Inter-domain Authentication Research Articles

Improving the security of the Hwang-Su protocol for mobile networks

The mobile networks are experiencing a growing success. This success is mainly due to the fact that these networks providing the mobility of users, the transmission of data through open air and the requirement of low power. But, it is threatened by weak security, especially at the level of authentication. Hwang and Su have proposed an efficient authentication protocol for mobile networks. This protocol, called Hwang-Su here, is based on the use of one-way hash function, symmetric key cryptosystem and nonce. Hwang-Su protocol consists of two sub-protocols, named intra-domain authentication and inter-domain authentication. If the user and the service provider registered in the same domain, we would use intra-domain authentication protocol. Otherwise, we would initiate inter-domain authentication protocol. In this article, we show that both sub-protocols are not secured. Indeed, any legitimate user can abuse of these rights to attack them. We also propose improvements to increase its security.Keywords: Authentication, Mobile communication, Cryptography, Security

Inter-Domain Anonymous Authentication in Wireless Mesh Networks

Inter-Domain Anonymous Authentication in Wireless Mesh Networks

Secure and scalable mobility management scheme for the Internet of Things integration in the future internet architecture

Internet of Things is becoming a reality with the rapid development of communication technologies. This evolution presents an enrichment of the users' experiences, but also challenges regarding network scalability, security, privacy vulnerabilities, and mobility support. Mobility support for the Future Internet is focused on ID/Locator split architectures since the limitations of the current internet. This work analyses the security challenges for the HIMALIS Heterogeneity Inclusion and Mobility Adaptation through Locator ID Separation architecture for the particularities from the Internet of Things and the ID/Locator management messages vulnerable to attacks. This work proposes a secure and scalable mobility management scheme that considers the constraints from the Internet of Things, solving the possible security and privacy vulnerabilities of the HIMALIS architecture. The proposed scheme supports scalable inter-domain authentication and secure location update and binding transfer for the mobility process. The proposed scheme has been verified and evaluated successfully with the AVISPA framework.

Inter-domain Authentication Scheme in a Distributed Mobile Network

Inter-domain Authentication Scheme in a Distributed Mobile Network

A Short Latency Inter-domain Handover Authentication Protocol for Wireless Network

User mobility is the most important advantage of a wireless network environment. It is necessary for the mobile user to perform a handover between the base stations to acquire the services found within the wireless network. To accommodate the security requirements and convenience, it is necessary to take mutual authentication and fast handover into account when examining the process of inter-domain handover. This paper proposes a secure inter-domain handover authentication protocol with short authentication latency, which provides fast handover for retaining the wireless network connectivity under the security requirement of identity authentication. This maintains user anonymity, replay attack resistance in login and inter-domain handover, and the forward/ backward secrecy of key generation, which other studies do not provide. The long authentication latency may cause network disconnection, and the mobile user must re-login to the network to receive service. Therefore, it is necessary to consider the short authentication latency as an essential factor. This paper focuses on the authentication latency shortened by a fast handover. This proposed protocol reduces the handover authentication latency more than other schemes. This study's proposed protocol is more secure and efficient than found in previous research.

An inter-domain authentication scheme for pervasive computing environment

In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic.

Cryptanalysis of a hybrid authentication protocol for large mobile networks

In this paper we analyse a hybrid authentication protocol due to Chien and Jan, designed for use in large mobile networks. The proposed protocol consists of two sub-protocols, namely the intra-domain authentication protocol and the inter-domain authentication protocol, which are used depending on whether the user and the request service are located in the same domain. We show that both sub-protocols suffer from a number of security vulnerabilities.

Federated authentication to support information sharing: Shibboleth in a bio-surveillance information grid

This paper explores the potential of Shibboleth, a grid middleware tool set and foundation technology, to support inter-domain authentication, in a medical information environment. Shibboleth is an open standards-based solution that meets the requirements of organizations needing to exchange information about users securely to protect the privacy of their information. Shibboleth is part of the Internet2 middleware initiative, headed by a group of leading higher education middleware architects and corporate partners, and funded by Internet2 and the National Science Foundation. The project targets organizations that need to exchange information including higher education, their partners, digital content providers, federal agencies and others with whom universities do business. The purpose of the exchange is to determine if a person using an application has the permissions to access a resource at a target site based on information such as being a member of an institution or some specific class. The system is engineered to preserve privacy and allows users to determine whether to release additional information about themselves or not. Shibboleth has an open architecture with a functioning, open source implementation. It ensures information exchanged between organizations can interoperate with that from other solutions. The presenters are engaged, with a team of researchers, at Georgetown University and Washington Hospital Center, to test the validity of Shibboleth technology. The goal is to ensure the secure exchange of information among users of an innovative emergency room management information system at their hospitals and to further expose that information across the network to emergency management decision makers. Shibboleth use in this highly private and confidential environment and how its design meets HIPAA and other security and privacy requirements are discussed. This design could connect many decision makers and incorporate other sources of secure information such as environmental data. This work will help organize medical data communities to support inter-domain authentication and extend its use for bio-surveillance on a larger scale.

A hybrid authentication protocol for large mobile network

As the rapid development of wireless LAN and mobile network layer protocol Mobile-IP, a mobile user is allowed to access the service at the visited domain after he has been authenticated. The designing criteria of the inter-domain authentication protocols include: the scalability, the communication efficiency and the computational efficiency, and the robustness of security. In this article, we first show the weakness of some existing protocols against the session key compromise, and then propose a new and efficient inter-domain authentication protocol. Based on public key, challenge–response and hash chaining, this new approach simultaneously achieves several practical merits: (1) good scalability, (2) low communication cost and low computational cost, and (3) resistance to the session key compromise attack.

Transport issues in the network file system

The Sun Network File System (NFS) is a popular protocol to access files across a network [Sandberg 86]. NFS is implemented on machines as different as Personal Computers, and Cray-2 supercomputers. It uses Sun Remote Procedure Call [Sun 88] and External Data Representation [Sun 87] specifications, which can be used on a variety of transport protocols. The original design goal for NFS was to support small clusters of machines on local area networks. Thus a datagram protocol (UDP) was chosen to simplify transport.Using a connection-less transport protocol meant that nothing explicitly needed to be done to handle server or network failures. However, the use of NFS has expanded to cover much larger and more complicated networks than was ever anticipated. This has caused some NFS users to experience the problems of congestion and flow controI that transport protocols have been designed to address. This paper discucsses some alternatives for NFS transport protocols. Other issues such as inter-domain authentication, are not discussed here.