Security analysis and design of an efficient ECC‐based two‐factor password authentication scheme

Maitra, Tanmoy; Obaidat, Mohammad S.; Islam, SK Hafizul; Giri, Debasis; Amin, Ruhul

doi:10.1002/sec.1596

Cited by 38 publications

(47 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This section delineates formal security analysis with the help of a random oracle model (ROM) to prove that an attacker

scriptA

cannot obtain identity I D i , password P W i , biometric B i , and session key S K . The formal security verification procedure is similar to the one in previous works . We first represent the concept of negligible function, collision resistance property, and Reveal oracle in Definitions 1, 2, 3, and 4, respectively, and after this, we prove the theorems.…”

Section: Security Analysis Of the Proposed Protocolmentioning

confidence: 99%

“…In a single‐server environment, a user must register himself to every application server for accessing different types of on‐demand services. Many authentication protocols for single‐server environments have been devised . In a single‐server environment, for accessing different servers, one needs to remember many pairs of different secret pieces of information (e.g., user identity and password), which is the main issue in such environment.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cryptanalysis and improvement of a biometric‐based remote user authentication protocol usable in a multiserver environment

Chandrakar

2017

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Recently, Amin and Biswas have discussed a bilinear pairing–based three‐factor remote user authentication protocol, claiming it to be secured against various attacks. We scrutinize this protocol and find that it is vulnerable to identity guessing attack, password guessing attack, user untraceability attack, user‐server impersonation attack, new smart card issue attack, and privileged insider attack. In this paper, we propose an elliptic curve cryptography and biometric‐based remote user authentication protocol for a multiserver environment by overcoming these drawbacks. We conduct its informal and formal security analysis to show that it resists all known security attacks. The Burrows‐Abadi‐Needham (BAN) logic verifies that our protocol facilitates mutual authentication and session key agreement securely. We simulate it using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to certify that it can be protected from passive and active threats, including replay and man‐in‐the‐middle attacks. Furthermore, the proposed protocol provides more security attributes and better complexity in terms of smart card storage cost, computation cost, estimated time, and communication cost, as compared with the related existing protocols.

show abstract

“…This section delineates formal security analysis with the help of a random oracle model (ROM) to prove that an attacker

scriptA

Section: Security Analysis Of the Proposed Protocolmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Cryptanalysis and improvement of a biometric‐based remote user authentication protocol usable in a multiserver environment

Chandrakar

2017

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…• Strong security resistance: The authentication scheme must have the capabilities to provide the mutual authentication, backward secrecy, and forward secrecy. [5][6][7] Furthermore, it must support the resilience against the various kind of attacks, including man-in-the-middle attack, lost smartcard attack, session key stealing attack, and replay attack.…”

Section: • Low Communication and Computation Complexitymentioning

confidence: 99%

“…Therefore, it is essential that only the H A of M U is allowed to know the I D M during these roaming activities. Low communication and computation complexity: The authentication scheme should consume less bandwidth; in other words, the number of communications and parameters used during the authentication should be less. In addition to that the authentication scheme must maintain reasonable computational cost and low execution time. Strong security resistance: The authentication scheme must have the capabilities to provide the mutual authentication, backward secrecy, and forward secrecy . Furthermore, it must support the resilience against the various kind of attacks, including man‐in‐the‐middle attack, lost smartcard attack, session key stealing attack, and replay attack.…”

Section: Introductionmentioning

confidence: 99%

Anonymous and expeditious mobile user authentication scheme for GLOMONET environments

Gope

Islam

Obaidat

et al. 2017

Int J Communication

Self Cite

View full text Add to dashboard Cite

Summary The Global Mobility Network (GLOMONET) is rapidly becoming important as well as a popular feature in today's high‐performance network. The legal mobile users enjoy life using the ubiquitous services via GLOMONET. However, because of the broadcast nature of the wireless channel, providing user authentication along with the privacy and anonymity of the users in GLOMONET is indeed a challenging task. In this article, we come up with a secure and expeditious mobile communication environment using symmetric key cryptosystem to ensure mobile users' anonymity and privacy against eavesdroppers and backward/forward secrecy of the session key. Our scheme can also protect numerous security threats, like man‐in‐the‐middle attack, known session key attack, lost smartcard attack, and forgery attack. Furthermore, we put forward a new technique named as “friendly foreign agent policy,” where many foreign agents can make different groups among themselves and perform important responsibilities to authenticate a legitimate mobile user without interfering his or her home agent even though the mobile user moves to a new location, covered by a new foreign agent (belongs to the same group). Security and performance analyses show that the proposed scheme is secure and more efficient as compared with other competitive schemes for GLOMONET environments.

show abstract

“…However, Shimizu et al [4] showed that the Lamport's scheme [3] suffers from different attacks. After that so many remote user authentication schemes [5][6][7][8][9][10][11][12][13][14][15][16] have been proposed in this regard which are based on only password. But, the researchers have considered biometric feature [2] with the password to enhance the security label.…”

Section: Literature Surveymentioning

confidence: 99%

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Giri

Maitra

2017

ITM Web Conf.

Self Cite

View full text Add to dashboard Cite

Abstract. Due to rapid growth of online applications, it is needed to provide such a facility by which communicators can get the services by applying the applications in a secure way. As communications are done through an insecure channel like Internet, any adversary can trap and modify the communication messages. Only authentication procedure can overcome the aforementioned problem. Many researchers have proposed so many authentication schemes in this literature. But, this paper has shown that many of them are not usable in real world application scenarios because, the existing schemes cannot resist all the possible attacks. Therefore, this paper has proposed a three factor authentication scheme using hash function and fuzzy extractor. This paper has further analyzed the security of the proposed scheme using random oracle model. The analysis shows that the proposed scheme can resist all the possible attacks. Furthermore, comparison between proposed scheme and related existing schemes shows that the proposed scheme has better trade-off among storage, computational and communication costs.

show abstract

Security analysis and design of an efficient ECC‐based two‐factor password authentication scheme

Cited by 38 publications

References 39 publications

Cryptanalysis and improvement of a biometric‐based remote user authentication protocol usable in a multiserver environment

Cryptanalysis and improvement of a biometric‐based remote user authentication protocol usable in a multiserver environment

Anonymous and expeditious mobile user authentication scheme for GLOMONET environments

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Contact Info

Product

Resources

About