Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update

In the authentication scheme, it is important to ensure that the user's identity changed dynamically with the different sessions, which can protect the user's privacy information from being tracked. Recently, Chang et al. proposed an untraceable dynamic identity‐based remote user authentication scheme with verifiable password update. However, our analysis show that the property of untraceability can easily be broken by the legal user of the system. Besides, we find the scheme of Chang et al. vulnerable to offline password guessing attack, impersonation attack, stolen smart card attack, and insider attack. Copyright © 2013 John Wiley & Sons, Ltd.     

An extended ECC‐based anonymity‐preserving 3‐factor remote authentication scheme usable in TMIS

A telecare medicine information system (TMIS) helps in providing an efficient communication platform to patients from home to consult doctors at a clinical center. In TMIS, the patient's confidentiality, security, and mutual authentication are very crucial; so remote authentication plays a vital role for verifying the legitimacy of patients. Recently, Amin and Biswas have devised a remote authentication protocol for TMIS, claiming it to be secured from various malicious vulnerabilities. We examine this protocol and find that it is not able to withstand many attacks that include off‐line and online password‐guessing, identity‐guessing, user impersonation, privileged insider, and known session key temporary information attacks. We propose a 3‐factor–based authentication protocol for TMIS by overcoming these security shortcomings. We present its security verification in formal and informal ways, which assert its resistivity against various security threats. We use the Burrows‐Abadi‐Needham logic for validating it, and with the Automated Validation of Internet Security Protocols and Applications tool, it is simulated. Further, the performance evaluation and the security functionalities justify high degree of security with efficient complexity.     

Two‐factor authentication scheme using attribute and password

In this study, based on attribute and password, we introduce a new kind of two‐factor authentication protocol that has various applications such as anonymous authentication and privacy protection. Specifically, our proposal is constructed by introducing password authentication into the generic framework of attribute‐based authentication. Consequently, it not only achieves two‐factor authentication, but also enjoys the advantages of attribute authentication and password authentication simultaneously. Furthermore, to formally evaluate the security of the proposed protocol, we present the corresponding security model, within which the detailed security proof of the proposal is given. Copyright © 2014 John Wiley & Sons, Ltd.     

On the security of a dynamic identity‐based remote user authentication scheme with verifiable password update

Recently, Chang et al. [Chang Y, Tai W, Chang H. Untraceable dynamic identity‐based remote user authentication scheme with verifiable password update. International Journal of Communication Systems 2013; doi:10.1002/dac.2552] proposed a dynamic identity‐based remote user authentication scheme with verifiable password update. They also proved that their scheme could withstand various attacks. Unfortunately, by proposing concrete attacks, we show that their scheme is vulnerable to three kinds of attacks. We also point out that their scheme cannot provide untraceability. The analysis shows that the scheme of Chang et al. is not suitable for practical applications. Copyright © 2013 John Wiley & Sons, Ltd.     

Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.     

LPPA: Lightweight privacy‐preservation access authentication scheme for massive devices in fifth Generation (5G) cellular networks

Because of the requirements of stringent latency, high‐connection density, and massive devices concurrent connection, the design of the security and efficient access authentication for massive devices is the key point to guarantee the application security under the future fifth Generation (5G) systems. The current access authentication mechanism proposed by 3rd Generation Partnership Project (3GPP) requires each device to execute the full access authentication process, which can not only incur a lot of protocol attacks but also result in signaling congestion on key nodes in 5G core networks when sea of devices concurrently request to access into the networks. In this paper, we design an efficient and secure privacy‐preservation access authentication scheme for massive devices in 5G wireless networks based on aggregation message authentication code (AMAC) technique. Our proposed scheme can accomplish the access authentication between massive devices and the network at the same time negotiate a distinct secret key between each device and the network. In addition, our proposed scheme can withstand a lot of protocol attacks including interior forgery attacks and DoS attacks and achieve identity privacy protection and group member update without sacrificing the efficiency. The Burrows Abadi Needham (BAN) logic and the formal verification tool: Automated Validation of Internet Security Protocols and Applications (AVISPA) and Security Protocol ANimator for AVISPA (SPAN) are employed to demonstrate the security of our proposed scheme.     

A simplified deniable authentication scheme in cloud‐based pay‐TV system with privacy protection

Cloud computing is a milestones for computing model, which enables on‐demand, flexible, and low‐cost usage of computing resources, especially for cloud storage. Nowadays, the services of cloud‐based pay‐TV systems are emerging endlessly. But these pay‐TV systems' privacy is not given enough attention. The users not only care about their information revealed during transmission processes but are also concerned about whether the video contents that they have seen were recorded by the pay‐TV systems or not. In this work, I propose a novel deniable authentication protocol in a cloud‐based pay‐TV system, named DAP‐TV, aiming to achieve mutual authentication, deniability, and privacy protection in cloud‐based pay‐TV systems. The unique feature of our scheme is deniability which means a pay‐TV system to identify a user is a legal user, but the pay‐TV system cannot prove video contents that the user has seen to any third party over an unsecured network. In additon, our scheme is based on chaotic maps, which is a highly efficient cryptosystem and is firstly used to construct a deniable authentication scheme in pay‐TV systems. Finally, we give the formal security proof and efficiency comparison with recently related works.     

MDPA: multidimensional privacy‐preserving aggregation scheme for wireless sensor networks

In this paper, we propose a novel multidimensional privacy‐preserving data aggregation scheme for improving security and saving energy consumption in wireless sensor networks (WSNs). The proposed scheme integrates the super‐increasing sequence and perturbation techniques into compressed data aggregation, and has the ability to combine more than one aggregated data into one. Compared with the traditional data aggregation schemes, the proposed scheme not only enhances the privacy preservation in data aggregation, but also is more efficient in terms of energy costs due to its unique multidimensional aggregation. Extensive analyses and experiments are given to demonstrate its energy efficiency and practicability. Copyright © 2009 John Wiley & Sons, Ltd.     

Secure‐aware and privacy‐preserving electronic health record searching in cloud environment

Cloud storage has become a trend of storage in modern age. The cloud‐based electronic health record (EHR) system has brought great convenience for health care. When a user visits a doctor for a treatment, the doctor may be necessary to access the history health records generated at other medical institutions. Thus, we present a secure EHR searching scheme based on conjunctive keyword search with proxy re‐encryption to realize data sharing between different medical institutions. Firstly, we propose a framework for health data sharing among multiple medical institutions based on cloud storage. We explore the public key encryption with conjunctive keyword search to encrypt the original data and store it in the cloud. It ensures data security with searchability. Furthermore, we adopt the identity‐based access control mechanism and proxy re‐encryption scheme to guarantee the legitimacy of access and the privacy of the original data. Generally speaking, our work can achieve authentication, keyword privacy, and privacy preservation. Moreover, the performance evaluation shows that the scheme can achieve high computational efficiency.     

High energy‐efficient and privacy‐preserving secure data aggregation for wireless sensor networks

An efficient data process technology is needed for wireless sensor networks composed of many sensors with constrained communication, computational, and memory resources. Data aggregation is presented as an efficient and significant method to reduce transmitted data and prolong lifetime for wireless sensor networks. Meanwhile, many applications require preserving privacy for secure data aggregation. In this paper, we propose a high energy‐efficient and privacy‐preserving scheme for secure data aggregation. Because of the importance of communication overhead and accuracy, our scheme achieves less communication overhead and higher data accuracy besides providing for privacy preservation. For extensive simulations, we evaluate and conclude the performance of our high energy‐efficient and privacy‐preserving scheme. The conclusion shows that the high energy‐efficient and privacy‐preserving scheme provides better privacy preservation and is more efficient than existing schemes. Copyright © 2012 John Wiley & Sons, Ltd.     

An anonymous and provably secure authentication scheme for mobile user

Chebyshev chaotic map is an important tool used in the domain of cryptography to develop different schemes for numerous applications. In 2014, Lin put forwarded a mobile user authentication system using dynamic identity and chaotic map. Lin declared that the scheme offers mutual authentication and session key agreement between user and server. Moreover, they stated that the scheme offers user anonymity and resilience against known attacks. However, we carefully examined Lin's scheme and found that it is no longer usable for practical applications as (i) it has no facility to identify the wrong password and identity, which are inputted by the user during login and password update phases, (ii) it has no facility to protect user impersonation attack, and (iii) it has the problem of session key forward secrecy. We put forwarded an enhanced scheme based on extended chaotic map to repair the fragilities of Lin's scheme. We formally examined the security of our scheme and demonstrated that it is provably secured in random oracle model. Further, we presented some informal cryptanalysis to make sure that the enhanced scheme is secure from known attacks. Our scheme is also computation efficient against other competitive protocols. Copyright © 2016 John Wiley & Sons, Ltd.     

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

With the broad implementations of the electronic business and government applications,robust system security and strong privacy protection have become essential requirements for remote user authentication schemes.Recently,Chen et al.pointed out that Wang et al.’s scheme is vulnerable to the user impersonation attack and parallel session attack,and proposed an enhanced version to overcome the identified security flaws.In this paper,however,we show that Chen et al.’s scheme still cannot achieve the claimed security goals and report its following problems:(1) It suffers from the offline password guessing attack,key compromise impersonation attack and known key attack;(2) It fails to provide forward secrecy;(3) It is not easily repairable.As our main contribution,a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects,while preserving the merits of different related schemes.The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.     

GSM系统认证算法的设计与安全性分析

本文按照GSM系统认证算法的标准而构造的杂凑函数符合平衡性、高非线性度及严格雪崩特性的设计准则从而能有效地抵抗线性攻击和差分攻击。针对HansDobbertin对MD4 的有效攻击 ,我们提出右移位数不确定性的设计准则     

An independent three‐factor mutual authentication and key agreement scheme with privacy preserving for multiserver environment and a survey

In the past decades, the demand for remote mutual authentication and key agreement (MAKA) scheme with privacy preserving grows rapidly with the rise of the right to privacy and the development of wireless networks and Internet of Things (IoT). Numerous remote MAKA schemes are proposed for various purposes, and they have different properties. In this paper, we survey 49 three‐factor–based remote MAKA schemes with privacy preserving from 2013 to 2019. None of them can simultaneously achieve security, suitability for multiserver environments, user anonymity, user untraceability, table free, public key management free, and independent authentication. Therefore, we propose an efficient three‐factor MAKA scheme, which achieves all the properties. We propose a security model of a three‐factor–based MAKA scheme with user anonymity for multiserver environments and formally prove that our scheme is secure under the elliptic curve computational Diffie‐Hellman problem assumption, decisional bilinear Diffie‐Hellman problem assumption, and hash function assumption. We compare the proposed scheme to relevant schemes to show our contribution and also show that our scheme is sufficiently efficient for low‐power portable mobile devices.     

An efficient and secure 3‐factor user‐authentication protocol for multiserver environment

In the last decade, the number of web‐based applications is increasing rapidly, which leads to high demand for user authentication protocol for multiserver environment. Many user‐authentication protocols have been proposed for different applications. Unfortunately, most of them either have some security weaknesses or suffer from unsatisfactory performance. Recently, Ali and Pal proposed a three‐factor user‐authentication protocol for multiserver environment. They claimed that their protocol can provide mutual authentication and is secure against many kinds of attacks. However, we find that Ali and Pal's protocol cannot provide user anonymity and is vulnerable to 4 kinds of attacks. To enhance security, we propose a new user‐authentication protocol for multiserver environment. Then, we provide a formal security analysis and a security discussion, which indicate our protocol is provably secure and can withstand various attacks. Besides, we present a performance analysis to show that our protocol is efficient and practical for real industrial environment.     

A hidden mutual authentication protocol for low‐cost RFID tags

Radio‐frequency identification (RFID) technology enables the identification and tracking of objects by means of the wireless signals emitted by a tag attached to the objects of interest. Without adequate protection, however, malicious attackers can easily eavesdrop, scan or forge the information within the tag, thereby threatening the integrity of the system. Previous research has shown that the basic security requirements of RFID systems, i.e. identity authentication, information privacy and location privacy, can be satisfied using conventional cryptographic components. However, such components are expensive, and therefore conflict with the general requirement for low‐cost tag designs. Accordingly, this paper presents a low‐cost challenge‐response security protocol designated as the hidden mutual authentication protocol (HMAP) to accomplish both a mutual authentication capability between the tag and the reader and information privacy. The results show that HMAP provides an efficient means of concealing the authentication messages exchanged between the tag and the reader and is robust toward replay attacks. In addition, it is shown that HMAP is easily extended to provide complete location privacy by utilizing a hash function to generate different tag identifiers in each authentication session. Copyright © 2011 John Wiley & Sons, Ltd.     

Enhancement authentication protocol using zero‐knowledge proofs and chaotic maps

Application of authentication protocol and key exchange scheme are major research issues in current internet, and entity identification (users or servers) accuracy and security are thereby safeguarded by various types of verification programs. Therefore, in the last 10 years, it was accompanied with productive discussions, but those discussions mainly focus on single issues, and because of the lack of security, there still existed improvements. The concept of zero‐knowledge proofs is well suited for the identification and signing within network system, which has been widely used since proposed in 1985. However, common identification methods are only fit for individual user. In an increasingly complex network environment of today, information is usually conveyed through many unidentified servers, as a result, we have to encrypt messages by adopting different kinds of session keys. As for the chaotic maps technology, it also serves as a new encryption technology, widely adopted in communication protocols and key agreements over the years. As a consequence, in this study, we are going to propose an authentication protocol with key exchange function by taking advantage of characters of zero‐knowledge proofs and chaotic maps, as well as adopt the BAN‐logic to prove the security of this protocol. This study also compares the results of the security analysis of our protocol and related works. As a result, our proposed protocol has more security than others. Copyright © 2015 John Wiley & Sons, Ltd.     

A new privacy and authentication protocol for end‐to‐end mobile users

In this papecr, we propose a new privacy and authentication scheme for end‐to‐end mobile users. There are three goals in our scheme. The first allows two end‐to‐end mobile users to communicate privately each other. The second allows two end‐to‐end mobile users to distribute a session key simply. The third allows two end‐to‐end mobile users to mutually authenticate. Copyright © 2003 John Wiley & Sons, Ltd.     

Privacy‐preserving authentication scheme for on‐road on‐demand refilling of pseudonym in VANET

Privacy in Vehicular Ad Hoc Networks (VANET) is fundamental because the user's safety may be threatened by the identity and the real‐time spatiotemporal data exchanged on the network. This issue is commonly addressed by the use of certified temporal pseudonyms and their updating strategies to ensure the user's unlinkability and anonymity. IEEE 1609.2 Standard specified the process of certifying pseudonym along with certificates structure. However, the communication procedure between the certifying authority and the requesting vehicle was not defined. In this paper, a new privacy‐preserving solution for pseudonym on‐road on‐demand refilling is proposed where the vehicle anonymously authenticates itself to the regional authority subsidiary of the central trusted authority to request a new pseudonyms pool. The authentication method has two phases, the first one uses anonymous tickets, and the second one is a challenge‐based authentication. The anonymous tickets are certificates that do not include the identity of the user. Instead, it contains a reference number and the certifying authority signature. The challenge authentication is identity‐less to preserve the privacy, yet it is used to prevent the misuse of tickets and the impersonation of its owner. Our proposed scheme is analyzed by the use of Burrows, Abadi and Needham (BAN) logic to demonstrate its correctness. It is also specified and checked by using the Security Protocol ANimator (SPAN) and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tools. The logical demonstration proved that this privacy‐preserving authentication is assured. The SPAN and AVISPA tools illustrated that it is resilient to security attacks.