A secure and robust smart card-based remote user authentication scheme
10 Apr 2020-International Journal of Internet Technology and Secured Transactions (Inderscience Publishers)-Vol. 10, Iss: 1, pp 255
TL;DR: This paper reviews different smart card authentication methods and proposes an improved authentication method to cover existing security weaknesses including security of verification.
Abstract: In the new era of technology, smart cards play a critical role in economic and social interactions. Security vulnerabilities of these smart cards are the main concern for many users as well as researchers. Authentication has been used as one of the basic security solution to protect the data from unauthorised access. In recent years, smart card-based password authentication has gotten more attention by researchers. This paper reviews different smart card authentication methods and proposes an improved authentication method to cover existing security weaknesses including security of verification. Finally, the proposed method is analysed and compared to the related works.
Citations
More filters
TL;DR: This work proposes a novel SWFS cost optimization model effective in solving the challenge of determining an approximate (near-optimal) solution within polynomial computational time and achieves an optimal Job completion time and total computational cost for small and large sizes of the considered dataset.
Abstract: Scientific Workflow Applications (SWFAs) can deliver collaborative tools useful to researchers in executing large and complex scientific processes. Particularly, Scientific Workflow Scheduling (SWFS) accelerates the computational procedures between the available computational resources and the dependent workflow jobs based on the researchers’ requirements. However, cost optimization is one of the SWFS challenges in handling massive and complicated tasks and requires determining an approximate (near-optimal) solution within polynomial computational time. Motivated by this, current work proposes a novel SWFS cost optimization model effective in solving this challenge. The proposed model contains three main stages: (i) scientific workflow application, (ii) targeted computational environment, and (iii) cost optimization criteria. The model has been used to optimize completion time (makespan) and overall computational cost of SWFS in cloud computing for all considered scenarios in this research context. This will ultimately reduce the cost for service consumers. At the same time, reducing the cost has a positive impact on the profitability of service providers towards utilizing all computational resources to achieve a competitive advantage over other cloud service providers. To evaluate the effectiveness of this proposed model, an empirical comparison was conducted by employing three core types of heuristic approaches, including Single-based (i.e., Genetic Algorithm (GA), Particle Swarm Optimization (PSO), and Invasive Weed Optimization (IWO)), Hybrid-based (i.e., Hybrid-based Heuristics Algorithms (HIWO)), and Hyper-based (i.e., Dynamic Hyper-Heuristic Algorithm (DHHA)). Additionally, a simulation-based implementation was used for SIPHT SWFA by considering three different sizes of datasets. The proposed model provides an efficient platform to optimally schedule workflow tasks by handling data-intensiveness and computational-intensiveness of SWFAs. The results reveal that the proposed cost optimization model attained an optimal Job completion time (makespan) and total computational cost for small and large sizes of the considered dataset. In contrast, hybrid and hyper-based approaches consistently achieved better results for the medium-sized dataset.
27 citations
01 Sep 2021
TL;DR: In this article, a smart card-based content distribution framework is presented, which supports mutual authentication and secure session establishment, and the security proof of the proposed scheme is presented in a random oracle model with rigorous informal security analysis.
Abstract: The growing demand for digital content using smart devices has taken the attenuation towards the enforcement of rights in digital content distribution. Digital rights management (DRM) systems support copyrights and try to control the access of digital content in a user-friendly way. However, user-friendly systems should also support user’s rights along with system requirements. The portable DRM architecture has the potential to support user’s rights. One of the critical challenges in portable DRM systems is the anonymous and secure delivery of digital content. To address this issue, a smart card-based content distribution framework is presented, which supports mutual authentication and secure session establishment. The security proof of the proposed scheme is presented in a random oracle model with rigorous informal security analysis, which signals that the proposed scheme has desirable attributes of security. Moreover, the security analysis is also performed using a widely adopted simulation tool, namely, “Automated Validation of Internet Security Protocol and Application (AVISPA)”. The study of performance has been conducted, which signals that the proposed scheme is also addressing the requirements of efficiency.
2 citations
References
More filters
TL;DR: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system.
Abstract: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system. The method assumes a secure one-way encryption function and can be implemented with a microcomputer in the user's terminal.
2,874 citations
TL;DR: This work proposes a new remote user authentication scheme using smart cards based on the ElGamal's (1985) public key cryptosystem that can withstand message replaying attack.
Abstract: We propose a new remote user authentication scheme using smart cards. The scheme is based on the ElGamal's (1985) public key cryptosystem. Our scheme does not require a system to maintain a password table for verifying the legitimacy of the login users. In addition, our scheme can withstand message replaying attack.
863 citations
TL;DR: This paper presents a dynamic ID-based remote user authentication scheme using smart cards that allows the users to choose and change their passwords freely, and do not maintain any verifier table.
Abstract: Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.
562 citations
TL;DR: A novel user authentication and key agreement scheme using smart cards for multi-server environments with much less computational cost and more functionality, which is a nonce-bayed scheme which does not have a serious time-synchronization problem.
Abstract: Remote user authentication and key agreement scheme using smart cards is a very practical solution to validate the eligibility of a remote user and provide secure communication later. Also, due to fast progress of networks and information technology, most of provided services are in multi-server environments. In this paper, we propose a novel user authentication and key agreement scheme using smart cards for multi-server environments with much less computational cost and more functionality. The major merits include: (1) users only need to register at the registration centre once and can use permitted services in eligible servers; (2) the scheme does not need a verification table: (3) users can freely choose their passwords; (4) the computation and communication cost is very low; (5) servers and users can authenticate each other; (6) it generates a session key agreed by the user and the server; and (7) it is a nonce-bayed scheme which does not have a serious time-synchronization problem.
274 citations
TL;DR: This study proposes an alternative multi-server authentication scheme using smart cards that is based on the nonce, uses one-way hash function, and does not need to store any verification table in the server and registration center.
210 citations