An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS

Amin, Ruhul; Biswas, Gautam

doi:10.1007/s10916-015-0262-y

Cited by 69 publications

(58 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Let ⟨ ⟩ ← Reveal( 2 = ℎ( ‖ )) (12) if ( == ) then (13) Accept ID , ( ) , , as the correct ID , ( ), , , respectively. (14) return 0 (Success) (15) else (16) return 0 (Failure) (17) else (18) return 0 (Failure) (19) else (20) return 0 (Failure) (21) end if roles. The fundamental types available in the HLPSL are [46] as follows:…”

Section: Simulation Results Using Avispamentioning

confidence: 99%

See 1 more Smart Citation

Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

Moon

Lee

Kim

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

Recently many authentication protocols using an extended chaotic map were suggested for a mobile user. Many researchers demonstrated that authentication protocol needs to provide key agreement, mutual authentication, and user anonymity between mobile user and server and resilience to many possible attacks. In this paper, we cautiously analyzed chaotic-map-based authentication scheme and proved that it is still insecure to off-line identity guessing, user and server impersonation, and on-line identity guessing attacks. To address these vulnerabilities, we proposed an improved protocol based on an extended chaotic map and a fuzzy extractor. We proved the security of the proposed protocol using a random oracle and AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. Furthermore, we present an informal security analysis to make sure that the improved protocol is invulnerable to possible attacks. The proposed protocol is also computationally efficient when compared to other previous protocols.

show abstract

Section: Simulation Results Using Avispamentioning

confidence: 99%

“…To design a secure authentication scheme, some cryptographic algorithms are also used, such as an RSA cryptosystem [14,15], elliptic curve cryptography [16,17], hash function [18,19], and chaos-based cryptography [20][21][22].…”

Section: Introductionmentioning

confidence: 99%

Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

Moon

Lee

Kim

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In the same year, Giri et al [8] proposed a robust authentication protocol using RSA and claimed that it is strongly protected against security vulnerabilities. But, Amin and Biswas [7] highlighted that the protocol in [8] is not secure against several security attacks. Further, they proposed a new protocol to overcome the security weaknesses.…”

Section: Literature Reviewsmentioning

confidence: 99%

“…In this regard, two-factor authentication protocols using smart-card and password are widely used and designing a robust and efficient two-factor authentication protocol is a critical task. The concept of client-server communication over insecure networks has been introduced for single server environment, and many researchers have proposed numerous authentication protocols [1][2][3] using hash function [4][5][6], RSA cryptosystem [7][8][9], elliptic curve [10], chaotic map [11,12], and bilinear pairing [13]. However, these protocols are unsuitable for multiserver communications.…”

Section: Introductionmentioning

confidence: 99%

“…User anonymity [18,19] is one of the security issues in user authentication protocol, where user's identity should be kept secret from the adversary. There are several application areas such as banking, medical system [7,10], and wireless sensor network [20], where the authorized users want to keep their identity secret from an adversary; that is, the adversary is unable to extract or guess user's original identity from the login and authentication messages. In addition to that, the mutual authentication is another important security aspect, where client and server both can verify each other to avoid man-in-the-middle attack.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

Amin¹,

Islam²,

Khan³

et al. 2017

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

The concept of two-factor multiserver authentication protocol was developed to avoid multiple number of registrations using multiple smart-cards and passwords. Recently, a variety of two-factor multiserver authentication protocols have been developed. It is observed that the existing RSA-based multiserver authentication protocols are not suitable in terms of computation complexities and security attacks. To provide lower complexities and security resilience against known attacks, this article proposes a twofactor (password and smart-card) user authentication protocol with the RSA cryptosystem for multiserver environments. The comprehensive security discussion proved that the known security attacks are eliminated in our protocol. Besides, our protocol supports session key agreement and mutual authentication between the application server and the user. We analyze the proof of correctness of the mutual authentication and freshness of session key using the BAN logic model. The experimental outcomes obtained through simulation of the Automated Validation of Internet Security Protocols and Applications (AVISPA) S/W show that our protocol is secured. We consider the computation, communication, and storage costs and the comparative explanations show that our protocol is flexible and efficient compared with protocols. In addition, our protocol offers security resilience against known attacks and provides lower computation complexities than existing protocols. Additionally, the protocol offers password change facility to the authorized user.

show abstract

An anonymous and provably secure authentication scheme for mobile user

Islam

Obaidat

Amin

2016

Int J Communication

Self Cite

View full text Add to dashboard Cite

Summary Chebyshev chaotic map is an important tool used in the domain of cryptography to develop different schemes for numerous applications. In 2014, Lin put forwarded a mobile user authentication system using dynamic identity and chaotic map. Lin declared that the scheme offers mutual authentication and session key agreement between user and server. Moreover, they stated that the scheme offers user anonymity and resilience against known attacks. However, we carefully examined Lin's scheme and found that it is no longer usable for practical applications as (i) it has no facility to identify the wrong password and identity, which are inputted by the user during login and password update phases, (ii) it has no facility to protect user impersonation attack, and (iii) it has the problem of session key forward secrecy. We put forwarded an enhanced scheme based on extended chaotic map to repair the fragilities of Lin's scheme. We formally examined the security of our scheme and demonstrated that it is provably secured in random oracle model. Further, we presented some informal cryptanalysis to make sure that the enhanced scheme is secure from known attacks. Our scheme is also computation efficient against other competitive protocols. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS

Cited by 69 publications

References 45 publications

Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

An anonymous and provably secure authentication scheme for mobile user

Contact Info

Product

Resources

About