Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

Security Enhanced Authentication and Key Agreement Protocol in Next Generation Mobile Network

Abstract: The 3 Generation Partnership Project(3GPP) standard is developing System Architecture Evolution(SAE) / Long Term Evolution(LTE) for the next generation mobile communication system. In the SAE/LTE architecture, EPS AKA(Evolved Packet System Authentication and Key Agreement) procedure is used to provide mutual authentication between the UE(User Equipment) and the serving network. However the EPS AKA has several vulnerabilities such as disclosure of user identity, man-inmiddle attack, etc. Therefore, this paper analyzes the deficiencies of the EPS AKA, and proposes a Security Enhanced Authentication and Key agreement (SE-EPS AKA) based on Wireless Public Key Infrastructure (WPKI). Then, the new SE-EPS AKA has been proved with the formal verification method, and the proof result shows that the SE-EPS AKA can satisfy the security and efficiency properties in the SAE/LTE architecture.

A Three-Party Password-based Authenticated Key Exchange Protocol for Wireless Communications

Abstract: A three-party password-based authenticated key exchange (3PAKE) protocol is an important cryptographic primitive which allows two entities to establish a session key with the help of a trusted server through an insecure channel. Recently, Farash and Attari (Information Technology and Control 43(2), 143-150, 2014) presented an improved 3PAKE protocol to erase the security flaws found in Tallapally’s 3PAKE protocol (Information Technology and Control 41(1), 15-22, 2012). They claimed that their improved protocol could withstand many security attacks. However, we identified that Farash and Attari’s protocol was still sensitive to the off-line password guessing attack which directly resulted in defencelessness to the impersonation attack. In order to cope with the loopholes of Farash and Attari’s protocol, we proposed a modified 3PAKE protocol without using smart cards for wireless communications. We demonstrate that the proposed protocol can mitigate all the problems of the protocol of Farash and Attari and possess more security properties. In addition, we make a comparison among the proposed protocol and the other related protocols regarding the performance and security properties. DOI: http://dx.doi.org/10.5755/j01.itc.44.4.9729

A novel protocol for indirect authentication in mobile networks based on elliptic curve cryptography

Abstract: Unlimited mobility free of any fundamental communications is presented by Mobile Networks. In such networks, the information access between unacquainted nodes and server is a usual thing that happens frequently. This creates more chance to take the advantage of accessing information illegally by any invalid user node. The threat of apprehensive surroundings, information mishandling, etc is the eventual outcome. The fortification of classified and susceptible data in mobile networks can be done by the vital system, cryptosystem that spots the legitimacy. In such circumstances, the fundamental pre-requisite for better authentication is the performance of authentication by a middle agent, say Authentication server. Hereby, we are proposing a protocol that provides a secure transfer of information between the both unaccustomed parties. The most common public-key cryptographic scheme, elliptic curve cryptography is exploited to devise the protocol. Subsequently, the mobile networks employ the protocol for the authentication of user node. As the protocol utilizes the elliptic curve cryptography, it offers security more than enough with a reasonable key length. Hence the protocol develops an environment in which the user node which is unfamiliar to the Main server can transfer information without any eavesdropping of unauthenticated nodes.

Electrocardiogram-Kerberos authentication scheme for secure services

Abstract: The concern for security increases due to the advances in the falsification technology. Biometrics is the only authentication method which truly identifies an individual when compared to other methods like PINs and passwords. Even though there are numerous biometric approaches, these are not robust. In this paper, we aimed at building a protocol which focuses on Electrocardiogram (ECG) being used as a parameter along with Kerberos version4 authentication protocol, which will allow client and server to mutually authenticate with each other in an insecure network.