Proposed Authentication Scheme Research Articles

Selective disclosure and yoking-proof based privacy-preserving authentication scheme for cloud assisted wearable devices

Along with the development of user-centric wireless communications, wearable devices appear to be popular for real-time collecting a user’s private data to provide intelligent service support. Compared with traditional short-range communications, the wearable devices confront more severe system vulnerabilities and security threats during interactions. Considering the limitations of computational capabilities and communication resources, it brings more challenges to design privacy-preserving authentication schemes for the resource-constrained wearable devices. In this work, local authentication and remote authentication are respectively designed for cloud assisted wearable devices. In the local authentication mode, hash based selective disclosure mechanism and Chebyshev chaotic map are jointly applied to achieve mutual authentication between a wearable device and a smart phone. In the remote authentication mode, Merkle hash tree based selective disclosure mechanism is designed to improve the structure of data fields in the certificate, and a yoking-proof is established to realize interactions between two wearable devices and a smart phone, and is further transmitted to the cloud server for simultaneous verification. Meanwhile, security formal analysis is performed based on the BAN logic for proving that the proposed remote authentication protocol has theoretical design correctness. It indicates that the proposed authentication scheme is available and flexible for ubiquitous wearable devices.

Secure server-server communication for dual stage biometrics – based password authentication scheme

The distributed environment insists the protection of servers, while information sharing is achieved. The conventional biometrics-based password authentication mechanisms use single server, which can be compromised easily. The dual stage authentication mechanism has been already proved for its security over the single stage authentication mechanism in our previous work. In this paper, the protocol is improved to establish communication between the authentication server and the master server through a secure link. Since the hashed messages are prone to collision attacks, the proposed scheme uses elliptic curve cryptography-based ciphers for establishing connection at the initial stage. The security analysis of the proposed authentication scheme with secure server – server communication link reveals the robustness and the security features, which are offered over our previous as well as the conventional authentication mechanisms.

SECURE GRAPHICAL PASSWORD SCHEME

In the world of computer applications authentication is the main process of granting access for an individual to get control over the services provided by different service providers. It is the process of identification of particular individual, unique username and password are used. Username and text-based password are the most commonly used technique in authentication, use of this technique is very popular in web applications. Lots of work has been done in the field of authentication. Conventional technique includes the text-based password, which is the combination of alphanumeric letters. On the other side of the authentication Graphical Password techniques are popular among handheld devices, the main motivation behind developing such kind of authentication technique is to provide strong but easy to remember password. Graphical authentication schemes are in use from decades, they have some limitations in early days, but comparatively the schemes which are in use today are secure and trust worthy. In this paper a technique for graphical authentication has been proposed based on the previous work, which can be implemented on the web application. The proposed authentication scheme is made secure using the homomorphic encryption technique to avoid the security issue in database.

Efficient location-based conditional privacy-preserving authentication scheme for vehicle ad hoc networks

Due to the real-time requirement of message in vehicle ad hoc networks, it is a challenge to design an authentication for vehicle ad hoc networks to achieve security, efficiency, and conditional privacy-preserving. To address the challenge, many conditional privacy-preserving authentication schemes using bilinear pairing or ideal tamper-proof device have been proposed for vehicle ad hoc networks in recent years. However, the bilinear pairing operation is one of the most complex cryptographic operations and the assumption of tamper-proof device is very strong. In this article, an efficient location-based conditional privacy-preserving authentication scheme without the bilinear pairing and tamper-proof device is proposed. Compared with the most recently proposed authentication schemes, the proposed scheme markedly decreases the computation costs of message signing and message verification phase, while satisfies all security requirements of vehicle ad hoc networks and provides conditional privacy-preserving.

Physical Layer Authentication Enhancement Using Maximum SNR Ratio Based Cooperative AF Relaying

Physical layer authentication techniques developed in conventional macrocell wireless networks face challenges when applied in the future fifth-generation (5G) wireless communications, due to the deployment of dense small cells in a hierarchical network architecture. In this paper, we propose a novel physical layer authentication scheme by exploiting the advantages of amplify-and-forward (AF) cooperative relaying, which can increase the coverage and convergence of the heterogeneous networks. The essence of the proposed scheme is to select the best relay among multiple AF relays for cooperation between legitimate transmitter and intended receiver in the presence of a spoofer. To achieve this goal, two best relay selection schemes are developed by maximizing the signal-to-noise ratio (SNR) of the legitimate link to the spoofing link at the destination and relays, respectively. In the sequel, we derive closed-form expressions for the outage probabilities of the effective SNR ratios at the destination. With the help of the best relay, a new test statistic is developed for making an authentication decision, based on normalized channel difference between adjacent end-to-end channel estimates at the destination. The performance of the proposed authentication scheme is compared with that in a direct transmission in terms of outage and spoofing detection.

Comprehensive analysis of the authentication methods in wireless body area networks

AbstractWBANs are of the promising technologies, applied in the e‐healthcare systems, for extracting and transferring critical medical data from patient body. In WBANs, the privacy and integrity of the patient's private medical data are very important, as a result, the WBANs communications and even communication with other E‐Healthcare components should be authenticated and secured. This paper provides a complete survey and analysis of the various authentication schemes proposed in the literature to improve the WBANs security. Besides, it classifies the proposed authentication schemes based on the applied techniques for authentication and illustrates each scheme in detail. Furthermore, it highlights the advantages and limitations of the authentication schemes and presents a comprehensive comparison of their capabilities and features. Finally, the paper concludes with open issues and future research directions. Copyright © 2016 John Wiley & Sons, Ltd.

EIAS-CP: new efficient identity-based authentication scheme with conditional privacy-preserving for VANETs

In VANETs, vehicles broadcast traffic-related messages periodically according to Dedicated Short Range Communication protocol. To ensure the reliability and integrity of messages, authentication schemes are involved in VANETs. As traffic-related messages are time-sensitive, they must be verified and processed timely, or it may cause inestimable harm to the traffic system. However, the OBUs and the RSUs are limited in computation ability and cannot afford vast messages' verification. Recently, some identity-based authentication schemes using bilinear pairing have been proposed to improve the efficiency of message verification for VANETs. Nevertheless, the bilinear pairing is not suited for VANETs due to its complex operations. The design of an efficient and secure authentication scheme with low computation cost for VANETs still is a rewarding challenge. To settle this challenge, a new efficient identity-based authentication scheme is proposed in this paper. The proposed scheme ensures reliability and integrity of messages and provides conditional privacy-preserving. Compared with the most recent proposed authentication schemes for VANETs, the computation costs of the message signing and verification in the proposed scheme reduce by 88 and 93 % respectively, while security analysis demonstrates that our proposed scheme satisfies all security and privacy requirements for VANETs.

Lightweight, ECC based RFID Authentication Scheme for WLAN

Wireless local area networks (WLANs), like IEEE 802.11, are right now very common in numerous outdoor or indoor environments for providing wireless communication among WiFi-enabled devices by accessing an Access Point (infrastructure mode) or through peer to peer connections (ad hoc mode). Authentication is one among the most primary research challenges for the realization of the envisioned mobile and wireless Internet. This is mainly due to the latency delay introduced during the authentication process, which are of major concern for real-time applications and media streaming application. In the same way, it is also crucial for WLANs to authenticate clients and build secure channels with them. In the historical researches, the traditional authentication mechanisms frequently adopted the names and passwords of clients as login authentication. However, these Single Factor Authentication mechanisms are proved to be defective. In virtue of enhancing security, recent researches on authentication are built on Two-Factor authentication schemes. In this paper, the authors proposed a two factor, lightweight RFID authentication scheme based on elliptic curve cryptography (ECC) for WLAN. The analytic comparison demonstrates the research not just reduces the expense of proposed authentication schemes, yet gives security similarly as smart card technology. In addition, the performance of the proposed authentication scheme will analyze in terms of computational cost, communications cost, and storage cost.

An Efficient Conditional Privacy-Preserving Authentication Scheme for Vehicular Sensor Networks Without Pairings

Constructing intelligent and efficient transportation systems for modern metropolitan areas has become a very important quest for nations possessing metropolitan cities with ever-increasing populations. A new trend is the development of smart vehicles with multiple sensors able to dynamically form a temporary vehicular ad hoc network (VANET) or a vehicular sensor network (VSN). Along with a wireless-enabled roadside unit (RSU) network, drivers in a VSN can efficiently exchange important or urgent traffic information and make driving decisions accordingly. In order to support secure communication and driver privacy for vehicles in a VSN, we develop a new identity-based (ID-based) signature based on the elliptic curve cryptosystem (ECC) and then adopt it to propose a novel conditional privacy-preserving authentication scheme based on our invented ID-based signature. This scheme provides secure authentication process for messages transmitted between vehicles and RSUs. A batch message verification mechanism is also supported by the proposed scheme to increase the message processing throughput of RSUs. To further enhance scheme efficiency, both pairing operation and MapToPoint operation are not applied in the proposed authentication scheme. In comparison with existing pseudo-ID-based authentication solutions for VSN, this paper shows that the proposed scheme has better performance in terms of time consumption.

A lightweight authentication scheme based on self-updating strategy for space information network

The security of space information network SIN is getting more and more important now. Because of the special features of SIN e.g., the dynamic and unstable topology, the highly exposed links, the restricted computation power, the flexible networking methods, and so on, the security protocol for SIN should have a balance between security properties and computation/storage overhead. Although a lot of security protocols have been proposed recently, few can provide overall attacks resistance power with low computation and storage cost. To solve this problem, in this paper we propose a lightweight authentication scheme for space information network. It is mainly based on the self-updating strategy for user's temporary identity. The scheme consists of two phases, namely, the registration phase and the authentication phase. All the computing operations involved are just hash function h, the bit-wise exclusive-or operation i¾?, and the string concatenation operation ||, which are of low computation cost. The security properties discussion and the attacks-resistance power analysis show that the proposed authentication scheme can defend against various typical attacks, especially denial of service attacks. It is sufficiently secure with the lowest computation and storage costs. Furthermore, the formal security proof in SVO logic also demonstrates that the scheme can satisfy the security goals very well. Copyright © 2016 John Wiley & Sons, Ltd.

Novel Design of Secure End-to-End Routing Protocol in Wireless Sensor Networks

In wireless sensor networks, the secure end-to-end data communication is needed to collect data from source to destination. Collected data are transmitted in a path consisting of connected links. All existing end-to-end routing protocols propose solutions in which each link uses a pairwise shared key to protect data. In this paper, we propose a novel design of secure end-to-end data communication. We adopt a newly published group key pre-distribution scheme in our design, such that there is a unique group key, called path key, to protect data transmitted in the entire routing path. Specifically, instead of using multiple pairwise shared keys to repeatedly perform encryption and decryption over every link, our proposed scheme uses a unique end-to-end path key to protect data transmitted over the path. Our protocol can authenticate sensors to establish the path and to establish the path key. The main advantage using our protocol is to reduce the time needed to process data by intermediate sensors. Moreover, our proposed authentication scheme has complexity O(n), where n is the number of sensors in a communication path, which is different from all existing authentication schemes which are one-to-one authentications with complexity O(n <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> ). The security of the protocol is computationally secure.

A robust cloud access scheme with mutual authentication

Due to the progress of network technology, we can access some information through remote servers, and we also can save and access lots of personal data in remote servers. Therefore, to protect these data and resist unauthorized access is an important issue. Some researchers proposed authentication scheme, but there still exist some security weaknesses. This article is based on the concept of HDFS (Hadoop Distributed File System), and offers a robust authentication scheme. The proposed scheme achieves mutual authentication, prevents re-play attack, solves asynchronous issue, and prevents offline password guessing attack.

Medical image authentication using SLT and IWT schemes

Over the years, different watermarking techniques have been used for medical image authentication purposes. Some techniques have been presented to detect tampering in the medical image while others can also recover the tampered region after the tamper detection. Many of the previous medical image authentication schemes have successfully achieved their aims; however, the robustness of the authentication scheme against unintentional attacks has not been highlighted sufficiently. This paper presents a new medical image authentication scheme in which the medical image is divided into two regions (i.e., region of interest (ROI) and region of non-interest (RONI)). Then two watermarking methods based on Slantlet transform (SLT) are used to embed data in the ROI and the RONI. The proposed scheme can be used for tamper detection, localization, and recovery in addition to the data hiding. To generate the recovery information of the ROI, a new method has been proposed based on the integer wavelet transform (IWT) coefficients. The experiments that have been conducted to evaluate the proposed authentication scheme proved that it is efficient not only in achieving its main tasks that have been mentioned above but also in having robustness against unintentional attacks (i.e., JPEG compression, additive Gaussian noise (AGN), and salt-and-pepper noise) and that makes it more suitable for the practical applications.

Mutual authentication scheme between biosensor device and data manager in healthcare environment

This study suggested a new security method which can be applied to healthcare environment aimed at those geographically living away from hospitals, including the elderly living alone, the handicapped, people living in islands and highlands, and chronic disease patients. In other words, it proposed a new authentication scheme of exchanging safely information between personal health device (PHD) to measure the bio-information of a chronic disease patient at home and data manager (DM) to collect the bio-information from the device. In terms of operations, the proposed scheme features the generation of a random number once by PHD and DM, respectively, two times of XOR operation, and one time of encoding and decoding operation. Therefore, given the low-power characteristic of PHD, it is very efficient. In addition, since a random number is used for encoding and decoding operation, the data to be transmitted is not only variable, but safe from illegal third parties' attacks, including eavesdropping, location-tracking, spoofing, and replay. In particular, the proposed scheme can be applied directly to ISO/IEEE 11073-20601 standard. Therefore, it is judged that the proposed authentication scheme is very useful in the point that it added the mutual authentication function to PHD and DM to implement safer and more efficient e-health environment.

Untraceable Sensor Movement in Distributed IoT Infrastructure

Recent advances in information and communication technologies and embedded systems have given rise to a new disruptive technology, the Internet of Things (IoTs). IoT allows people and objects in the physical world as well as data and virtual environments to interact with each other so as to create smart environments, such as smart transport systems, smart cities, smart health, and so on. However, IoT raises some important questions and also introduces new challenges for the security of systems and processes and the privacy of individuals, such as their location and movements and so on. In this paper, at first, we propose a distributed IoT system architecture. Subsequently, we propose an anonymous authentication scheme, which can ensure some of the notable properties, such as sensor anonymity, sensor untraceability, resistance to replay attacks, cloning attacks, and so on. It is argued that the proposed authentication scheme will be useful in many distributed IoT applications (such as radio-frequency identification-based IoT system, Biosensor-based IoT healthcare system, and so on), where the privacy of the sensor movement is greatly desirable.

Design of USIM-based secure user authentication scheme in a mobile office environment

In order to spread the scale of the mobile device market rapidly, mobile office applications have been introduced that can be process office work anytime, anywhere. However, the mobile office is vulnerable to several security threats that can occur over wireless networks, which can result in illegal enterprise information access and disclosure because of the openness and portability of the mobile device. Therefore, the mobile office environment must prevent unauthorized service and resource access, and a user authentication scheme is needed to mitigate the potential security vulnerabilities. In this paper, we propose a USIM-based secure user authentication scheme for a mobile office environment. The proposed scheme uses the USIM to securely share secret information for authentication between the mobile user and the server, and the mobile device can perform re-authentication to the server through the re-authentication phase in the event of handover. Moreover, the proposed authentication scheme is specified using Casper and is verified the security using the CasperFDR and FDR tool.

An Anonymous and Lightweight Authentication Scheme for Mobile Devices

In this paper, we present a lightweight authentication scheme designed to enable mobile devices to achieve robust client-anonymity and computation efficiency. Instead of the heavy encryption and decryption modules of Elliptic Curve Cryptography (ECC), we adopt the key agreement operation of ECC as the core technique in the proposed anonymous authentication scheme. This eliminates significant computation cost and thus does not exceed the inherent resource-limitations on mobile devices. Security analyses are conducted to guarantee the robustness of the proposed authentication scheme. Moreover, when we implement our proposed scheme, the demo-system we have named AuthDroid, into the Android system, the implementation results demonstrate a practical execution time, e.g. 149.7 microseconds, on an Android-based smartphone, i.e. HTC ONE X, to complete the whole authentication procedure of AuthDroid.DOI: http://dx.doi.org/10.5755/j01.itc.44.2.8335

A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS.

Telecare Medical Information System (TMIS) makes an efficient and convenient connection between patient(s)/user(s) at home and doctor(s) at a clinical center. To ensure secure connection between the two entities (patient(s)/user(s), doctor(s)), user authentication is enormously important for the medical server. In this regard, many authentication protocols have been proposed in the literature only for accessing single medical server. In order to fix the drawbacks of the single medical server, we have primarily developed a novel architecture for accessing several medical services of the multi-medical server, where a user can directly communicate with the doctor of the medical server securely. Thereafter, we have developed a smart card based user authentication and key agreement security protocol usable for TMIS system using cryptographic one-way hash function. We have analyzed the security of our proposed authentication scheme through both formal and informal security analysis. Furthermore, we have simulated the proposed scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and showed that the scheme is secure against the replay and man-in-the-middle attacks. The informal security analysis is also presented which confirms that the protocol has well security protection on the relevant security attacks. The security and performance comparison analysis confirm that the proposed protocol not only provides security protection on the above mentioned attacks, but it also achieves better complexities along with efficient login and password change phase.

AATCT: Anonymously Authenticated Transmission on the Cloud with Traceability

In Cloud computing, anonymous authentication is an important service that must be available to users in the Cloud. Users have the right to remain anonymous as long as they behave honestly. However, in case a malicious behavior is detected, the system – under court order – must be able to trace the user to his clear identity. Most of the proposed authentication schemes for the Cloud are either password-based authentication schemes that are vulnerable to offline dictionary attacks, or biometric-based authentication schemes that take a long time of execution specially in case of high security requirements. In this paper, we propose an efficient and secure scheme to non-interactively authenticate the users on the Cloud to the remote servers while preserving their anonymity. In case of accusations, the registration authority is able to trace any user to his clear identity. We avoid using low entropy passwords or biometric mechanisms, instead, we employ pseudonym systems in our design. The computation complexity and storage requirements are efficient and suitable to be implemented on smart cards/devices. Our proposed scheme withstands challenging adversarial attacks such as, stolen databases attacks, databases insertion attacks, impersonation attacks, replay attacks and malicious users/servers collaboration attacks.

On the security flaws in ID-based password authentication schemes for telecare medical information systems.

Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.