Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography

Farash, Mohammad Sabzinejad; Kumari, Saru; Bakhtiari, Majid

doi:10.1007/s11042-015-2487-7

Cited by 32 publications

(12 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An attacker is supposed to be having following capabilities An attacker may steal the smart card contents by power analysis and reverse engineering procedures. An adversary may intercept, eavesdrop, modify, and replay messages over a public channel. An adversary might be an insider, ie, legitimate user or a server having malicious intentions. An adversary might guess a low entropy password and identity of a user. …”

Section: Preliminariesmentioning

confidence: 99%

An improved lightweight multiserver authentication scheme

Irshad

Chaudhry

Kumari

et al. 2017

Int J Communication

Self Cite

View full text Add to dashboard Cite

Summary Multiserver authentication complies with the up‐to‐date requirements of Internet services and latest applications. The multiserver architecture enables the expedient authentication of subscribers on an insecure channel for the delivery of services. The users rely on a single registration of a trusted third party for the procurement of services from various servers. Recently, Chen and Lee, Moon et al, and Wang et al presented multiserver key agreement schemes that are found to be vulnerable to many attacks according to our analysis. The Chen and Lee scheme was found susceptible to impersonation attack, trace attack, stolen smart card attack exposing session key, key‐compromise impersonation attack, and inefficient password modification. The Moon et al is susceptible to stolen card attack leading to further attacks, ie, identity guessing, key‐compromise impersonation attack, user impersonation attack, and session keys disclosure, while Wang et al is also found to be prone to trace attack, session‐specific temporary information attack, key‐compromise information attack, and privileged insider attack leading to session key disclosure and user impersonation attacks. We propose an improved protocol countering the indicated weaknesses of these schemes in an equivalent cost. Our scheme demonstrates automated and security analysis on the basis of Burrows‐Abadi‐Needham logic and also presents the performance evaluation for related schemes.

show abstract

Section: Preliminariesmentioning

confidence: 99%

An improved lightweight multiserver authentication scheme

Irshad

Chaudhry

Kumari

et al. 2017

Int J Communication

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, an adversary can obtain Tk(IDA) by stealing A's smart card. Although the smart card may come with a tamper-resistant property, sensitive contents stored in the card can be still extracted by some side channel attacks [16,17,18,19,20]. In both cases, an adversary has an opportunity to obtain the Tk(IDX) for any user X.…”

Section: The Secrecy Of Tk(ida)mentioning

confidence: 99%

On the Security of a Three-Party-Authenticated Key Agreement Scheme based on Chaotic Maps

Chen¹,

Xu²,

Wu³

et al. 2017

dtcse

View full text Add to dashboard Cite

show abstract

“…The ECC security has been proved to be more efficient cryptographic scheme as compared to earlier conventional techniques like RSA, DH and DSA [12][13][14][15][16][17][18][19][20][21]. This technique provides an equivalent level of security with much less key sizes.…”

Section: Elliptic Curve Cryptographymentioning

confidence: 99%

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Chaudhry

Farash

Naqvi

et al. 2015

Electron Commer Res

Self Cite

View full text Add to dashboard Cite

The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient. Contrarily, there are a number of security issues to be addressed, user anonymity and fair exchange have become important concerns along with authentication, confidentiality, integrity and non-repudiation. In a number of existing e-payment schemes, the customer pays for the product before acquiring it. Furthermore, many such schemes require very high computation and communication costs. To address such issues recently Yang et al. proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption. They excluded the need of digital signatures for authentication. Further they claimed their schemes to resist replay, man-in-middle, impersonation and identity theft attack while providing confidentiality, authenticity, integrity and privacy protection. However our analysis exposed that Yang et al.'s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An adversary just having knowledge of public parameters can easily masquerade as a legal user. Furthermore, we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.'s schemes. We prove the security of our schemes using automated tool ProVerif. The & Mohammad Sabzinejad Farash improved schemes are more robust and more lightweight than Yang et al.'s schemes which is evident from security and performance analysis.

show abstract

Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography

Cited by 32 publications

References 37 publications

An improved lightweight multiserver authentication scheme

An improved lightweight multiserver authentication scheme

On the Security of a Three-Party-Authenticated Key Agreement Scheme based on Chaotic Maps

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Contact Info

Product

Resources

About