Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity

Wang, Ding; Wang, Nan; Wang, Ping; Qing, Sihan

doi:10.1016/j.ins.2015.03.070

Cited by 136 publications

(58 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The scheme in [25] is the first one that defines a formal model to capture the feature of user untraceability, and that highlights the damaging threat of de-synchronization attacks on privacy-preserving two-factor authentication schemes. The schemes in [26][27][28][29], and [30] use elliptic curve cryptography (ECC) to generate a shared key with the server.…”

Section: Related Workmentioning

confidence: 99%

An Anonymous Authentication and Key Establish Scheme for Smart Grid: FAuth

et al. 2017

View full text Add to dashboard Cite

Abstract:The smart meters in electricity grids enable fine-grained consumption monitoring. Thus, suppliers could adjust their tariffs. However, as smart meters are deployed within the smart grid field, authentication and key establishment between smart grid parties (smart meters, aggregators, and servers) become an urgency. Besides, as privacy is becoming a big concern for smart meters, smart grid parties are reluctant to leak their real identities during the authentication phase. In this paper, we analyze the recent authentication schemes in smart grids and other applied fields, and propose an anonymous authentication and key establishment scheme between smart grid parties: FAuth. The proposed scheme is based on bilinear maps and the computational Diffie-Hellman problem. We changed the way the smart meter parties registered at Key Generation Center, making the proposed scheme robust against various potential attacks that could be launched by the Key Generation Center, as the scheme could avoid the private key of the smart meter parties from leaking to the Key Generation Center. Besides, the proposed scheme reduced the computational load, both at the smart meter side and at the aggregator side, which make it perfectly suitable for computation-constrained devices. Security proof results show the proposed scheme is secure under the BAN logic and random oracle model.

show abstract

Section: Related Workmentioning

confidence: 99%

An Anonymous Authentication and Key Establish Scheme for Smart Grid: FAuth

et al. 2017

View full text Add to dashboard Cite

show abstract

“…Typically, only when the _ was "camouflaged" by random numbers or other special parameters which only the user and the server can get can the scheme resist Attack II, such as [11,14,55]. So how can we conceal the _ and those sensitive parameters?…”

Section: Solutions To Offline Dictionary Attack Via Verificationmentioning

confidence: 99%

“…In 1991, Chang and Wu [10] also developed a scheme using smart card for storing sensitive information to help the authentication. Since then, smart cards have been applied to user authentication schemes widely, and some notable ones include [11][12][13][14]. Furthermore, these years many schemes used biometrics characteristic as an additional factor to provide the authentication [15][16][17].…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Wang¹,

Xu²

2017

Security and Communication Networks

View full text Add to dashboard Cite

Remote user authentication is the first step to guarantee the security of online services. Online services grow rapidly and numerous remote user authentication schemes were proposed with high capability and efficiency. Recently, there are three new improved remote user authentication schemes which claim to be resistant to various attacks. Unfortunately, according to our analysis, these schemes all fail to achieve some critical security goals. This paper demonstrates that they all suffer from offline dictionary attack or fail to achieve forward secrecy and user anonymity. It is worth mentioning that we divide offline dictionary attacks into two categories: (1) the ones using the verification from smart cards and (2) the ones using the verification from the open channel. The second is more complicated and intractable than the first type. Such distinction benefits the exploration of better design principles. We also discuss some practical solutions to the two kinds of attacks, respectively. Furthermore, we proposed a reference model to deal with the first kind of attack and proved its effectiveness by taking one of our cryptanalysis schemes as an example.

show abstract

“…Recently, this risk has also been revealed in [30,31], who refer to the de-synchronization weakness of the schemes in [37,38], yet no practical solution to manage this type of problem has been discovered. Lastly, the authors in [39] proposed a good scheme that can process this threat while staying efficient and accomplishing provable security. On an ongoing basis, our proposed scheme can support user anonymity based on generating one time keys for each user's login.…”

Section: Comparisonmentioning

confidence: 99%

Strong Authentication Scheme Based on Hand Geometry and Smart Card Factors

2016

View full text Add to dashboard Cite

Abstract:In 2009, Xu et al. presented a safe, dynamic, id-based on remote user authentication method that has several advantages such as freely chosen passwords and mutual authentication. In this paper, we review the Xu-Zhu-Feng scheme and indicate many shortcomings in their scheme. Impersonation attacks and insider attacks could be effective. To overcome these drawbacks, we propose a secure biometric-based remote authentication scheme using biometric characteristics of hand-geometry, which is aimed at withstanding well-known attacks and achieving good performance. Furthermore, our work contains many crucial merits such as mutual authentication, user anonymity, freely chosen passwords, secure password changes, session key agreements, revocation by using personal biometrics, and does not need extra device or software for hand geometry in the login phase. Additionally, our scheme is highly efficient and withstands existing known attacks like password guessing, server impersonation, insider attacks, denial of service (DOS) attacks, replay attacks, and parallel-session attacks. Compared with the other related schemes, our work is powerful both in communications and computation costs.

show abstract

Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity

Cited by 136 publications

References 60 publications

An Anonymous Authentication and Key Establish Scheme for Smart Grid: FAuth

An Anonymous Authentication and Key Establish Scheme for Smart Grid: FAuth

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Strong Authentication Scheme Based on Hand Geometry and Smart Card Factors

Contact Info

Product

Resources

About