Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

Cryptanalysis and improvement of an efficient authenticated key exchange protocol with tight security reduction

Abstract: The SMEN protocol, proposed by Wu and Ustaoglu in 2009, has been considered to be secure as the authors claimed, and numerous theories are proposed based on this protocol. This paper analyzes the SMEN protocol and finds that this protocol is not resistant to the session corruption attack and the key compromise impersonation attack. Then, we propose an improved protocol with tight security reduction. Our improved protocol not only avoids the above attacks but also embraces the same efficiency as the SMEN protocol in terms of exponentiation. Besides, formal analysis of the improved protocol is presented by using the formal automatic security analysis tool Scyther. Copyright © 2014 John Wiley & Sons, Ltd.

Towards Public Key Infrastructure less authentication in Session Initiation Protocol

Abstract: The Session Initiation Protocol (SIP) has become the most predominant protocol for Voice over Internet Protocol (VoIP) signaling. Security of SIP is an important consideration for VoIP communication as the traffic is transmitted over the insecure IP network. And the authentication process in SIP ranges from preshared secret based solutions to Public Key Infrastructure (PKI) based solution. However, due to the limitations in PKI based solutions, some PKI less authentications mechanisms are proposed. This paper aims to present an overview of different authentication methods used in or together with SIP. We start by highlighting the security issues in SIP in the context of VoIP communication. Then we illustrate the current activities regarding the SIP authentication mechanisms including the recent developments in the research community and standardization efforts within the Internet Engineering Task Force (IETF). Finally we analyze the security aspects of these approaches.

An Efficient Entity Authentication Protocol with Enhanced Security and Privacy Properties

Abstract: User authentication based on biometrics is getting an increasing attention. However, privacy concerns for biometric data have impeded the adoption of cloud-based services for biometric authentication. This paper proposes an efficient distributed two-factor authentication protocol that is privacy-preserving even in the presence of colluding internal adversaries. One of the authentication factors in our protocol is biometrics, and the other factor can be either knowledge-based or possession-based. The actors involved in our protocol are users, user/client devices with biometric sensors, service provider, and cloud for storing protected biometric templates. Contrary to the existing biometric authentication protocols that offer security only in the honest-but-curious adversarial model, our protocol provides enhanced security and privacy properties in the active (or malicious) adversarial model. Specifically, our protocol offers identity privacy, unlinkability, and user data (i.e., the biometric template data and the second factor) privacy against compromised cloud storage service, and preserves the privacy of the user data even if the cloud storage service colludes with the service provider. Moreover, our protocol only employs lightweight schemes and thus is efficient. The distributed model combined with the security and privacy properties of our protocol paves the way towards a new cloud-based business model for privacy-preserving authentication.