Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

Security protocol design via authentication tests

Abstract: We describe a protocol design process, and illustrate its use by creating ATSPECT, an authentication test-based secure protocol for electronic commerce transactions. The design process is organized around the authentication tests, a method for protocol verification based on the strand space theory. The authentication tests dictate how randomly generated values such as nonces may be combined with encryption to achieve authentication and freshness. ATSPECT offers functionality and security guarantees akin to the purchase request, payment authorization, and payment capture phases of SET, the secure electronic transaction standard created by the major credit card firms.

Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment

Abstract: With the increasing popularity and demand for various applications, the internet user accesses remote server by performing remote user authentication protocol using smart card over the insecure channel. In order to resist insider attack, most of the users remember a set of identity and password for accessing different application servers. Therefore, remembering set of identity and password is an extra overhead to the user. To avoid the mentioned shortcoming, many remote user authentication and key agreement protocols for multi-server architecture have been proposed in the literature. Recently, Hsieh---Leu proposed an improve protocol of Liao et al. scheme and claimed that the improve protocol is applicable for practical implementation. However, through careful analysis, we found that Hsieh---Leu scheme is still vulnerable to user anonymity, password guessing attack, server masquerading attack and the password change phase is inefficient. Therefore, the main aim of this paper was to design a bilinear pairing based three factors remote user authentication scheme using smart card for providing security weaknesses free protocol. In order to validate security proof of the proposed protocol, this paper uses BAN logic which ensures that the same protocol achieves mutual authentication and session key agreement property securely. Furthermore, this paper also informally illustrates that the proposed protocol is well protected against all the relevant security attacks. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed protocol achieves complete security requirements with comparatively lesser complexities.

Two-factor mutual authentication with key agreement in wireless sensor networks

Abstract: Wireless sensor networks WSNs are getting popular for their deployment in unattended environments, where a registered user can log in to the network and access data collected from the desired sensor. Because of limited resources and computation power in sensor nodes, an authentication protocol should be simple and efficient. M.L. Das proposed a two-factor authentication scheme for WSNs. Because his scheme uses only one-way hash function and XOR operation, it is well suited for resource-constrained environments. Because of some flaws in Das's scheme, several improved schemes have been introduced. In this paper, we show that Das's scheme and its derivatives not only have security imperfections but also do not provide key agreement. To overcome their security shortcomings, we propose a novel user authentication scheme with key agreement for WSN. We furnish security analysis of the proposed protocol to show its robustness to various attacks as well as analyze its performance to determine its efficiency. We provide protocol analysis and verification of the proposed protocol. Compared with the existing schemes, it is more robust and offers better security. Copyright © 2012 John Wiley & Sons, Ltd.

A Hash Based Mutual RFID Tag Authentication Protocol in Telecare Medicine Information System

Abstract: Radio Frequency Identification (RFID) is a technology which has multidimensional applications to reduce the complexity of today life. Everywhere, like access control, transportation, real-time inventory, asset management and automated payment systems etc., RFID has its enormous use. Recently, this technology is opening its wings in healthcare environments, where potential applications include patient monitoring, object traceability and drug administration systems etc. In this paper, we propose a secure RFID-based protocol for the medical sector. This protocol is based on hash operation with synchronized secret. The protocol is safe against active and passive attacks such as forgery, traceability, replay and de-synchronization attack.

A secure ECC-based RFID mutual authentication protocol for internet of things

Abstract: Progression of the internet technologies has led to the emergence of internet of things (IoT). One of the familiar deployment of IoT is through radio-frequency identification (RFID) technology. In recent times, RFID based systems are one of the most widely spread applications for tagging and keep tracking purposes in IoT deployment. This is due to their powerful features compared to their counterparts of similar techniques such as barcodes. In contrast, radio-frequency identification systems suffer from various attacks and security threats. The wireless channel used for communication is responsible for the majority of these vulnerabilities. In this paper, we propose a new radio-frequency identification authentication protocol based on elliptic curve cryptography (ECC) to eliminate these vulnerabilities. In addition, we use elliptic curve Diffie–Hellman (ECDH) key agreement protocol to generate a temporary shared key used to encrypt the later transmitted messages. Our protocol achieves a set of security properties likes mutual authentication, anonymity, confidentiality, forward security, location privacy, resistance of man-in-the-middle attack, resistance of replay attack and resistance of impersonation attack. We implement our proposed protocol in real RFID system using Omnikey smartcard reader (Omnikey 5421) and NXP Java smartcards (J3A040). Implementation results shows that our proposed protocol outperform in term of time complexity as compared to other similar protocols and requires less number of operations.