Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps

Kang

Wireless Communications and Mobile Computing

et al. 2021

Cloud computing provides virtualized information technology (IT) resources to ensure the workflow desired by user at any time and location; it allows users to borrow computing resources such as software, storage, and servers, as per their needs without the requirements of complicated network and server configurations. With the generalization of small embedded sensor devices and the commercialization of the Internet of Things (IoT), short- and long-range wireless network technologies are being developed rapidly, and the demand for deployment of cloud computing for IoT is increasing significantly. Cloud computing, together with IoT technology, can be used to collect and analyse large amounts of data generated from sensor devices, and easily manage heterogeneous IoT devices such as software updates, network flow control, and user management. In cloud computing, attacks on users and servers can be a serious threat to user privacy. Thus, various user authentication schemes have been proposed to prevent different types of attacks. In this paper, we discuss the security and functional weakness of the related user authentication schemes used in cloud computing and propose a new elliptic curve cryptography- (ECC-) based three-factor authentication scheme to overcome the security shortcomings of existing authentication schemes. To confirm the security of the proposed scheme, we conducted both formal and informal analyses. Finally, we compared the performance of the proposed scheme with those of related schemes to verify that the proposed scheme can be deployed in the real world.

Section: Performance Analysismentioning

confidence: 99%

Secure Three‐Factor Anonymous User Authentication Scheme for Cloud Computing Environment

Kang

Wireless Communications and Mobile Computing

et al. 2021

“…Zhao et al [43] have suggested a three-factor authentication mechanism based on Chebyshev chaotic maps for remote users and proved that their scheme can resist against all well-defined attacks, including impersonation attacks and offline password guessing attacks. However, Dharminder and Gupta [44] have demonstrated that chaotic maps-based security schemes fail to protect from stolen smart card attacks, identity guessing attacks, password guessing attacks, impersonation attacks, and session key attacks.…”

Section: Literature Reviewmentioning

confidence: 99%

Elliptic Curve Signcryption-Based Mutual Authentication Protocol for Smart Cards

et al. 2020

In the modern computing environment, smart cards are being used extensively, which are intended to authenticate a user with the system or server. Owing to the constrictions of computational resources, smart card-based systems require an effective design and efficient security scheme. In this paper, a smart card authentication protocol based on the concept of elliptic curve signcryption has been proposed and developed, which provides security attributes, including confidentiality of messages, non-repudiation, the integrity of messages, mutual authentication, anonymity, availability, and forward security. Moreover, the analysis of security functionalities shows that the protocol developed and explained in this paper is secure from password guessing attacks, user and server impersonation, replay attacks, de-synchronization attacks, insider attacks, known key attacks, and man-in-the-middle attacks. The results have demonstrated that the proposed smart card security protocol reduces the computational overhead on a smart card by 33.3% and the communication cost of a smart card by 34.5%, in comparison to the existing efficient protocols. It can, thus, be inferred from the results that using elliptic curve signcryption in the authentication mechanism reduces the computational cost and communication overhead by a significant amount.

“…Xu and Wu 46 found that Xie et al's scheme 45 is vulnerable to desynchronization attacks, and proposed an improvement. 35 (A2, A3) 37,38 Choi et al 37 -Park et al 38 (A3, A4) 39 Zhao et al 39 -…”

Section: Single-server Environmentmentioning

confidence: 99%

“…In the same year, Park et al 38 also pointed out that Cao‐Ge scheme 35 is vulnerable to server impersonation and offline identity guessing attacks; they also proposed an improvement. Zhao et al 39 pointed out that Park et al's scheme 38 may suffer offline password guessing attacks, and does not achieve user untraceability and perfect forward secrecy; they proposed a security‐enhanced scheme using the extended Chebyshev chaotic maps. Reddy et al 40 modified two two‐factor–based anonymous MAKA schemes 41,42 to three‐factor–based anonymous MAKA schemes.…”

Section: A Brief Surveymentioning

confidence: 99%

An independent three‐factor mutual authentication and key agreement scheme with privacy preserving for multiserver environment and a survey

Chuang

Lei

2020

Int J Communication

SummaryIn the past decades, the demand for remote mutual authentication and key agreement (MAKA) scheme with privacy preserving grows rapidly with the rise of the right to privacy and the development of wireless networks and Internet of Things (IoT). Numerous remote MAKA schemes are proposed for various purposes, and they have different properties. In this paper, we survey 49 three‐factor–based remote MAKA schemes with privacy preserving from 2013 to 2019. None of them can simultaneously achieve security, suitability for multiserver environments, user anonymity, user untraceability, table free, public key management free, and independent authentication. Therefore, we propose an efficient three‐factor MAKA scheme, which achieves all the properties. We propose a security model of a three‐factor–based MAKA scheme with user anonymity for multiserver environments and formally prove that our scheme is secure under the elliptic curve computational Diffie‐Hellman problem assumption, decisional bilinear Diffie‐Hellman problem assumption, and hash function assumption. We compare the proposed scheme to relevant schemes to show our contribution and also show that our scheme is sufficiently efficient for low‐power portable mobile devices.