Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2

Abstract: This document describes an efficient augmented password-only authentication and key exchange (AugPAKE) protocol where a user remembers a low-entropy password and its verifier is registered in the intended server. In general, the user password is chosen from a small set of dictionary words that allows an attacker to perform exhaustive searches (i.e., off-line dictionary attacks). The AugPAKE protocol described here is secure against passive attacks, active attacks, and off-line dictionary attacks (on the obtained messages with passive/active attacks), and also provides resistance to server compromise (in the context of augmented PAKE security). In addition, this document describes how the AugPAKE protocol is integrated into the Internet Key Exchange Protocol version 2 (IKEv2). This document defines an Experimental Protocol for the Internet community.

Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things

Abstract: To improve the quality of service and reduce the possibility of security attacks, a secure and efficient user authentication mechanism is required for Wireless Sensor Networks (WSNs) and the Internet of Things (IoT). Session key establishment between the sensor node and the user is also required for secure communication. In this paper, we perform the security analysis of A.K.Das’s user authentication scheme (given in 2015), Choi et al.’s scheme (given in 2016), and Park et al.’s scheme (given in 2016). The security analysis shows that their schemes are vulnerable to various attacks like user impersonation attack, sensor node impersonation attack and attacks based on legitimate users. Based on the cryptanalysis of these existing protocols, we propose a secure and efficient authenticated session key establishment protocol which ensures various security features and overcomes the drawbacks of existing protocols. The formal and informal security analysis indicates that the proposed protocol withstands the various security vulnerabilities involved in WSNs. The automated validation using AVISPA and Scyther tool ensures the absence of security attacks in our scheme. The logical verification using the Burrows-Abadi-Needham (BAN) logic confirms the correctness of the proposed protocol. Finally, the comparative analysis based on computational overhead and security features of other existing protocol indicate that the proposed user authentication system is secure and efficient. In future, we intend to implement the proposed protocol in real-world applications of WSNs and IoT.

An Enhanced Three-Party Authentication Key Exchange Protocol for Mobile Commerce Environments

Abstract: Recently, Yang et al. proposed a three-party encrypted key exchange protocol (3PAKE) which is based on Elliptic curve cryptography. Their 3PAKE protocol is efficient because it requires less computation cost and less communication cost, which is well suitable for mobile commerce environments. However, Yang et al.’s 3PAKE protocol is susceptible to parallel attacks and impersonation attacks. We presented an enhancement to resolve such security problems. Detailed analyses show that our proposed protocol is a secure 3PAKE protocol and more efficient.

Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks

Abstract: The use of wireless medical sensor networks (WMSN) in healthcare has led to a significant progress in this area. WMSN can sense patients’ vital signs and transmit sensed signals to health monitoring devices. Health professionals can monitor the status of patients. Confidentiality and patient privacy are the main concern for the WMSN in health care. Recently, He et al. proposed an authentication protocol for the healthcare applications using WMSN. In this paper, we show that He et al.’s scheme is insecure against various attacks. We also present an improved scheme. In the security analysis, we demonstrate that our scheme is secured against various attacks. We use the BAN logic to prove the correctness of the proposed scheme. As a result, the proposed protocol is practical for healthcare applications.