Topic
Otway–Rees protocol
About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.
Papers published on a yearly basis
Papers
More filters
01 Jun 2012
TL;DR: This document describes an efficient augmented password-only authentication and key exchange protocol where a user remembers a low-entropy password and its verifier is registered in the intended server and it provides resistance to server compromise.
Abstract: This document describes an efficient augmented password-only
authentication and key exchange (AugPAKE) protocol where a user
remembers a low-entropy password and its verifier is registered in the
intended server. In general, the user password is chosen from a small
set of dictionary words that allows an attacker to perform exhaustive
searches (i.e., off-line dictionary attacks). The AugPAKE protocol
described here is secure against passive attacks, active attacks, and
off-line dictionary attacks (on the obtained messages with
passive/active attacks), and also provides resistance to server
compromise (in the context of augmented PAKE security). In addition,
this document describes how the AugPAKE protocol is integrated into
the Internet Key Exchange Protocol version 2 (IKEv2). This document
defines an Experimental Protocol for the Internet community.
33 citations
••
TL;DR: A novel lightweight key agreement and authentication protocol has been proposed for end-to-end security in wireless sensor networks and a performance comparison is made with the existing IKEv2 protocol.
32 citations
••
TL;DR: This paper proposes a secure and efficient authenticated session key establishment protocol which ensures various security features and overcomes the drawbacks of existing protocols and intends to implement the proposed protocol in real-world applications of WSNs and IoT.
Abstract: To improve the quality of service and reduce the possibility of security attacks, a secure and efficient user authentication mechanism is required for Wireless Sensor Networks (WSNs) and the Internet of Things (IoT). Session key establishment between the sensor node and the user is also required for secure communication. In this paper, we perform the security analysis of A.K.Das’s user authentication scheme (given in 2015), Choi et al.’s scheme (given in 2016), and Park et al.’s scheme (given in 2016). The security analysis shows that their schemes are vulnerable to various attacks like user impersonation attack, sensor node impersonation attack and attacks based on legitimate users. Based on the cryptanalysis of these existing protocols, we propose a secure and efficient authenticated session key establishment protocol which ensures various security features and overcomes the drawbacks of existing protocols. The formal and informal security analysis indicates that the proposed protocol withstands the various security vulnerabilities involved in WSNs. The automated validation using AVISPA and Scyther tool ensures the absence of security attacks in our scheme. The logical verification using the Burrows-Abadi-Needham (BAN) logic confirms the correctness of the proposed protocol. Finally, the comparative analysis based on computational overhead and security features of other existing protocol indicate that the proposed user authentication system is secure and efficient. In future, we intend to implement the proposed protocol in real-world applications of WSNs and IoT.
32 citations
••
TL;DR: An enhancement to resolve security problems of 3PAKE protocol, which is susceptible to parallel attacks and impersonation attacks and well suitable for mobile commerce environments.
Abstract: Recently, Yang et al. proposed a three-party encrypted key exchange protocol (3PAKE) which is based on Elliptic curve cryptography. Their 3PAKE protocol is efficient because it requires less computation cost and less communication cost, which is well suitable for mobile commerce environments. However, Yang et al.’s 3PAKE protocol is susceptible to parallel attacks and impersonation attacks. We presented an enhancement to resolve such security problems. Detailed analyses show that our proposed protocol is a secure 3PAKE protocol and more efficient.
32 citations
••
TL;DR: This paper shows that He et al.
Abstract: The use of wireless medical sensor networks (WMSN) in healthcare has led to a significant progress in this area. WMSN can sense patients’ vital signs and transmit sensed signals to health monitoring devices. Health professionals can monitor the status of patients. Confidentiality and patient privacy are the main concern for the WMSN in health care. Recently, He et al. proposed an authentication protocol for the healthcare applications using WMSN. In this paper, we show that He et al.’s scheme is insecure against various attacks. We also present an improved scheme. In the security analysis, we demonstrate that our scheme is secured against various attacks. We use the BAN logic to prove the correctness of the proposed scheme. As a result, the proposed protocol is practical for healthcare applications.
32 citations