Three-factor Remote User Authentication Scheme Research Articles

A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps

With the wide deployment of new computing paradigms, such as cloud computing and edge computing, the people can access services provided by remote servers more conveniently via the Internet. To pre...

Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks

In recent years, the research in generic Internet of Things (IoT) attracts a lot of practical applications including smart home, smart city, smart grid, industrial Internet, connected healthcare, smart retail, smart supply chain and smart farming. The hierarchical IoT network (HIoTN) is a special kind of the generic IoT network, which is composed of the different nodes, such as the gateway node, cluster head nodes, and sensing nodes organized in a hierarchy. In HIoTN, there is a need, where a user can directly access the real-time data from the sensing nodes for a particular application in generic IoT networking environment. This paper emphasizes on the design of a new secure lightweight three-factor remote user authentication scheme for HIoTNs, called the user authenticated key management protocol (UAKMP). The three factors used in UAKMP are the user smart card, password, and personal biometrics. The security of the scheme is thoroughly analyzed under the formal security in the widely accepted real-or-random model, the informal security as well as the formal security verification using the widely accepted automated validation of Internet security protocols and applications tool. UAKMP offers several functionality features including offline sensing node registration, freely password and biometric update facility, user anonymity, and sensing node anonymity compared to other related existing schemes. In addition, UAKMP is also comparable in computation and communication costs as compared to other existing schemes.

A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC

With the rapid growth of the computer and the Internet technology, various types of services are provided through the Internet such as e-banking, e-rail, e-commerce, online game, etc. Today, they have become an important part of our lives and make life very convenient. However, most of these applications/services operate over an insecure channel therefore authentication is required before permitting the remote access of those services. In this paper, we propose a secure anonymous three-factor based remote user authentication scheme for multi-server environment using ECC. We show that the proposed scheme is accurate and provides mutual authentication and session key agreement securely on the basis of BAN logic. Its formal security analysis, using Random Oracle Model, shows that an attacker cannot retrieve the backbone parameters such as user identity, password, secret keys, and session key. Using informal security analysis, we prove that our scheme defends against various security pitfalls. Additionally, we compare our scheme with other surviving relevant schemes and the comparative results show that our scheme is efficient in terms of computation cost, communication cost, smart card storage cost and estimated time. Specially, the proposed scheme is not only secure against various security threats, but it also facilitates an accurate login phase, robust authentication phase and user friendly password change phase.

Cryptanalysis and Security Enhancement of Three-Factor Remote User Authentication Scheme for Multi-Server Environment

Recently, Om et al. proposed three-factor remote user authentication protocol using ElGamal cryptosystem and ensured that it is withstands to various kinds of security attacks. But, the authors review carefully Om et al.'s scheme and discover that it unable to resist three attacks (like password guessing; denial of service; and user impersonation). Moreover, their protocol is not facilitating user anonymity. To solve these security vulnerabilities, the authors devise a secure and robust anonymous identity based authentication scheme for multi-server environment. The authentication proof of the proposed scheme has validated using BAN (Burrows-Abadi-Needham) logic, which confirms the protocol facilitates mutual authentication and session-key negotiation securely. Informal security analysis also confirms that it is well protected against various security attacks. In addition, the proposed work is compared along with other schemes (in the context of smart card storage and computation costs as well as execution time).

A privacy preserving biometric-based three-factor remote user authenticated key agreement scheme

Advancement in Internet of Things (IOT) and remote user communication is facilitated, where a user need not be physically present. However, security and privacy challenges arrive as client–server communication is done via public network. To lower down the security and privacy threats, authentication and key agreement (AKA) protocols are being designed and analyzed. AKA protocols' goal is to ensure authorized and secure access of recourses. Recently, Li et al. proposed a biometric based three-factor remote user authentication scheme for client–server environment. Their scheme uses biometric identifier to resist guessing attacks. In this article, we discussed the security of Li et al.'s scheme, and show its vulnerability to known session specific temporary information attack. Additionally, it does not provide three-factor authentication and user's privacy. It also has some flows in authentication phase. We proposed a novel AKA protocol, which can overcome the weaknesses of Li et al.'s scheme without losing its original merits. Through the analysis, we show that our scheme is secure against various known attacks including the attacks found in Li et al.'s scheme. Furthermore, we demonstrate the validity of the proposed scheme using the BAN (Burrows, Abadi, and Needham) logic. Our scheme is also comparable in terms of computation overheads with Li et al.'s scheme and other related schemes.

Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment

Recently, Wen et al. have developed three-factor authentication protocol for multi-server environment, claiming it to be resistant to several kinds of attacks. In this paper, we review Wen et al.’s protocol and find that it does not fortify against many security vulnerabilities: (1) inaccurate password change phase, (2) failure to achieve forward secrecy, (3) improper authentication, (4) known session-specific temporary information vulnerability and (5) lack of smart card revocation and biometric update phase. To get rid of these security weaknesses, we present a safe and reliable three-factor authentication scheme usable in multi-server environment. The Burrows–Abadi–Needham logic shows that our scheme is accurate, and the formal and informal security verifications show that it can defend against various spiteful threats. Further, we simulate our scheme using the broadly known Automated Validation of Internet Security Protocols and Applications tool, which ensures that it is safe from the active and passive attacks and also prevent the replay and man-in-the-middle attacks. The performance evaluation shows that the presented protocol gives strong security as well as better complexity in the terms of communication cost, computation cost and estimated time.

A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems.

Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan's scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan's scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan's scheme and then presented an improvement on Tan's s scheme. However, we show that Arshad and Nikooghadam's scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan's scheme, and Arshad and Nikooghadam's scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.