Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

An enhanced multi-server authentication protocol using password and smart-card: cryptanalysis and design

Abstract: At the present time, application of online communication systems are rapidly increasing and most of the clients depend on a set of servers to fulfill their daily needs In order to access these servers, a client user needs to register to each server with different login credentials To circumvent this situation, the concept of multi-server authentication has been adopted, where a user can access all the servers using a single login credential In this paper, a two-factor multi-server authentication protocol, which is proposed by Leu and Hsieh, is analyzed and observed that the forgery attack and the off-line password-guessing attack can be made on it Further, the off-line password-guessing attack and other security threats are found in similar kind of multi-server authentication protocol, which is designed by Li et al This paper mainly focuses on enhancing the securities of the previously mentioned protocols and thus proposed a new protocol We have employed formal and informal security analysis to analyze the proposed protocol The performance of our protocol is also compared with the related protocols It can also be noted that the designed protocol accomplishes mutual authentication, session key verification, and identity and password change phases Copyright © 2016 John Wiley & Sons, Ltd

Role based specification and security analysis of cryptographic protocols using asynchronous product automata

Abstract: Cryptographic protocols are formally specified as a system of protocol agents using asynchronous product automata (APA). APA are a universal and very flexible operational description concept for communicating automata. Their specification, analysis and verification is supported by the SH-verification tool (SHVT). The local state of each agent is structured in several components describing its knowledge of keys, its "view" of the protocol and the goals to be reached within the protocol. Communication is modeled by adding messages to and removing them from a shared state component network. Cryptography is modeled by symbolic functions with certain properties. In addition to the regular protocol agents an intruder is specified, which has no access to the agents' local states but to the network. The intruder may intercept messages and create new ones based on his initial knowledge and on what he can extract from intercepted messages. Violations of the security goals can be found by state space analysis performed by the SHVT. The method is demonstrated using the symmetric Needham-Schroeder protocol, and an attack is presented that does not involve compromised session keys. Our approach defers from others in that protocol specifications do not use implicit assumptions, thus protocol security does not depend on whether some implicit assumptions made are reasonable for a particular environment. Therefore, our protocol specifications explicitly provide relevant information for secure implementations.

A chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card

Abstract: Authenticated key agreement protocols play an important role for network-connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single-server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi-server authentication protocol becomes a practical research topic. In this study, a novel chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well-known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd.

Provably secure biometric based authentication and key agreement protocol for wireless sensor networks

Abstract: Wireless sensor networks (WSNs) comprise of distributed sensors. The collected information available at the sensor is provided to the users who are permitted to get access. The information is transmitted in internet of things (IOT) environment, which can be eavesdrop. Thus, it is essential to ensure that only authorized shareholders can access the transmitted information. Authentication and key agreement protocols are developed to ensure confidentiality and security in IOT. We design a biometric based authentication and key agreement protocol for WSNs. To analyze the security of the proposed protocol, we use formal security proof, which shows that an attacker has a negligible probability of breaking the protocol security. We also use the BAN logic technique to show the correctness of mutual authentication. Additionally, we adopt an informal analysis to discuss the resistance of proposed scheme against various possible attacks on authentication protocols. Additionally, through the comparison of computational efficiency and security attributes with recent results, proposed protocol seems to be more appropriate for WSNs.