Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

A Pairing-free ID-based Key Agreement Protocol with Different PKGs

Abstract: This paper proposes an identity based key agreement protocol based on elliptic curve cryptography (ECC) between users of different networks with independent private key generations (PKGs). Instead of bilinear pairings which commonly used for contracting identity based schemes, the proposed protocol makes use of elliptic curves to obtain more computational efficiency. The proposed protocol develops Cao et al’s protocol for situations that two users of independent organizations or networks with separate servers (that in this article, are named PKGs, based on their main duty, generating private keys for the users) want to share a secret key via an insecure link. The main novelty of this paper is security proof of the proposed protocol in the random oracle model. The security proof argues the security attributes of the proposed protocol.

A new lightweight authentication and key agreement protocol for Internet of Things

Abstract: Internet of Things (IoT) is a network of objects which enables them to collect vital information. As a result, privacy and anonymity in IoT are the most important issues. So far, many protocols have been proposed to provide authentication mechanism in IoT networks. Recently, Amin et al proposed a three-factor authenticated protocol for IoT networks that is claimed to be secure. In this paper, we challenge this claim and show that this protocol is vulnerable against the replay attack and DoS attack. Moreover, inspired by this protocol, we propose a secure authenticated key exchange protocol with the same assumptions. Our analysis shows that our proposed protocol is more efficient than Amin et al protocol.

Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card

Abstract: Three-party authenticated key exchange protocol (3PAKE) is used to provide security protection on the transmitted data over the insecure communication by performing session key agreement between the entities involved. Comparing with the 2PAKE protocol, 3PAKE protocol is more suitable for managing unrestricted number of users. Recently, several researchers have proposed many 3PAKE protocols using smart card. However, we have scrutinized carefully recently published Yang et al.’s protocol, and it has been observed that the same protocol suffers from several security weaknesses such as insider attack, off-line password guessing attack, many logged-in users’ attack and replay attack. Moreover, we have justified a serious security issue of the password change phase of the same scheme. In order to fix the above-mentioned shortcomings, this paper proposes an efficient 3PAKE protocol using smart card based on the cryptographic one-way hash function. The formal security analysis proves that proposed protocol provides strong security protection on the relevant security attacks including the above-mentioned security weaknesses. Moreover, the simulation results of the proposed scheme using AVISPA tool show that the same protocol is SAFE under OFMC and CL-AtSe models. The performance comparisons are also made, which ensure that the protocol is relatively better than the existing related schemes. To the best of our knowledge, the proposed scheme should be implemented in practical application, as it provides well security protection on the relevant security attacks, provides relatively better complexities than the existing schemes, achieves proper mutual authentication along with user-friendly password change phase.

An efficient two‐party authentication key exchange protocol for mobile environment

Abstract: Summary The primary goal of this research is to ensure secure communications by client-server architectures in mobile environment Although various two-party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols What's more, many two-party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem Fortunately, the three-way challenged-response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users

An ECDLP-Based Randomized Key RFID Authentication Protocol

Abstract: With the expansion of RFID technology application in diverse fields, the security problems attract more and more attention. In the RFID Security authentication protocols used public-key cryptography, the authentication protocol based on the ECDLP (Elliptic Curve Discrete Logarithm Problem) can solve the clone and reply attacks very well, but there are more or less problems in resisting tracking attacks. In this paper, we present a 'Randomized Key' proposal based on ECDLP and improve EC-RAC (Elliptic Curve Based Randomized Access Control) protocol and Schnorr protocol respectively. Our security analysis shows that the proposed improved protocols can resist tracking attack effectively.