Lightweight and provably secure user authentication with anonymity for the global mobility network

Seamless roaming in the global mobility network (GLOMONET) is highly desirable for mobile users, although their proper authentication is challenging. This is because not only are wireless networks susceptible to attacks, but also mobile terminals have limited computational power. Recently, some authentication schemes with anonymity for the GLOMONET have been proposed. This paper shows some security weaknesses in those schemes. Furthermore, a lightweight and provably secure user authentication scheme with anonymity for the GLOMONET is proposed. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, user friendly, no password/verifier table, and use of one‐time session key between mobile user and foreign agent. The security properties of the proposed protocol are formally validated by a model checking tool called AVISPA. Furthermore, as one of the new features in our protocol, it can defend smart card security breaches. Copyright © 2010 John Wiley & Sons, Ltd.     

A Secure and Effective Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks

Recently, Mun et al. analyzed Wu et al.’s authentication scheme and proposed an enhanced anonymous authentication scheme for roaming service in global mobility networks. However, through careful analysis, we find that Mun et al.’s scheme is vulnerable to impersonation attacks and insider attacks, and cannot provide user friendliness, user’s anonymity, proper mutual authentication and local verification. To remedy these weaknesses, we propose a novel anonymous authentication scheme for roaming service in global mobility networks. Compared with previous related works, our scheme has many advantages. Firstly, the secure authenticity of the scheme is formally validated by an useful formal model called BAN logic. Secondly, the scheme enjoys many important security attributes including prevention of various attacks, user anonymity, no verification table, local password verification and so on. Thirdly, the scheme does not use timestamp, thus it avoids the clock synchronization problem. Further, the scheme contains the authentication and establishment of session key scheme when mobile user is located in his/her home network, therefore it is more practical and universal for global mobility networks. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited mobile devices and thus availability for real implementation.     

Anonymous and expeditious mobile user authentication scheme for GLOMONET environments

The Global Mobility Network (GLOMONET) is rapidly becoming important as well as a popular feature in today's high‐performance network. The legal mobile users enjoy life using the ubiquitous services via GLOMONET. However, because of the broadcast nature of the wireless channel, providing user authentication along with the privacy and anonymity of the users in GLOMONET is indeed a challenging task. In this article, we come up with a secure and expeditious mobile communication environment using symmetric key cryptosystem to ensure mobile users' anonymity and privacy against eavesdroppers and backward/forward secrecy of the session key. Our scheme can also protect numerous security threats, like man‐in‐the‐middle attack, known session key attack, lost smartcard attack, and forgery attack. Furthermore, we put forward a new technique named as “friendly foreign agent policy,” where many foreign agents can make different groups among themselves and perform important responsibilities to authenticate a legitimate mobile user without interfering his or her home agent even though the mobile user moves to a new location, covered by a new foreign agent (belongs to the same group). Security and performance analyses show that the proposed scheme is secure and more efficient as compared with other competitive schemes for GLOMONET environments.     

An efficient and secure 3‐factor user‐authentication protocol for multiserver environment

In the last decade, the number of web‐based applications is increasing rapidly, which leads to high demand for user authentication protocol for multiserver environment. Many user‐authentication protocols have been proposed for different applications. Unfortunately, most of them either have some security weaknesses or suffer from unsatisfactory performance. Recently, Ali and Pal proposed a three‐factor user‐authentication protocol for multiserver environment. They claimed that their protocol can provide mutual authentication and is secure against many kinds of attacks. However, we find that Ali and Pal's protocol cannot provide user anonymity and is vulnerable to 4 kinds of attacks. To enhance security, we propose a new user‐authentication protocol for multiserver environment. Then, we provide a formal security analysis and a security discussion, which indicate our protocol is provably secure and can withstand various attacks. Besides, we present a performance analysis to show that our protocol is efficient and practical for real industrial environment.     

Chaotic Map Based Mobile Dynamic ID Authenticated Key Agreement Scheme

When it comes to key agreement protocol, mutual authentication is regarded as a crucial security requirement. Yet, conventional authenticated key agreement using static ID cannot provide user anonymity if the communication content is compromised. A dynamic ID authentication scheme is a better alternative for maintaining user’s privacy. Based on the Chebyshev chaotic map, the author proposes a mobile dynamic ID authenticated key agreement scheme which allows mobile users to gain resources of remote servers. By optimizing the server computation, our scheme aims at increasing the concurrent process capacity of remote servers. We also demonstrate that the proposed scheme is secure against existential active attacks and outperforms related works.     

A lightweight anonymous two‐factor authentication protocol for wireless sensor networks in Internet of Vehicles

Internet of Vehicles (IoV), as the next generation of transportation systems, tries to make highway and public transportation more secure than used to be. In this system, users use public channels for their communication so they can be the victims of passive or active attacks. Therefore, a secure authentication protocol is essential for IoV; consequently, many protocols are presented to provide secure authentication for IoV. In 2018, Yu et al proposed a secure authentication protocol for WSNs in vehicular communications and claimed that their protocol could satisfy all crucial security features of a secure authentication protocol. Unfortunately, we found that their protocol is susceptible to sensor capture attack, user traceability attack, user impersonation attack, and offline sink node's secret key guessing attack. In this paper, we propose a new authentication protocol for IoV which can solve the weaknesses of Yu et al's protocol. Our protocol not only provides anonymous user registration phase and revocation smart card phase but also uses the biometric template in place of the password. We use both Burrow‐Abadi‐Needham (BAN) logic and real‐or‐random (ROR) model to present the formal analysis of our protocol. Finally, we compare our protocol with other existing related protocols in terms of security features and computation overhead. The results prove that our protocol can provide more security features and it is usable for IoV system.     

Security Enhanced Anonymous User Authenticated Key Agreement Scheme Using Smart Card

Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes.     

Secure Remote User Mutual Authentication Scheme with Key Agreement for Cloud Environment

Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks. Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally, we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.

     

Lightweight authentication protocol for e-health clouds in IoT-based applications through 5G technology

Modern information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities. In this context, the emergence of e-Health clouds offers novel opportunities, like easy and remote accessibility of medical data. However, this achievement produces plenty of new risks and challenges like how to provide integrity, security, and confidentiality to the highly susceptible e-Health data. Among these challenges, authentication is a major issue that ensures that the susceptible medical data in clouds is not available to illegal participants. The smart card, password and biometrics are three factors of authentication which fulfill the requirement of giving high security. Numerous three-factor ECC-based authentication protocols on e-Health clouds have been presented so far. However, most of the protocols have serious security flaws and produce high computation and communication overheads. Therefore, we introduce a novel protocol for the e-Health cloud, which thwarts some major attacks, such as user anonymity, offline password guessing, impersonation, and stolen smart card attacks. Moreover, we evaluate our protocol through formal security analysis using the Random Oracle Model (ROM). The analysis shows that our proposed protocol is more efficient than many existing protocols in terms of computation and communication costs. Thus, our proposed protocol is proved to be more efficient, robust and secure.     

An efficient two‐party authentication key exchange protocol for mobile environment

The primary goal of this research is to ensure secure communications by client‐server architectures in mobile environment. Although various two‐party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two‐party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three‐way challenged‐response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.     

An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment

The smart card based password authentication scheme is one of the most important and efficient security mechanism, which is used for providing security to authorized users over an insecure network. In this paper, we analyzed major security flaws of Jangirala et al.’s scheme and proved that it is vulnerable to forgery attack, replay attack, user impersonation attack. Also, Jangirala et al.’s scheme fail to achieve mutual authentication as it claimed. We proposed an improved two factor based dynamic ID based authenticated key agreement protocol for the multiserver environment. The proposed scheme has been simulated using widely accepted AVISPA tool. Furthermore, mutual authentication is proved through BAN logic. The rigorous security and performance analysis depicts that the proposed scheme provides users anonymity, mutual authentication, session key agreement and secure against various active attacks.     

An efficient three factor–based authentication scheme in multiserver environment using ECC

Recently, Li et al have developed a smartcard‐based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password‐guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above‐mentioned security flaws, we have proposed an efficient three factor–based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows‐Abadi‐Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual‐authentication and session‐key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes.     

An Enhanced Authentication Scheme with Privacy Preservation for Roaming Service in Global Mobility Networks

Global mobility network (GLOMONET) provides global roaming service to ensure ubiquitous connectivity for users traveling from one network to another. It is very crucial not only to authenticate roaming users, but to protect the privacy of users. However, due to the broadcast nature of wireless channel and resource limitations of terminals, providing efficient user authentication with privacy preservation is challenging. Recently, He et al. proposed a secure and lightweight user authentication scheme with anonymity for roaming service in GLOMONETs. However, in this paper, we identify that the scheme fails to achieve strong two-factor security, and suffers from domino effect, privileged insider attack and no password change option, etc. Then we propose an enhanced authentication scheme with privacy preservation based on quadratic residue assumption. Our improved scheme enhances security strength of He et al.’s protocol while inheriting its merits of low communication and computation cost. Specifically, our enhanced scheme achieves two-factor security and user untraceability.     

A secure and efficient identity‐based mutual authentication scheme with smart card using elliptic curve cryptography

The e‐commerce has got great development in the past decades and brings great convenience to people. Users can obtain all kinds of services through e‐commerce platform with mobile device from anywhere and at anytime. To make it work well, e‐commerce platform must be secure and provide privacy preserving. To achieve this goal, Islam et al. proposed a dynamic identity‐based remote user mutual authentication scheme with smart card using Elliptic Curve Cryptography(ECC). Islam et al claimed that the security of their scheme was good enough to resist various attacks. However, we demonstrate that their scheme is vulnerable to insider attack and suffers from off‐line password guessing attack if smart card is compromised. To overcome the deficiencies, we present an improved scheme over Islam's scheme. The security proof and analysis shows that our scheme can also provide user anonymity and mutual authentication, and the security is enough to against relay attack, impersonation attack, and other common secure attackers. The performance analysis shows that the proposed scheme is more efficient than Islam et al's scheme.     

Secure Handover Authentication Protocol Based on Bilinear Pairings

Handover authentication protocol enables a mobile node to switch from one base station to another without loss or interruption of service when the node exits the transmission area of his or her current base station. This paper proposes a secure prime-order handover authentication protocol based on bilinear pairings. The proposed protocol adapts the concept of pseudonyms to provide user anonymity and user unlinkability. It withstands well-known security threats and achieves mutual authentication, user unlinkability. A batch signature verification mechanism to verify a mass of signatures is presented in our scheme. We also prove that our scheme is secure under random oracle.     

An enhanced bilinear pairing based authenticated key agreement protocol for multiserver environment

To circumvent using of multiple single servers, the theory of multiserver communication exists and numerous authentication protocols put forward for providing secure communication. Very recently, Amin‐Biswas proposes bilinear pairing–based multiserver scheme by describing some security pitfalls of Hsieh‐Leu protocol and claims that it is secured against related security threats. However, this paper claims that Amin‐Biswas protocol is still susceptible to off‐line identity and password guessing attack, user untraceability attack, and server masquerading attack. The cryptographic protocol should be attacks‐free for real‐time application. To achieve attacks‐free security, we put forward smart card–based multiserver authentication protocol by using the concept of bilinear pairing operation. The formal method strand space model has been used to prove the correctness of the proposed scheme. Additionally, rigorous security analysis ensures pliability of common security threats. The performance and security features of our scheme are also compared with that of the similar existing schemes. The comparison results show that our protocol achieves more security features with less complexity.     

An improved remote password authentication scheme with smart card

This paper analyzes the security performance of a latest proposed remote two-factor user authentication scheme and proposes an improved scheme based on the dynamic ID to avoid the attacks it suffers. Besides this, in our proposed scheme the password is no longer involved in the calculation of verification phase which makes our scheme more secure and costs less than the old one. At last we analyze the performance of our proposed scheme to prove it provides mutual authentication between the user and the server. Moreover, it also resists password guessing attack, server and user masquerade attack and replay attack effectively.     

TAKAP:A Lightweight Three-Party Authenticated Key Agreement Protocol with User Anonymity

The three-party authenticated key agree-ment protocol is a significant cryptographic mechanism for secure communication,which encourages two entities to authenticate each other and generate a shared session key with the assistance of a trusted party (remote server) via a public channel.Recently,Wang et al.put forward a three-party key agreement protocol with user anonymity and alleged that their protocol is able to resist all kinds of attacks and provide multifarious security features in Computer Engineering & Science,No.3,2018.Unfortunately,we show that Wang et al.'s protocol is vulnerable to the password guessing attack and fails to satisfy user anonymity and perfect secrecy.To solve the aforementioned problems,a lightweight chaotic map-based Three-party authenticated key agreement protocol(short for TAKAP) is proposed,which not only could provide privacy protection but also resist a wide variety of security attacks.Furthermore,it is formally proved under Burrows-Abadi-Needham (BAN) logic.Simultaneously,the performance analysis in this paper demonstrates that the proposed TAKAP protocol is more secure and efficient compared with other relevant protocols.     

An enhanced scheme for mutual authentication for healthcare services

With the advent of state-of-art technologies, the Telecare Medicine Information System (TMIS) now offers fast and convenient healthcare services to patients at their doorsteps. However, this architecture engenders new risks and challenges to patients' and the server's confidentiality, integrity and security. In order to avoid any resource abuse and malicious attack, employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server. Therefore, several authentication protocols have been proposed to this end. Very recently, Chaudhry et al. identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme. Therefore, they introduced an improved protocol to mitigate those security flaws. Later, Qiu et al. proved that these schemes are vulnerable to the man-in-the-middle, impersonation and offline password guessing attacks. Thus, they introduced an improved scheme based on the fuzzy verifier techniques, which overcome all the security flaws of Chaudhry et al.'s scheme. However, there are still some security flaws in Qiu et al.'s protocol. In this article, we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks. Therefore, we introduce an improved protocol for authentication, which reduces all the security flaws of Qiu et al.'s protocol. We also make a comparison of our protocol with related protocols, which shows that our introduced protocol is more secure and efficient than previous protocols.     

A self-encryption mechanism for authentication of roaming and teleconference services

A simple authentication technique for use in the global mobility network (GLOMONET) is proposed. This technique is based on the concept of distributed security management, i.e., the original security manager administrates the original authentication key (long-term secret key) acquired when a user makes a contract with his home network, while a temporary security manager is generated for a roaming user in the visited network that provides roaming services. The temporary security manager will take the place of the original security manager when the roaming user stays in the service area of the visited network. In the proposed authentication protocol for the regular communication phase, the procedures of the original security manager and the temporary security manager are the same except for introducing different parameters. Furthermore, the proposed technique not only reduces the number of transmissions during the authentication phase, but it also can decrease the complexity of mobile equipment. The idea behind the proposed technique is to introduce a simple mechanism which is called "self-encryption". We also suggest that this mechanism can be easily adopted as the authentication function for the secure teleconference service.