Journal ArticleDOI
An Anonymous and Efficient Multiserver Authenticated Key Agreement With Offline Registration Centre
Azeem Irshad,Shehzad Ashraf Chaudhry,Muhammad Sher,Bander A. Alzahrani,Saru Kumari,Xiong Li,Fan Wu +6 more
Reads0
Chats0
TLDR
This paper presents an anonymous MSA protocol that nearly counters all those problems using elliptic curve cryptography and escaping costly pairing operations and demonstrates the scheme's robustness using formal security analysis employing random oracle model and automated tool analysis.Abstract:
Multiserver authentication (MSA) architecture permits its registered users to get the services of various service providers without performing separate registrations with each server. Since, a single registration from registration authority, a trusted third party, is sufficient to get mutually authenticated with service providers, onwards. In this paper, we have emphasized only on the MSA-based schemes that do not require online registration authority for mutual authentication. While, considering those MSA schemes, to date, there is no secure and efficient MSA protocol in our observation that is free of all four limitations at the same time, such as 1) free of the hassle of storage of server-based parameters in users’ smart card by registration authority, 2) free of the transmission of user-based identities to all servers in a network, 3) free of a single secret key distribution to all servers as assumed in a trusted system, and 4) free from employing costly bilinear pairing operations. In view of those shortcomings, we present an anonymous MSA protocol that nearly counters all those problems using elliptic curve cryptography and escaping costly pairing operations. Our scheme also demonstrates the scheme's robustness using formal security analysis employing random oracle model and automated tool analysis.read more
Citations
More filters
Journal ArticleDOI
Understanding security failures of multi-factor authentication schemes for multi-server environments
TL;DR: This paper revisits five leading two-factor authentication schemes for multi-server environments and invalidates any use of these five schemes for practical applications without further improvement, and underscores some new challenges in designing sound multi-factor schemes forMulti- server environments.
Journal ArticleDOI
A Privacy-Aware PUFs-Based Multiserver Authentication Protocol in Cloud-Edge IoT Systems Using Blockchain
TL;DR: A privacy-aware authentication protocol for the multiserver CE-IoT systems by combining PUFs and the blockchain technique is proposed, formally proved by a random oracle model and security features are discussed to show that the protocol resists various attacks.
Proceedings ArticleDOI
Defining trust in IoT environments via distributed remote attestation using blockchain
TL;DR: The blockchain offers a secure framework for device registration while the attestation is based on Physical Unclonable Functions (PUF), which results in a tamper resistant scheme with protection against physical and proxy attacks.
Journal ArticleDOI
Understanding security failures of anonymous authentication schemes for cloud environments
TL;DR: This work investigates three anonymous multi-factor authentication schemes based on passwords for cloud environments, and shows that none of these three protocols can achieve their security goals.
Journal ArticleDOI
A Secure and Efficient Multiserver Authentication and Key Agreement Protocol for Internet of Vehicles
TL;DR: In this article , an improved multiserver-based authentication and key agreement protocol for Internet of Vehicles (SeMAV) is proposed, which applies the password and smart card to hide the private keys.
References
More filters
Proceedings ArticleDOI
Random oracles are practical: a paradigm for designing efficient protocols
Mihir Bellare,Phillip Rogaway +1 more
TL;DR: It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.
Journal ArticleDOI
Password authentication with insecure communication
TL;DR: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system.
Journal ArticleDOI
Biohashing: two factor authentication featuring fingerprint data and tokenised random number
TL;DR: This paper proposed a novel two factor authenticator based on iterated inner products between tokenised pseudo-random number and the user specific fingerprint feature, which generated from the integrated wavelet and Fourier–Mellin transform, and hence produce a set of user specific compact code that coined as BioHashing.
Proceedings ArticleDOI
Reasoning about belief in cryptographic protocols
TL;DR: A mechanism is presented for reasoning about belief as a systematic way to understand the working of cryptographic protocols and places a strong emphasis on the separation between the content and the meaning of messages.
Journal ArticleDOI
A secure dynamic ID based remote user authentication scheme for multi-server environment
Yi-Pin Liao,Shuenn-Shyang Wang +1 more
TL;DR: The proposed scheme only uses hashing functions to implement a robust authentication scheme for the multi-server environment and provides a secure method to update password without the help of third trusted party.