Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

A Robust and Efficient Three-Factor Authentication and Session Key Agreement Mechanism for SIP

Abstract: Session Initiation Protocol (SIP), which is an IP based telephony protocol, is used mainly for the purpose of starting, sustaining and ending sessions related to multimedia communications on the Internet. The SIP protocol, which works on the top of TCP or UDP, is basically an open text-based protocol. Hence, to ensure security is of utmost importance. The original SIP used HTTP-digest based challenge-response authentication process. However, HTTP digest-based authentication is insecure and pre-existing user configuration on the remote server is needed. Moreover, it provides only one-way message authentication and replay protection, but not the support message integrity and confidentiality. Although, quite a few three factor SIP protocols using password, smartcard and biometric are existing in the literature, however, none of them are robust against known attacks. In this paper, a robust and cost-efficient VoIP based three-factor SIP is proposed based on the computational Diffie-Hellman problem.

Secure Communication Protocol Between a Human and a Bank Server for Preventing Man-in-the-Browser Attacks

Abstract: Man-in-the-Browser (MITB) attacks are caused by malware that infects a web browser; hence, conventional secure communication channels between a machine (bank server) and a machine (web browser) such as SSL cannot prevent the attacks. In this paper, we propose an approach to preventing MITB attacks by constructing secure communication channels between a machine (bank server) and a human (end user). Our approach uses the user as a computational resource and requests the user to process an end side of the channel. Developing a challenge and response protocol that achieves the proposed channel, we conducted a safety evaluation of the protocol. The result shows that the protocol works safely under the assumption that the bank server can send a “challenge that malware in the browser cannot see” to the user. We also show that sending the challenge is feasible by applying CAPTCHA technology.

A Study Effective Zigbee Authentication Protocol in Smart Grid Network

Abstract: Security is critically important for smart grid networks that are usually used for the electric power network and IT environments that are opened to attacks, such as, eavesdropping, replay attacks of abnormal messages, forgery of the messages to name a few. ZigBee has emerged as a strong contender for smart grid networks. ZigBee is used for low data rate and low power wireless network applications. To deploy smart grid networks, the collected information requires protection from an adversary over the network in many cases. The security mechanism should be provided for collecting the information over the network. However, the ZigBee protocol has some security weaknesses. In this paper, these weaknesses are discussed and a method to improve security aspect of the ZigBee protocol is presented along with a comparison of the message complexity of the proposed security protocol with that of the current ZigBee protocol.

A new Authentication and Key Agreement protocol for SIP in IMS

Abstract: IP Multimedia Subsystem (IMS) is widely considered as the main solution for Next Generation Network (NGN). Its signaling plan is based on S IP protocol. However, this protocol is exposed to various security threats. The third Generation Partnership Project (3GPP) proposed an Authentication and Key Agreement protocol called IMS-AKA to address SIP vulnerabilities in IMS network. Although IMS-AKA provides attractive features, several weaknesses were identified both on security (disclosure of identities) and performances (complexity) aspects. In this paper, we propose an improved protocol, called IMS-AKA+ that addresses effectively the obscuring users' identities by using a key-less cryptography. Furthermore, the protocol preserves performances by reducing the computational cost and the storage space due to the use of Elliptic Curve Cryptography (ECC).

An Enhanced Forward Security on JK-RFID Authentication Protocol

Abstract: In 2009, Jeon et al proposed the lightweight strong authentication and strong privacy protocol, where the tag requrires only simple bitwise operations and random number generator. JK-RFID authentication protocol provides strong security: eavesdropping, replay, spoofing, Location tracking, DoS attack and forward security. Nevertheless, this paper points out the vulnerability of the forward security and improve the process of key updating. As a result, proposes an enhanced JK-RFID authentication protocol providing forward security and verify its satisfaction. In addition, a security and an efficiency of the proposed scheme analyze. Since partial adjustments of the key updating operation in JK-RFID authentication protocol, our protocol improve the forward security.