Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card

Amin, Ruhul; Biswas, G. P.

doi:10.1007/s13369-015-1743-5

Cited by 26 publications

(13 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…After receiving 5 , AS first decrypts 5 using its private key and according to RSA cryptosystem, AS obtains ⟨ID , , 4 ⟩. Then AS computes = ℎ( ‖ ) and 4 = ℎ(ID ‖ ‖ ‖ ID ) and then checks whether 4 matches with 4 . If such condition is incorrect, AS terminates the connection or else authenticates .…”

Section: Verification Phase This Phase Achieves a Session Key Agreemmentioning

confidence: 99%

“…In this regard, two-factor authentication protocols using smart-card and password are widely used and designing a robust and efficient two-factor authentication protocol is a critical task. The concept of client-server communication over insecure networks has been introduced for single server environment, and many researchers have proposed numerous authentication protocols [1][2][3] using hash function [4][5][6], RSA cryptosystem [7][8][9], elliptic curve [10], chaotic map [11,12], and bilinear pairing [13]. However, these protocols are unsuitable for multiserver communications.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

Amin¹,

Islam²,

Khan³

et al. 2017

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

The concept of two-factor multiserver authentication protocol was developed to avoid multiple number of registrations using multiple smart-cards and passwords. Recently, a variety of two-factor multiserver authentication protocols have been developed. It is observed that the existing RSA-based multiserver authentication protocols are not suitable in terms of computation complexities and security attacks. To provide lower complexities and security resilience against known attacks, this article proposes a twofactor (password and smart-card) user authentication protocol with the RSA cryptosystem for multiserver environments. The comprehensive security discussion proved that the known security attacks are eliminated in our protocol. Besides, our protocol supports session key agreement and mutual authentication between the application server and the user. We analyze the proof of correctness of the mutual authentication and freshness of session key using the BAN logic model. The experimental outcomes obtained through simulation of the Automated Validation of Internet Security Protocols and Applications (AVISPA) S/W show that our protocol is secured. We consider the computation, communication, and storage costs and the comparative explanations show that our protocol is flexible and efficient compared with protocols. In addition, our protocol offers security resilience against known attacks and provides lower computation complexities than existing protocols. Additionally, the protocol offers password change facility to the authorized user.

show abstract

Section: Verification Phase This Phase Achieves a Session Key Agreemmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

Amin¹,

Islam²,

Khan³

et al. 2017

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…Similar to Section 3.1, a user can also register to any of the R S with his/her own information, such as identity, password, and biometric. () To process biometric data, we have used the concept of bio‐hashing technique presented in Jina et al and Lumini and Nanni. …”

Section: Proposed Multi‐server Authentication Porotocolmentioning

confidence: 99%

“…Here, we made some assumptions,() including attacker's capability. An adversary

scriptA

is capable to extract smartcard parameters using the concepts as given in Kocher et al and Messerges et al

scriptA

can fully control the open network.…”

Section: Security Analysismentioning

confidence: 99%

An anonymous and robust multi‐server authentication protocol using multiple registration servers

Amin

Islam

Obaidat

et al. 2017

Int J Communication

Self Cite

View full text Add to dashboard Cite

The concept of multi-server authentication includes multiple numbers of application servers. The registration/control server is the central point in such environment to provide smooth services to a limited number of legitimate users.However, this type of environment is inappropriate to handle unlimited users since the number of users may grow, and thus, the response time may be very high. To eliminate these shortcomings, we have modified the existing multi-server authentication architecture and then designed a new scheme by including multiregistration server technique that can provide a smooth environment to support unlimited number of users. The main aspect of our design is to provide a secure authentication environment for multi-server application using password and smartcard so that the participants can securely communicate with each other. The simulation results are obtained by executing our protocol using AVISPA tool. The results provide concrete evidence about the security safety against active and passive attacks. Furthermore, the justification of correctness of the freshness of the session key negotiation and the mutual authentication between the participants has done been evaluated with the BAN logic model. The comprehensive comparative analysis justifies our argument that our protocol has better applicability in multi-server environments compared to other protocols with similar nature. KEYWORDS AVISPA, BAN logic, multi-server, password, smartcardRecently, the number of online application is increasing exponentially to provide access to different type of resources to the users communicating over an open network like internet. As the security and privacy 1 are main concerns for secure communication, and thus, the services provided by the servers may be affected by the adversaries. This purpose can be fulfilled in traditional way with a 2-factor authentication scheme using password and smartcard. 2,3 The 2-factor authentication is the most common and popular approach, where the verifier-table is not required to authenticate any user. 4 In addition, this kind of authentication is used to provide mutual authentication for achieving the trust between the user and remote server. In designing authentication scheme, several security and functionality issues have to be considered, and many smartcard-based authentication protocols 5-10 have been proposed in the literature for this purpose. It is quite Int J Commun Syst. 2017;30:e3457.wileyonlinelibrary.com/journal/dac

show abstract

“…To prevent illegal access from unauthorized party over insecure communications, authenticated key negotiation scheme is important and necessary . In recent times, the user authentication scheme can be applied in a variety of applications, such as medical systems , wireless sensor networks , single client–server communications , multi‐server communications , distributed cloud computing environments , and three‐party authenticated key exchange (3PAKE) schemes . We notice that many traditional authentication schemes are based on the RSA cryptosystem .…”

Section: Introductionmentioning

confidence: 99%

A more secure and privacy‐aware anonymous user authentication scheme for distributed mobile cloud computing environments

Amin

Islam

Biswas

et al. 2016

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

Now‐a‐days, the low‐power handheld mobile devices make our life more comfortable. With the fast advancement of mobile communication technologies and Internet, mobile users are accessing remote services at home over the Internet. Recently, Tsai and Lo put forwarded a user authentication scheme for distributing mobile cloud environments. Unfortunately, we observed that Tsai and Lo's scheme suffers from user impersonation attack and known session‐specific temporary information attack. Besides, the scheme does not support the wrong password and fingerprint detection in the authentication phase. The scheme also violates the user anonymity property. Moreover, the password update functionality is absent in Tsai and Lo's scheme. In order to provide more securities and functionalities, this article put forwarded an enhanced scheme for distributing mobile cloud environments. The simulation on automated validation of Internet security protocols and applications tool ensures that our scheme is secure against the active and passive attacks. Our cryptanalysis gives surety that the scheme can defend related security attacks. We also compare our scheme with the previous schemes with respect to computation cost and security aspects. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card

Cited by 26 publications

References 48 publications

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

An anonymous and robust multi‐server authentication protocol using multiple registration servers

A more secure and privacy‐aware anonymous user authentication scheme for distributed mobile cloud computing environments

Contact Info

Product

Resources

About