Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

Fully-fledged two-way public key authentication and key agreement for low-cost terminals

Abstract: A new public-key protocol has been developed for key agreement and authentication. This protocol provides security comparable to the well known RSA public-key protocol, but with two orders of magnitude less on-line computation required on one side of the protocol. This advance can make public-key security economical for applications where one side of the interaction is a low-cost customer device, e.g. portable telephones, home banking terminals, or ‘smart cards’.

An improved authentication protocol for session initiation protocol using smart card

Abstract: The session initiation protocol (SIP) is the most widely used signaling protocol for controlling communication on the Internet, establishing, maintaining, and terminating the sessions. To get secure communication, many authentication protocols for SIP have been proposed. Very recently, Zhang et al. proposed a new authenticated key agreement protocol for SIP using smart card. They also show their protocol could withstand various attacks. However, in this paper, we point out that their protocol is vulnerable to the impersonation attack. We also propose an improved protocol to overcome the weakness. Security analysis shows that our protocol could overcome the weaknesses in Zhang et al.’s protocol. Performance analysis shows that the computational cost in the authentication phase of our protocol is about 75 % of Zhang et al.’s protocol.

Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems

Abstract: Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. (J. Med. Syst. 38(10):135, 2014) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography (ECC) to improve Xu et al.'s (J. Med. Syst. 38(1):9994, 2014) protocol. They claimed their improved protocol to be efficient and provides all security requirements. However our analysis reveals that Islam et al.'s protocol suffers from user impersonation and server impersonation attacks. Furthermore we proposed an enhanced protocol. The proposed protocol while delivering all the virtues of Islam et al.'s protocol resists all known attacks.

Authentication employing the bluetooth communication protocol

Abstract: A device and method capable of communicating with a communication network via a Bluetooth communication protocol, wherein the device includes at least one authentication functionality, at least part of at least one of which is operative to communicate authentication information via the Bluetooth communication protocol.

Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems

Abstract: Recently, many authentication protocols have been presented using smartcard for the telecare medicine information system (TMIS). In 2014, Xu et al. put forward a two-factor mutual authentication with key agreement protocol using elliptic curve cryptography (ECC). However, the authors have proved that the protocol is not appropriate for practical use as it has many problems (1) it fails to achieve strong authentication in login and authentication phases; (2) it fails to update the password correctly in the password change phase; (3) it fails to provide the revocation of lost/stolen smartcard; and (4) it fails to protect the strong replay attack. We then devised an anonymous and provably secure two-factor authentication protocol based on ECC. Our protocol is analyzed with the random oracle model and demonstrated to be formally secured against the hardness assumption of computational Diffie-Hellman problem. The performance evaluation demonstrated that our protocol outperforms from the perspective of security, functionality and computation costs over other existing designs.