Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme

Irshad, Azeem; Naqvi, Husnain; Chaudhary, Shehzad Ashraf; Usman, Muhammad; Shafiq, Muhammad; Mir, Omid; Kanwal, Ambrina

doi:10.5755/j01.itc.47.3.17361

Cited by 5 publications

(8 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The security traits and the scrutiny of defending to numerous attacks for different schemes are described in Table 2, in which the proposed protocol is signified as a strong corroborated key-agreement in contrast to former schemes. Table 2 presents the analysis of our schemes with related schemes [20][21][22][23]25]. As per the analysis, we can conclude that our protocol is more secure than [20][21][22][23]25].…”

Section: Performance Analysismentioning

confidence: 72%

“…Table 2 presents the analysis of our schemes with related schemes [20][21][22][23]25]. As per the analysis, we can conclude that our protocol is more secure than [20][21][22][23]25]. All these protocols depend upon hash-based symmetric cryptography and similar in nature.…”

Section: Performance Analysismentioning

confidence: 77%

“…In this section, the robustness of proposed protocol is assessed with respect to other schemes [20][21][22][23]25] based on multi server architecture. The security traits and the scrutiny of defending to numerous attacks for different schemes are described in Table 2, in which the proposed protocol is signified as a strong corroborated key-agreement in contrast to former schemes.…”

Section: Performance Analysismentioning

confidence: 99%

“…Moreover, password change phase becomes more complex due to involvement of RC. Then, Irshad et al [25] proves that the protocol [23] is insecure against smart card stolen attack that helps to reveal the session key and password. The protocol [23] is also vulnerable to trace and spoofing attacks.…”

mentioning

confidence: 99%

See 3 more Smart Citations

An anonymous authenticated key-agreement scheme for multi-server infrastructure

Akram

Ghaffar

Mahmood

et al. 2020

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

Due to single-time registration, the multi-server authentication provides benefit for getting services from different servers through trusted agent. Generally, users feel hesitation for registering themselves individually with all service providers due to the problem of memorizing the multiple passwords. The multi-server authentication allows a quick access to services by real-time customer validation on public channel. Thereafter, hundreds of multi-server authentication protocols have been introduced. However, the more efficient and robust authentication schemes are being explored by the research academia. We introduce an anonymous scheme that resists the major security threats like impersonation attack, insider attack and password modification attacks in viable computing cost. We use random oracle model for formal security analysis of the proposed scheme. The performance analysis shows that the proposed scheme incurs less computation, energy, communication and storage cost as compared to related protocols. This analysis and comparison show that our proposed scheme is quite effective for the purpose of anonymous authentication and key agreement.

show abstract

Section: Performance Analysismentioning

confidence: 72%

Section: Performance Analysismentioning

confidence: 77%

Section: Performance Analysismentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

An anonymous authenticated key-agreement scheme for multi-server infrastructure

Akram

Ghaffar

Mahmood

et al. 2020

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…After mutual authentication, both the communicating parties establish a session key which can be further used to secure communication among them for accessing the services from a remote server by a legal user. Starting from the seminal work designed by Lamport [12] in 1981, several remote user authentication mechanisms have been proposed in the literature [13]- [19]. However, the major of these schemes are inefficient for practical implementations or they are vulnerable to various potential attacks, such as privileged-insider attack, stolen smart card attack, replay and man-in-the-middle attacks, impersonation attacks, and so on.…”

Section: Introductionmentioning

confidence: 99%

On the Security of a Secure and Lightweight Authentication Scheme for Next Generation IoT Infrastructure

et al. 2021

View full text Add to dashboard Cite

In recent years, the Internet of things (IoT) has become an encouraging communication paradigm that has numerous applications including smart city, smart home and intelligent transportation system. The information sensed by several IoT smart devices can be security stored at the (cloud) servers. An external user, being a client, can access the services from a server for the sensing information, provided that a mutual authentication happens among them. Using the established session key among the user and the server, encrypted information with the help of session key can be delivered to the user by the server securely. Recently, Rana et al. proposed a smart-card based remote user authentication scheme using user password. In this comment paper, we carefully analyzed the scheme of Rana et al. and tracked down that their scheme is insecure against serious attacks, including stolen smart card attack, privileged-insider attack, user impersonation attack, password change attack and Ephemeral Secret Leakage (ESL) attack. Furthermore, their scheme does not preserve untraceability feature. To remedy these security pitfalls, we also provide some remedies that can help in building more secure and effective user authentication scheme to apply in securing next generation IoT infrastructure.INDEX TERMS Internet of Things (IoT), cryptanalysis, authentication, key agreement, security.

show abstract

A three-factor mutual authentication scheme for telecare medical information system based on ECC

Manickam,

Devarajan

2024

Cyber Security and Applications

View full text Add to dashboard Cite

Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme

Cited by 5 publications

References 34 publications

An anonymous authenticated key-agreement scheme for multi-server infrastructure

An anonymous authenticated key-agreement scheme for multi-server infrastructure

On the Security of a Secure and Lightweight Authentication Scheme for Next Generation IoT Infrastructure

A three-factor mutual authentication scheme for telecare medical information system based on ECC

Contact Info

Product

Resources

About