with the RSA cryptosystem for multiserver environments. The comprehensive security discussion proved that the known security attacks are eliminated in our protocol. Besides, our protocol supports session key agreement and mutual authentication between the application server and the user. We analyze the proof of correctness of the mutual authentication and freshness of session key using the BAN logic model. The experimental outcomes obtained through simulation of the Automated Validation of Internet Security Protocols and Applications (AVISPA) S/W show that our protocol is secured. We consider the computation, communication, and storage costs and the comparative explanations show that our protocol is flexible and efficient compared with protocols. In addition, our protocol offers security resilience against known attacks and provides lower computation complexities than existing protocols. Additionally, the protocol offers password change facility to the authorized user.

show abstract

“…Here, we analyze that our protocol can defy all the relevant security attacks. In this regard, we define some valid assumptions [2,10,20] as follows.…”

Section: Discussion About the Securitymentioning

confidence: 99%

“…Therefore, A intercepts, deletes, modifies, reroutes, and resends the transmitted message. It is worth noting that A cannot intercept any information from the secure network [10].…”

Section: Definitionmentioning

confidence: 99%

Section: Theorem 10 Our Multiserver Authentication Protocol Can Defymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

Amin¹,

Islam²,

Khan³

et al. 2017

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

A robust ElGamal‐based password‐authentication protocol using smart card for client‐server communication

Maitra

Obaidat

Amin

et al. 2016

Int J Communication

Self Cite

View full text Add to dashboard Cite

Smart card-based client-server authentication protocol is well popular for secure data exchange over insecure and hostile networks. Recently, Lee et al. put forward an authentication protocol by utilizing ElGamal cryptosystem and proved that it can withstand known security threats. This article evinces that the protocol of Lee et al. is unwilling to protect various important security vulnerabilities such as forgery attack and off-line password-guessing attack. To vanquish these loopholes, this article presents a robust authentication protocol for client-server communication over any insecure networks. The security explanation of our protocol has done through the formal and informal mechanism and its outcome makes sure that the designed protocol is strong enough to resist the known vulnerabilities. In addition, we have simulated our protocol using ProVerif online software and its results certify that our protocol is safe against private information of the client and server. This paper also has made performance estimation of the presented protocol and others, and the outcome favors the presented protocol. KEYWORDS authentication, forgery attack, identity, password, smart card 1 Int J Commun Syst. 2017;30:e3242.wileyonlinelibrary.com/journal/dac

show abstract

An anonymous and robust multi‐server authentication protocol using multiple registration servers

Amin

Islam

Obaidat

et al. 2017

Int J Communication

Self Cite

View full text Add to dashboard Cite

The concept of multi-server authentication includes multiple numbers of application servers. The registration/control server is the central point in such environment to provide smooth services to a limited number of legitimate users.However, this type of environment is inappropriate to handle unlimited users since the number of users may grow, and thus, the response time may be very high. To eliminate these shortcomings, we have modified the existing multi-server authentication architecture and then designed a new scheme by including multiregistration server technique that can provide a smooth environment to support unlimited number of users. The main aspect of our design is to provide a secure authentication environment for multi-server application using password and smartcard so that the participants can securely communicate with each other. The simulation results are obtained by executing our protocol using AVISPA tool. The results provide concrete evidence about the security safety against active and passive attacks. Furthermore, the justification of correctness of the freshness of the session key negotiation and the mutual authentication between the participants has done been evaluated with the BAN logic model. The comprehensive comparative analysis justifies our argument that our protocol has better applicability in multi-server environments compared to other protocols with similar nature. KEYWORDS AVISPA, BAN logic, multi-server, password, smartcardRecently, the number of online application is increasing exponentially to provide access to different type of resources to the users communicating over an open network like internet. As the security and privacy 1 are main concerns for secure communication, and thus, the services provided by the servers may be affected by the adversaries. This purpose can be fulfilled in traditional way with a 2-factor authentication scheme using password and smartcard. 2,3 The 2-factor authentication is the most common and popular approach, where the verifier-table is not required to authenticate any user. 4 In addition, this kind of authentication is used to provide mutual authentication for achieving the trust between the user and remote server. In designing authentication scheme, several security and functionality issues have to be considered, and many smartcard-based authentication protocols 5-10 have been proposed in the literature for this purpose. It is quite Int J Commun Syst. 2017;30:e3457.wileyonlinelibrary.com/journal/dac

show abstract

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity

Cited by 86 publications

References 48 publications

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

A robust ElGamal‐based password‐authentication protocol using smart card for client‐server communication

An anonymous and robust multi‐server authentication protocol using multiple registration servers

Contact Info

Product

Resources

About