Improved User Authentication Scheme Research Articles

Biometrics Based User Authentication Scheme for Multi-Server Environments

The critical security requirements include mutual authentication between a server and a user and creation of the session key that is used to maintain confidentiality of data through the key agreement scheme. This study proposes the improved user authentication scheme that can respond to the impersonation attack of an attacker, guaranteeing user’s anonymity and confidentiality of the session key by improving the problem that the user authentication scheme suggested by Moon et al. has, which is that the secret key of the registration center and a server and secret numbers selected by the registration center are easily exposed to an attacker. This study proposes the improved user authentication scheme that can respond to the impersonation attack of an attacker, guaranteeing user’s anonymity and confidentiality of the session key by improving the problem that the user authentication scheme suggested by Moon et al. has, which is that the secret key of the registration center and a server and secret numbers selected by the registration center are easily exposed to an attacker. Therefore, this study proposes dividing and saving the secret key SPSK in advance when it is registered at the registration center in order to prevent the secret key and secret numbers from being exposed to an attacker. Besides, it makes it impossible for an attacker to figure out the secret number x from a transformed number even though a message is wiretapped upon transmission by improving it in the way that the secret number x that is selected after a user requests registration is transformed to another number before transmission. The improved user authentication scheme proposed in this study is able to guarantee user’s anonymity, respond to attacks that attackers are impersonated as users or servers and that create the session key by using the intercepted messages.

Cryptanalysis and improvement of a user authentication scheme for wireless sensor networks using chaotic maps

One of the challenging issues in wireless sensor networks (WSNs) is to provide secure communication as the channel used is wireless. User authentication is a mechanism that is used to provide secure communication. The authors analyse the security of a recent authentication scheme for WSNs and show that it is not resistant to smart card loss, insider, and denial of service attacks besides the user traceability problem. Here, they design an improved user authentication scheme using the chaotic maps for WSNs. The chaotic maps-based public key cryptosystem helps a scheme to consider a large integer as the secret key rather than a large prime number and makes it fast. They show its formal security analysis using the random oracle model. They also analyse its security informally to show that it is resistant to various known attacks. They show that their scheme offers more security features than the existing schemes.

An improved user authentication scheme for electronic medical record systems

Electronic Medical Record (EMR) systems is a part of e-healthcare system, which is developing rapidly. In this, it is possible to deliver medical services among multiple participants over a network without physical presence. Since sensitive data is transmitted over public channels, it is very much required to maintain the secrecy of that data. This is achieved by mutual authentication between the participants. For this, various schemes for authentication with smart cards have been proposed. Han et al. proposed one such biometrics-based scheme for the same purpose using hash functions along with symmetric key encryption and elliptic curve cryptography. From cryptanalysis of their scheme, we have pointed out weaknesses viz. no user anonymity, user and server impersonation, man-in-the-middle attack. These security issues have been presented in this article. To overcome these attacks, a scheme has been proposed in this article. Since it does not use symmetric key encryption, the proposed scheme reduces the computational complexity as can be seen in the comparison provided. The security analysis of the proposed scheme, along with BAN (Burrows-Abadi-Needham) logic has been explained in detail. Comparison of the proposed scheme with related schemes with respect to computation cost, execution time and performance is demonstrated. This proves that the proposed scheme performs well in terms of security as well as computational efficiency.

An improved user authentication scheme on smartphone using dominating attribute of touch data

In the era of science and technology, the user of Smartphone is omnipresent, as the data of research shows the number of Smartphone users is rising exponentially. Earlier Mobile phones used for calling and sending messages. Technology has evolved, and presently Smartphone is used as multipurpose device. The smartphone is used for online shopping, reading books, listing music, clicking photo, recording video, internet access, digital banking, and many more sophisticated services. Access of Smartphone data must be by secure and user-friendly system of authentication. Authentication methods of traditional computer systems cannot fit as it is into Smartphone authentication due to small size screen for input. Presently fingerprint authentication, pattern authentications systems and many more are used for Smartphone authentication, but they are just providing the security at entry-level authentication. Once a user does entry-level authentication device is open for use, and unattended phone can be unauthorized access. There is research going on in the area where the unauthorized person must not have access even the device is in unlock state. This dimension of authentication is called continuous Smartphone authentication. Our focus in this paper is on continuous mobile authentication. In this paper dataset of 41 users is used. Feature selection methods for continuous Smartphone authenticationuses dominating features. For the better tradeoff OptAT performance parameter is proposed. The improvement of 16% has been achieved using this parameter. The learning curve also has been drowned for the features.

An improved Chang-Lee’s smart card-based authentication scheme

It is useful to verify a legal user from a remote terminal through the Internet with the user authentication schemes based on the smart card. Usually, the remote user has to use his/her identification accompanying the password to access the system. This action is an important scheme to protect the user’s privacy and confidentiality. To achieve the robustness and the efficiency, Chang and Lee proposed a scheme that employs a smart card-based user authentication with the characters of implementation practically and easily. Also, Chang and Lee claim that the scheme could resist the replay attacks, the impersonation attacks, the identity disclosure attacks, and the perfect forward secrecy. However, this work shows that the scheme is in the risk with an on-line guessing identity and password attacks and denial of service attack. Hence, in this paper, it proposes an improved user authentication scheme that holds the capacity to withstand the vulnerability as that in Chang-Lee’s smart card-based scheme.

An Improved User Authentication and Key Agreement Scheme for Multi-medical Server Usable in TMIS

Recently, Amin and Biswas proposed a novel authentication protocol for TMIS. They claimed that their protocol provides security protection on the attacks proposed by them. Even though Amin and Biswas’s protocol achieves efficiency, we demonstrate that their protocol is insecure against many attacks. To overcome the defects in Amin and Biswas’s protocol, we proposed an improved user authentication scheme in TMIS. The security analysis shows that the proposed protocol remedies the weaknesses in Amin and Biswas’s protocol.

An Efficient Mobile User Authentication Scheme with User Anonymity for Wireless Communications

Recently, many mobile user authentication schemes with user anonymity for wireless communications have been proposed. In 2012, Li and Lee proposed a novel user authentication and privacy preserving scheme with smart cards for wireless communications. In 2013, Jeon et al. proposed an improved user authentication scheme, and claimed their scheme achieves user anonymity and more efficient. On the basis of their work, we put forward a new user authentication scheme using elliptic curve cryptography with user anonymity for wireless communications. The security and performance analysis show that the new scheme is more secure and efficient for wireless communications.

An Improved User Authentication Protocol for Healthcare Services via Wireless Medical Sensor Networks

Healthcare service sector is one of the major applications of Wireless Sensor Networks (WSNs) acknowledged as Wireless Medical Sensor Network (WMSNs). It deploys tiny medical sensor-nodes ( MS-nodes) on the body of the patient to sense crucial physiological signs which can be accessed and analyzed by registered medical professionals. Recently, Khan et al. analyzed Kumar et al.'s scheme proposed for healthcare applications using WMSNs and observed that the scheme is susceptible to many security weaknesses if an adversary extracts the information from the lost smart card of some user. The adversary can access patient's physiological data without knowing actual password, can deceive medical professionals by sending fake information about patients, can guess the password of a user from the corresponding smart card, and so forth. Besides, the scheme fails to resist insider attack, lacks user anonymity and the session key shared between the user and the MS-node is insecure. To overcome these problems, we propose an improved user authentication scheme for healthcare applications using WMSNs. We show that the scheme is free from the identified weaknesses and excels in performance and efficiency scheme.

Security Analysis and Improvement of User Authentication Framework for Cloud Computing

Cloud Computing, as an emerging, virtual, large-scale distributed computing model, has gained increasing attention these years. Meanwhile it also faces many secure challenges, one of which is authentication. In this paper, we firstly analyze a user authentication framework for cloud computing proposed by Amlan Jyoti Choudhury et al and point out the security attacks existing in the protocol. Then we propose an improved user authentication scheme. Our improved protocol ensures user legitimacy before entering into the cloud. The confidentiality and the mutual authentication of our protocol are formally proved by the strand space model theory and the authentication test method. The simulation illustrates that the communication performance of our scheme is efficient

Cryptanalysis of an Improved User Authentication Scheme with User Anonymity for Wireless Communications

A user identity anonymity is an important property for roaming services. In 2011, Kang et al. proposed an improved user authentication scheme that guarantees user anonymity in wireless communications. This letter shows that Kang et al.'s improved scheme still cannot provide user anonymity as they claimed.

Security Flaw of an Improved User Authentication Scheme with User Anonymity for Wireless Communications

Recently, Kang et al. discussed some security flaws of Wu et al.'s and Wei et al.'s authentication schemes that guarantee user anonymity in wireless communications and showed how to overcome the problems regarding anonymity and the forged login messages. However, we will show that Kang et al.'s improved scheme still did not provide user anonymity as they claimed.

스마트카드를 이용한 An의 원격 사용자 인증 스킴의 안전성 분석 및 개선

Hsiang-Shih는 Yoon등의 스킴을 개선한 사용자 인증 스킴을 제안하였다. 그 후 An은 Hsiang-Shih이 제안한 스킴이 패스워드를 기반으로 하는 스마트카드를 이용한 사용자 인증 스킴에서 고려하는 보안 요구사항을 만족하지 못함을 보였다. 즉, Hsiang-Shih이 제안한 스킴에서 공격자가 사용자의 스마트카드를 훔치거나 일시적으로 접근하여 그 안에 저장된 정보를 추출하여 사용자의 패스워드를 알아낼 수 있음을 보였다. 그러나 An이 제안한 스킴도 패스워드 추측공격, 위조/위장 공격 등에 취약함을 보이고 개선된 사용자 인증 스킴을 제안하였다. 제안한 인증 스킴은 패스워드 추측공격이 불가능하고 사용자와 인증 서버가 상대방을 인증할 수 있는 효율적인 상호 인증방식을 제시하였다. Hsiang-Shin proposed a user authentication scheme which was created by improving Yoon's scheme. Afterwards, An showed the failure to meet security requirements which are considered in user authentication using password-based smart card in Hsiang-Shih-suggested scheme. In other words, it was found that an attacker can steal a user's card, and detect a user's password by temporarily accessing it and extracting the information stored in it. However, An-proposed scheme also showed its vulnerability to password-guessing attack and forgery/impersonation attack, etc. and thus, this paper proposed the improved user authentication scheme. The proposed authentication scheme can thwart the password-guessing attack completely and this paper proposed scheme also includes an efficient mutual authentication method that can make it possible for users and authentication server to certify the other party.

순방향 비밀성을 제공하는 사용자 인증 스킴에 관한 연구

Recently Wang-Li proposed the remote user authentication scheme using smart cards. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we described the Wang-Li and Yoon et al.`s authentication scheme simply, and we prove that the Wang-Li`s scheme is vulnerable to a password guessing attack and impersonation attack in case that the attacker steals the user`s smart card and extracts the information in the smart card. Accordingly, we propose the improved user authentication scheme based on the hash function and generalized ElGamal signature scheme that can withstand many possible attacks including a password guessing attack, impersonation attack and replay attack, and that can offer the function of forward secrecy. The result of comparative analysis, the our proposed scheme is much more secure and efficient than the Wang-Li and Yoon et al.`s scheme.

Improved User Authentication Scheme with User Anonymity for Wireless Communications

We propose a user authentication scheme with user anonymity for wireless communications. Previous works have some weaknesses such as (1) user identity can be revealed from the login message, and (2) after a smart card is no longer valid or is expired, users having the expired smart cards can generate valid login messages under the assumption that the server does not maintain the user information. In this letter, we propose a new user authentication scheme for providing user anonymity. In the proposed scheme, the server is capable of detecting forged login messages by users having only expired smart cards and their passwords without storing user information on the server.

스마트카드를 사용한 원격 사용자 인증 스킴의 시큐리티 개선에 관한 연구

최근 Hu-Niu-Yang은 Liu 등의 스킴을 개선한 사용자 인증 스킴을 제안하였다. 그러나 Hu-Niu-Yang의 스킴은 패스워드 기반 스마트카드를 이용한 사용자 인증 스킴에서 고려하는 보안 요구사항을 만족하지 못하고 있다. 본 논문에서는, 공격자가 사용자의 스마트카드를 훔치거나 일시적으로 접근할 수 있는 경우에 Hu-Niu-Yang의 스킴은 off-line 패스워드 추측공격에 취약하다는 것을 증명하였다. 또한 이와 같은 안전성 취약점들을 해결한 개선된 사용자 인증 스킴을 새로이 제안하였다. 제안된 사용자 인증 스킴은 패스워드 추측공격, 위조 및 위장공격, 그리고 재생 공격 등을 방지한 안전한 인증 스킴임을 알 수 있었고, 이와 같은 공격들을 방지하기 위하여 hash 및 exclusive-OR 연산이 상대적으로 Hu-Niu-Yang의 스킴보다 다수 필요함을 알 수 있었다. Recently Hu-Niu-Yang proposed the user authentication scheme to improve Liu et al's scheme. But the Hu-Niu-Yang's scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hu-Niu-Yang's scheme is vulnerable to the off-line password guessing attack in case that the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved user authentication scheme solving the security vulnerability was introduced, thus preventing the attacks, such as password guessing attack, forgery attack impersonation attack, and replay attack. For preventing those attacks, the our proposed scheme need more hash functions and exclusive-OR operations than Hu-Niu-Yang's scheme.