The Experts below are selected from a list of 360 Experts worldwide ranked by ideXlab platform
Ashok Kumar Das - One of the best experts on this subject based on the ideXlab platform.
-
2pakep provably secure and efficient two party authenticated key exchange protocol for Mobile Environment
IEEE Access, 2018Co-Authors: Kisung Park, Youngho Park, Yohan Park, Ashok Kumar DasAbstract:With the increasing use of Mobile devices, a secure communication and key exchange become the significant security issues in Mobile Environments. However, because of open network Environments, Mobile user can be vulnerable to various attacks. Therefore, the numerous authentication and key exchange schemes have been proposed to provide the secure communication and key exchange. Recently, Qi and Chen proposed an efficient two-party authentication key exchange protocol for Mobile Environments in order to overcome the security weaknesses of the previous authentication and key exchange schemes. However, we demonstrate that Qi and Chen’s scheme is vulnerable to various attacks such as impersonation, offline password guessing, password change, and privileged insider attacks. We also show that Qi and Chen’s scheme does not provide anonymity, efficient password change mechanism, and secure mutual authentication. In this paper, to overcome the outlined abovementioned security vulnerabilities, we propose a secure and efficient two-party authentication key exchange protocol, called 2PAKEP, that hides user’s real identity from an adversary using a secret parameter. 2PAKEP also withstands various attacks, guarantees anonymity, and provides efficient password change mechanism and secure mutual authentication. In addition, we prove that 2PAKEP provides the secure mutual authentication using the broadly accepted Burrows–Abadi–Needham logic and the session key security using the formal security analysis under the widely accepted real-or-random model. Moreover, the formal security verification using the popular simulated software tool, Automated Validation of Internet Security Protocols and Applications, on 2PAKEP shows that the replay and man-in-the-middle attacks are protected. In addition, we also analyze the performance and security and functionality properties of 2PAKEP and compare these with the related existing schemes. Overall, 2PAKEP provides better security and functionality features, and also the communication and computational overheads are comparable with the related schemes. Therefore, 2PAKEP is applicable to Mobile Environment efficiently.
-
an anonymous and secure biometric based enterprise digital rights management system for Mobile Environment
Security and Communication Networks, 2015Co-Authors: Ashok Kumar Das, Dheerendra Mishra, Sourav MukhopadhyayAbstract:Internet-based content distribution facilitates an efficient platform to sell the digital content to the remote users. However, the digital content can be easily copied and redistributed over the network, which causes huge loss to the right holders. On the contrary, the digital rights management DRM systems have been introduced in order to regulate authorized content distribution. Enterprise DRM E-DRM system is an application of DRM technology, which aims to prevent illegal access of data in an enterprise. Earlier works on E-DRM do not address anonymity, which may lead to identity theft. Recently, Chang et al. proposed an efficient E-DRM mechanism. Their scheme provides greater efficiency and protects anonymity. Unfortunately, we identify that their scheme does not resist the insider attack and password-guessing attack. In addition, Chang et al.'s scheme has some design flaws in the authorization phase. We then point out the requirements of E-DRM system and present the cryptanalysis of Chang et al.'s scheme. In order to remedy the security weaknesses found in Chang et al.'s scheme, we aim to present a secure and efficient E-DRM scheme. The proposed scheme supports the authorized content key distribution and satisfies the desirable security attributes. Additionally, our scheme offers low communication and computation overheads and user's anonymity as well. Through the rigorous formal and informal security analyses, we show that our scheme is secure against possible known attacks. Furthermore, the simulation results for the formal security analysis using the widely accepted Automated Validation of Internet Security Protocols and Applications tool ensure that our scheme is also secure. Copyright © 2015 John Wiley & Sons, Ltd.
Kisung Park - One of the best experts on this subject based on the ideXlab platform.
-
2pakep provably secure and efficient two party authenticated key exchange protocol for Mobile Environment
IEEE Access, 2018Co-Authors: Kisung Park, Youngho Park, Yohan Park, Ashok Kumar DasAbstract:With the increasing use of Mobile devices, a secure communication and key exchange become the significant security issues in Mobile Environments. However, because of open network Environments, Mobile user can be vulnerable to various attacks. Therefore, the numerous authentication and key exchange schemes have been proposed to provide the secure communication and key exchange. Recently, Qi and Chen proposed an efficient two-party authentication key exchange protocol for Mobile Environments in order to overcome the security weaknesses of the previous authentication and key exchange schemes. However, we demonstrate that Qi and Chen’s scheme is vulnerable to various attacks such as impersonation, offline password guessing, password change, and privileged insider attacks. We also show that Qi and Chen’s scheme does not provide anonymity, efficient password change mechanism, and secure mutual authentication. In this paper, to overcome the outlined abovementioned security vulnerabilities, we propose a secure and efficient two-party authentication key exchange protocol, called 2PAKEP, that hides user’s real identity from an adversary using a secret parameter. 2PAKEP also withstands various attacks, guarantees anonymity, and provides efficient password change mechanism and secure mutual authentication. In addition, we prove that 2PAKEP provides the secure mutual authentication using the broadly accepted Burrows–Abadi–Needham logic and the session key security using the formal security analysis under the widely accepted real-or-random model. Moreover, the formal security verification using the popular simulated software tool, Automated Validation of Internet Security Protocols and Applications, on 2PAKEP shows that the replay and man-in-the-middle attacks are protected. In addition, we also analyze the performance and security and functionality properties of 2PAKEP and compare these with the related existing schemes. Overall, 2PAKEP provides better security and functionality features, and also the communication and computational overheads are comparable with the related schemes. Therefore, 2PAKEP is applicable to Mobile Environment efficiently.
Youngho Park - One of the best experts on this subject based on the ideXlab platform.
-
2pakep provably secure and efficient two party authenticated key exchange protocol for Mobile Environment
IEEE Access, 2018Co-Authors: Kisung Park, Youngho Park, Yohan Park, Ashok Kumar DasAbstract:With the increasing use of Mobile devices, a secure communication and key exchange become the significant security issues in Mobile Environments. However, because of open network Environments, Mobile user can be vulnerable to various attacks. Therefore, the numerous authentication and key exchange schemes have been proposed to provide the secure communication and key exchange. Recently, Qi and Chen proposed an efficient two-party authentication key exchange protocol for Mobile Environments in order to overcome the security weaknesses of the previous authentication and key exchange schemes. However, we demonstrate that Qi and Chen’s scheme is vulnerable to various attacks such as impersonation, offline password guessing, password change, and privileged insider attacks. We also show that Qi and Chen’s scheme does not provide anonymity, efficient password change mechanism, and secure mutual authentication. In this paper, to overcome the outlined abovementioned security vulnerabilities, we propose a secure and efficient two-party authentication key exchange protocol, called 2PAKEP, that hides user’s real identity from an adversary using a secret parameter. 2PAKEP also withstands various attacks, guarantees anonymity, and provides efficient password change mechanism and secure mutual authentication. In addition, we prove that 2PAKEP provides the secure mutual authentication using the broadly accepted Burrows–Abadi–Needham logic and the session key security using the formal security analysis under the widely accepted real-or-random model. Moreover, the formal security verification using the popular simulated software tool, Automated Validation of Internet Security Protocols and Applications, on 2PAKEP shows that the replay and man-in-the-middle attacks are protected. In addition, we also analyze the performance and security and functionality properties of 2PAKEP and compare these with the related existing schemes. Overall, 2PAKEP provides better security and functionality features, and also the communication and computational overheads are comparable with the related schemes. Therefore, 2PAKEP is applicable to Mobile Environment efficiently.
Yohan Park - One of the best experts on this subject based on the ideXlab platform.
-
2pakep provably secure and efficient two party authenticated key exchange protocol for Mobile Environment
IEEE Access, 2018Co-Authors: Kisung Park, Youngho Park, Yohan Park, Ashok Kumar DasAbstract:With the increasing use of Mobile devices, a secure communication and key exchange become the significant security issues in Mobile Environments. However, because of open network Environments, Mobile user can be vulnerable to various attacks. Therefore, the numerous authentication and key exchange schemes have been proposed to provide the secure communication and key exchange. Recently, Qi and Chen proposed an efficient two-party authentication key exchange protocol for Mobile Environments in order to overcome the security weaknesses of the previous authentication and key exchange schemes. However, we demonstrate that Qi and Chen’s scheme is vulnerable to various attacks such as impersonation, offline password guessing, password change, and privileged insider attacks. We also show that Qi and Chen’s scheme does not provide anonymity, efficient password change mechanism, and secure mutual authentication. In this paper, to overcome the outlined abovementioned security vulnerabilities, we propose a secure and efficient two-party authentication key exchange protocol, called 2PAKEP, that hides user’s real identity from an adversary using a secret parameter. 2PAKEP also withstands various attacks, guarantees anonymity, and provides efficient password change mechanism and secure mutual authentication. In addition, we prove that 2PAKEP provides the secure mutual authentication using the broadly accepted Burrows–Abadi–Needham logic and the session key security using the formal security analysis under the widely accepted real-or-random model. Moreover, the formal security verification using the popular simulated software tool, Automated Validation of Internet Security Protocols and Applications, on 2PAKEP shows that the replay and man-in-the-middle attacks are protected. In addition, we also analyze the performance and security and functionality properties of 2PAKEP and compare these with the related existing schemes. Overall, 2PAKEP provides better security and functionality features, and also the communication and computational overheads are comparable with the related schemes. Therefore, 2PAKEP is applicable to Mobile Environment efficiently.
Mirosław Kurkowski - One of the best experts on this subject based on the ideXlab platform.
-
Multifactor Authentication Protocol in a Mobile Environment
IEEE Access, 2019Co-Authors: Bartłomiejczyk Maciej, El Fray Imed, Mirosław KurkowskiAbstract:The implementation of services that process confidential data in a Mobile Environment requires an adequate level of security with the strictest possible mechanisms of information protection. The dominance of Mobile devices as client applications of distributed systems has led to the development of new techniques that combine traditional methods of protection with protocols leveraging the potential of numerous interfaces available from a smartphone. For this reason, an upward trend in the use of biometrics-based methods and dynamically generated OTP secrets can be observed. Mobile devices are increasingly used in complex business processes that require strong user authentication methods, which, according to the European Commission (Regulation), must use at least two authentication factors belonging to different categories. Therefore, on the basis of the analysis of the solutions presented so far, a distributed protocol has been proposed. It enables user authentication using three authentication factors: possession, knowledge, and inherence. The described authentication scheme refers to the possibility of carrying out the process in the Mobile Environment of the Android platform with guaranteed authentication support.
