Cryptanalysis and Improvement of an Enhanced Two-Factor User Authentication Scheme in Wireless Sensor Networks

Wei, Fushan; Ma, Jianfeng; Jiang, Qi; Shen, Jian; Ma, Chuan-gui

doi:10.5755/j01.itc.45.1.11949

Cited by 9 publications

(4 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A fuzzy extractor extracts a string σ from its biometric input Bio i in an error-tolerant way. This method was used in order to avoid the problem of bio-hash [30] and utilization of noisy biometrics. The fuzzy extractor method involves the following two operations:…”

Section: Fuzzy Extractormentioning

confidence: 99%

See 1 more Smart Citation

Revisit of Password-Authenticated Key Exchange Protocol for Healthcare Support Wireless Communication

et al. 2020

View full text Add to dashboard Cite

Wireless communication is essential for the infrastructure of a healthcare system. This bidirectional communication is used for data collection and to control message delivery. Wireless communication is applied in industries as well as in our daily lives, e.g., smart cities; however, highly reliable communication may be more difficult in environments with low power consumption, many interferences, or IoT wireless network issues due to resource limitations. In order to solve these problems, we investigated the existing three-party password-authenticated key exchange (3PAKE) and developed an enhanced protocol. Currently, Lu et al. presented a 3PAKE protocol to improve the security flaws found in Farash and Attari’s protocol. This work revisits the protocol proposed by Lu et al. and demonstrates that, in addition to other security weaknesses, the protocol does not provide user anonymity which is an important issue for healthcare environment, and is not secure against insider attacks that may cause impersonation attacks. We propose a secure biometric-based efficient password-authenticated key exchange (SBAKE) protocol in order to remove the incidences of these threats, and present an analysis regarding the security and efficiency of the SBAKE protocol for practical deployment.

show abstract

Section: Fuzzy Extractormentioning

confidence: 99%

“…A practical implementation is a fuzzy extractor for biometric key extraction. Fuzzy extractors have the advantage of protecting the biometric template by rendering its storage useless [30,31]. Their performance in terms of key entropy and key stability is consistently improved.…”

Section: Introductionmentioning

confidence: 99%

Revisit of Password-Authenticated Key Exchange Protocol for Healthcare Support Wireless Communication

et al. 2020

View full text Add to dashboard Cite

show abstract

“…[26][27][28][29] We note that such an attack model has been widely approved and used in the design and analysis of multifactor authentication schemes. 3,18,[30][31][32][33][34] Specifically, the attack model is specified by allowing an adversary  to perform the following operations:…”

Section: Attack Modelmentioning

confidence: 99%

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

Wei

Liu

Hu³

2018

Int J Communication

View full text Add to dashboard Cite

The telecare medicine information system (TMIS) enables patients from different regions to remotely share the same telecare services, which significantly enhances the quality and effectiveness of medical treatment. On the other hand, patients' electronic health records usually involve their privacy information, they thus hesitate to directly transmit these information in TMIS over the public network due to the threat of privacy disclosure. The authenticated key agreement, as a core building of securing communications over the public network, is considered to be necessary for strengthening the security of TMIS. Recently, we note Zhang et al introduced a 3-factor authenticated key agreement scheme for TMIS and asserted that the proposed scheme can resist various well-known attacks. Unfortunately, in this paper, we point out that the scheme of Zhang et al cannot achieve the claimed security guarantees. Specifically, their scheme is vulnerable to offline password/identity guessing attack and user/server impersonation attack. To conquer the above security pitfalls, we put forward a new 3-factor authenticated key agreement scheme with privacy preservation for TMIS. The security evaluation and performance discussion indicate that our scheme can be free from those well-known and classical attacks including offline guessing attack and impersonation attack, without increasing additional computation cost when compared with related works. Consequently, the new authentication scheme would be more desirable for securing communications in TMIS. KEYWORDSchaotic maps, cryptanalysis, multifactor authentication, privacy preservation, telecare medicine information system Int J Commun Syst. 2018;31:e3767. wileyonlinelibrary.com/journal/dac How to cite this article: Wei J, Liu W, Hu X. On the security and improvement of privacy-preserving 3-factor authentication scheme for TMIS. Int J Commun Syst. 2018;31:e3767. https://doi.

show abstract

“…As a basic defense strategy for numerous network services, the authentication protocol is aimed at solving these security issues. It has been used in various areas, such as e-banking, ehealth, wireless sensor networks, and internet of things [1][2][3]. Authentication protocol generally provides three useful functionalities, that is, mutual authentication, user anonymity, and session key agreement.…”

Section: Introductionmentioning

confidence: 99%

A Secure and Efficient ECC-Based Anonymous Authentication Protocol

Wang

2019

Security and Communication Networks

View full text Add to dashboard Cite

Nowadays, remote user authentication protocol plays a great role in ensuring the security of data transmission and protecting the privacy of users for various network services. In this study, we discover two recently introduced anonymous authentication schemes are not as secure as they claimed, by demonstrating they suffer from offline password guessing attack, desynchronization attack, session key disclosure attack, failure to achieve user anonymity, or forward secrecy. Besides, we reveal two environment-specific authentication schemes have weaknesses like impersonation attack. To eliminate the security vulnerabilities of existing schemes, we propose an improved authentication scheme based on elliptic curve cryptosystem. We use BAN logic and heuristic analysis to prove our scheme provides perfect security attributes and is resistant to known attacks. In addition, the security and performance comparison show that our scheme is superior with better security and low computation and communication cost.

show abstract

Cryptanalysis and Improvement of an Enhanced Two-Factor User Authentication Scheme in Wireless Sensor Networks

Cited by 9 publications

References 18 publications

Revisit of Password-Authenticated Key Exchange Protocol for Healthcare Support Wireless Communication

Revisit of Password-Authenticated Key Exchange Protocol for Healthcare Support Wireless Communication

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

A Secure and Efficient ECC-Based Anonymous Authentication Protocol

Contact Info

Product

Resources

About