Abstract

At present, a number of users employ an authentication protocol so as to enjoy protected electronic transactions in wireless networks. In order to establish an efficient and robust the transaction system, numerous researches have been conducted relating to authentication protocols. Recently, Kaul and Awasthi presented an user authentication and key agreement scheme, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent two kinds of attacks, including off-line password guessing attacks and user impersonation attacks. Second, user anonymity rule cannot be upheld. Third, session key can be compromised by an attacker. Fourth, there is high possibility that the time synchronization trouble occurs. Therefore, we suggest an upgraded version of the user authenticated key agreement method that provides enhanced security. Our security and performance analysis shows that compared, to other associated protocols, our method not only improves the security level but also ensures efficiency.

Highlights

  • The rapid evolution of mobile devices and the development of Information and Communication Technology (ICT) are providing convenience to our lives

  • In order to guarantee reliability among the communication parties, authentication protocol supports security when users access to foreign network

  • (1) Ui inserts Ui’s smart card into a card reader and inputs imprints biometric = h(IDi ‖ PWi card and compares it with the stored ηi in the smart card. If this comparison is satisfied, the smart card acknowledges the legitimacy of Ui and proceeds with the step

Read more

Summary

Introduction

The rapid evolution of mobile devices and the development of Information and Communication Technology (ICT) are providing convenience to our lives. Security and Communication Networks et al.’s mechanism [12] cannot guarantee protecting against off-line password guessing attack, user disguise attack, and server masquerading attack, and their scheme cannot keep user’s identity and mutual authentication property. Like their predecessor, this was followed by Kumari et al.’s [13] proposal for enhanced authentication technique. Kaul and Awasthi [14] proved that Kumari et al.’s proposal [13] fails to protect important security parameters and session key shared between communication parties With compensating these defections, they presented their own authentication method [14], claiming it can resist different types of attacks.

Preliminary Knowledge
Review of the Kaul and Awasthi’s Scheme
The Proposed Scheme
Authentication Phase
Security Analysis and Proof of the Proposed Scheme
Formal Security Proof Using AVISPA Tool
Performance Analysis of the Proposed Scheme
Conclusions
Conflicts of Interest
SUMMARY SAFE

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.