The Experts below are selected from a list of 13683 Experts worldwide ranked by ideXlab platform
Saru Kumari - One of the best experts on this subject based on the ideXlab platform.
-
An anonymous authenticated key-agreement scheme for multi-Server infrastructure
Human-centric Computing and Information Sciences, 2020Co-Authors: Muhammad Arslan Akram, Saru Kumari, Zahid Ghaffar, Khalid Mahmood, Kadambri Agarwal, Chien-ming ChenAbstract:Due to single-time registration, the multi-Server Authentication provides benefit for getting services from different Servers through trusted agent. Generally, users feel hesitation for registering themselves individually with all service providers due to the problem of memorizing the multiple passwords. The multi-Server Authentication allows a quick access to services by real-time customer validation on public channel. Thereafter, hundreds of multi-Server Authentication protocols have been introduced. However, the more efficient and robust Authentication schemes are being explored by the research academia. We introduce an anonymous scheme that resists the major security threats like impersonation attack, insider attack and password modification attacks in viable computing cost. We use random oracle model for formal security analysis of the proposed scheme. The performance analysis shows that the proposed scheme incurs less computation, energy, communication and storage cost as compared to related protocols. This analysis and comparison show that our proposed scheme is quite effective for the purpose of anonymous Authentication and key agreement.
-
An Improved Biometric Multi-Server Authentication Scheme for Chang et al.'s Protocol
Information Technology And Control, 2019Co-Authors: Azeem Irshad, Shehzad Ashraf, Muhammad Shafiq, Muhammad Usman, Muhammad Asif, Saru KumariAbstract:The remote Authentication has been advancing with the growth of online services being offered on remotely basis. This calls for an optimal Authentication framework other than single-Server Authentication. In this connection, the multi-Server Authentication architecture has been introduced in the literature that enables the users to avail variety of services of various Servers, using a single pair of identity and password. Lately, we have witnessed a few multi-Server Authentication schemes in the literature, although security with loopholes. One of those multi-Server Authentication schemes has been presented by Chang et al. recently. Our analysis shows that the Chang et al. is vulnerable to impersonation attack, stolen smart card attack. In this study, we have reviewed the protocol thoroughly, and proposed an improved model, that is resistant to all known and identified attacks. The formal and informal security analysis for proposed model is also presented in this study, besides performance and its evaluation analysis.
-
An efficient and secure design of multi-Server authenticated key agreement protocol
The Journal of Supercomputing, 2018Co-Authors: Azeem Irshad, Shehzad Ashraf Chaudhry, Saru Kumari, Husnain Naqvi, Shouket Raheem, Ambrina Kanwal, Muhammad UsmanAbstract:Multi-Server Authentication, being a crucial component of remote communication, provides the ease of one-time registration to users from a centralized registration authority. Therefore, the users could avail the offered services after getting authenticated of any service provider using the same registration credentials. In recent years, many multi-Server Authentication protocols have been demonstrated. Nonetheless, the existing schemes do not meet the security and efficiency requirements of the time. Recently, Chuang et al. presented a multi-Server biometric Authentication protocol which was later crypt-analysed and improved by Lin et al. with the identification of few attacks. Later, we discover that Lin et al.’s protocol is still prone to replay attack, privileged insider attack, trace attack, de-synchronization attack and key-compromise impersonation attacks. In this study, we present a multi-Server Authentication protocol which is not only comparable with Lin et al.’s scheme but also efficient than other state-of-the-art multi-Server protocols. The security properties of our scheme are proved using formal analysis and evaluated with automated verification tool based on ProVerif.
-
An Improved and Secure Chaotic-Map Based Multi-Server Authentication Protocol Based on Lu et al. and Tsai and Lo’s Scheme
Wireless Personal Communications, 2017Co-Authors: Azeem Irshad, Qi Xie, Bander A. Alzahrani, Muhammad Usman Ashraf, Muhammad Sher, Fan Wu, Saru KumariAbstract:The simple password based Authentication techniques have been evolving into more secure and advanced protocols, capable of countering the advanced breed of threats. Following this development, the multi-Server Authentication (MSA), lets subscribers the provision of services from various service providers out of a single registration performed initially. The user seeks to register from registration centre first, and could avail a range of services onwards. The research efforts on MSA based framework, for making it lightweight and security resilient, has been going on a reasonable pace. However, yet we have not come up with a framework that can be relied upon for deployment in an access network bearing nodes that demand low computational cost. Recently, in this regard, Tsai and Lo presented a chaotic map-based multi-Server Authentication protocol. However, the Tsai and Lo scheme is found vulnerable to key-compromise impersonation attack, Bergamo et al. and password guessing attack by Lu et al. In return, Lu et al. presented a model countering the flaws of Tsai and Lo scheme. We review both schemes and found that Tsai et al. is still vulnerable to more threats, and at the same time, we demonstrate that Lu et al. is also vulnerable to RC-spoofing attack, replay attack, anonymity failure and bears some technical flaws. In this paper, we propose a secure and efficient scheme improved upon Tsai et al. protocol. Besides, this study work presents the formal security analysis using BAN logic and performance efficiency has also been evaluated against contemporary protocols.
-
An improved and secure chaotic map based authenticated key agreement in multi-Server architecture
Multimedia Tools and Applications, 2017Co-Authors: Azeem Irshad, Qi Xie, Shehzad Ashraf Chaudhry, Muhammad Sher, Saru Kumari, Fan WuAbstract:Multi-Server Authentication (MSA) provides the user an efficient way to avail multiple services of various multimedia service providers, once after getting registered from a registration centre. Previously, a user had to register all Servers individually to use their respective service; which proves to be a redundant and inefficient procedure in comparison with MSA. Many MSA-based techniques have been put forward by researchers, so far, however with proven pitfalls. In the last few years, the focus has been shifted towards a more flexible and efficient Chebyshev cryptographic technique. In this regard, recently Tan’s scheme presented a chaotic map based multi-Server Authentication scheme with a focus on login scalability. Nonetheless, Tan’s scheme has been found vulnerable to insider (impersonation attack) and stolen smart card attacks. Besides, the Tan’s scheme fails to differentiate the login requests between the two presented cases. The current study work is based on improving the Tan’s technique in terms of security in almost an equivalent cost. The security for proposed work is evaluated in the performance evaluation section, while it shows that the security is provable under formal security model, as well as using BAN Logic.
Ashok Kumar Das - One of the best experts on this subject based on the ideXlab platform.
-
A new two-Server Authentication and key agreement protocol for accessing secure cloud services
Computer Networks, 2018Co-Authors: Durbadal Chattaraj, Monalisa Sarma, Ashok Kumar DasAbstract:Emerging Cloud computing paradigm came up with the on-demand ubiquitous service sharing facility via the Internet. In this synergy, the cloud service providers provide various services, namely, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) to their clients. In such a provision, both the end parties demand proper auditing so that the resources can be legitimately utilized, and meanwhile the privacy is also preserved. In order to achieve this goal, there is a need for designing an efficient and robust Authentication mechanism. Though other existing Authentication protocols, such as Kerberos, Open Authorization (OAuth) and OpenID are proposed in the literature, they are vulnerable to various security threats such as replay, online dictionary, offline dictionary, stolen-verifier, impersonation, denial-of-service, privileged-insider and man-in-the-middle attacks. In this paper, we aim to propose an Authentication protocol which overcomes these security loopholes in the existing protocols. In the proposed protocol, a new dynamic password-based two-Server Authentication and key exchange mechanism is proposed with the help of both public and private key cryptography. Moreover, to achieve strong user anonymity property, a new multi-factor Authentication scheme with identity preservation has been also introduced. The security analysis using both the formal security using the broadly-accepted Real-Or-Random (ROR) model and the informal security show that the proposed protocol protects several well-known attacks. In addition, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) ensures that the scheme is resilient against replay as well as man-in-the-middle attacks. Finally, the performance study contemplates that the overheads incurred in the protocol is reasonable and comparable to that of other existing state-of-art Authentication protocols. High security along with comparable overheads make the proposed protocol to be robust and practical for a secure access to the cloud services.
-
Design of a provably secure biometrics-based multi-cloud-Server Authentication scheme
Future Generation Computer Systems, 2017Co-Authors: Saru Kumari, Ashok Kumar Das, Fan Wu, Kim-kwang Raymond Choo, Xiong Li, Jian ShenAbstract:Big Data and Cloud of Things (CoT) are two inter-related research trends in our data-driven society, and one research challenge is to design efficient security solution that enables access to resources, services and data out-sourced to the cloud without compromising the user's privacy. A viable solution is user Authentication set-up for multi-cloud-Server designed to function as an expert system permitting its users to obtain the desired services and resources (e.g. accessing data stored in a cloud storage account) from a cloud-Server up on registration with a registration authority. Biometrics is a widely used Authentication mechanism (e.g. in biometric passport); thus, in this paper, we devise a biometrics-based Authentication scheme for multi-cloud-Server environment deployment. To improve the accuracy of biometric pattern matching, we make use of bio-hashing. We then analyse the performance and efficiency of our scheme to demonstrate its utility.
-
Design of a secure smart card-based multi-Server Authentication scheme
Journal of Information Security and Applications, 2016Co-Authors: Ankita Chaturvedi, Dheerendra Mishra, Ashok Kumar Das, Sourav MukhopadhyayAbstract:Traditional two party client Server Authentication protocol may not provide a scalable solution for present network environments where personal and ubiquitous computing technologies are involved as it is now becoming multi-Server based. To achieve efficient authorized communication, multi-Server based Authentication protocols have been designed. The key feature of multi-Server based protocols is one time registration. We study the existing multi-Server based Authentication protocols, and identify that many of the multi-Server based Authentication protocols involve control Server in mutual Authentication or trusted Server environment is required. The involvement of central authority in mutual Authentication may be a bottleneck for large network, and the Servers may be semi-trusted. To erase these drawbacks, Wei etźal. recently proposed a multi-Server based Authentication protocol. Their protocol does not require all Servers to be trusted and involvement of control Server in mutual Authentication. Unfortunately, we identify the security vulnerability of Wei etźal.'s scheme to insider attack and password guessing attack. Additionally, lack of pre-smart card Authentication leads to denial of service attack. To enhance the security of Wei etźal.'s protocol, we propose a secure biometric-based Authentication scheme for multi-Server environment using smart card. We simulate the proposed protocol for the formal security verification using the widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against active and passive attacks. In addition, we prove that our proposed scheme provides mutual Authentication using the widely-accepted Burrows-Abadi-Needham (BAN) logic and is also secured against various well known attacks. In addition, our scheme is efficient in terms of computational and communication overheads as compared to Wei etźal.'s scheme and other existing related schemes.
-
A Secure Biometrics-Based Multi-Server Authentication Protocol using Smart Cards
IEEE Transactions on Information Forensics and Security, 2015Co-Authors: Vanga Odelu, Ashok Kumar Das, Adrijit GoswamiAbstract:— Recently, in 2014, He and Wang proposed a robust and efficient multi-Server Authentication scheme using biometrics-based smart card and elliptic curve cryptogra-phy (ECC). In this paper, we first analyze He–Wang's scheme and show that their scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user's anonymity. Furthermore, He–Wang's scheme cannot provide the user revocation facility when the smart card is lost/stolen or user's Authentication parameter is revealed. Apart from these, He–Wang's scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase. We then propose a new secure multi-Server Authentication protocol using biometric-based smart card and ECC with more security functionalities. Using the Burrows–Abadi–Needham logic, we show that our scheme provides secure Authentication. In addition, we simulate our scheme for the formal security verification using the widely accepted and used automated validation of Internet security protocols and applications tool, and show that our scheme is secure against passive and active attacks. Our scheme provides high security along with low communication cost, computational cost, and variety of security features. As a result, our scheme is very suitable for battery-limited mobile devices as compared with He–Wang's scheme.
An Braeken - One of the best experts on this subject based on the ideXlab platform.
-
Public key versus symmetric key cryptography in client–Server Authentication protocols
International Journal of Information Security, 2021Co-Authors: An BraekenAbstract:Every month, several new protocols are popping up, comparing themselves with a few others and claiming to outperform the whole state of the art. The most popular domain of protocols is the one for Authentication in a client–Server architecture for which both symmetric key- and public key-based protocols are being proposed. The usage of public key-based mechanisms has several consequences, not only with respect to an increased computational and communication cost, but also with respect to increased possibilities to strengthen the protocol by making it resistant against a semi-trusted third party. On the other hand, we also recall that symmetric key-based protocols can already offer a nice set of security features. We see a trend in the current generation of papers published on public key-based client–Server Authentication protocols, showing that only a very limited amount of them really exploit the power that public key cryptography can offer with respect to this privacy towards a semi-trusted third party, and most of them do not even satisfy the same security features able to be also realised by a much more efficient symmetric key-based protocol. This paper serves as a warm wake-up call to all protocol designers to rethink the usage of more heavyweight constructions compared to symmetric key-based mechanisms in order to ensure that if they are used, they also fully exploit their inherent strength.
-
public key versus symmetric key cryptography in client Server Authentication protocols
International Journal of Information Security, 2021Co-Authors: An BraekenAbstract:Every month, several new protocols are popping up, comparing themselves with a few others and claiming to outperform the whole state of the art. The most popular domain of protocols is the one for Authentication in a client–Server architecture for which both symmetric key- and public key-based protocols are being proposed. The usage of public key-based mechanisms has several consequences, not only with respect to an increased computational and communication cost, but also with respect to increased possibilities to strengthen the protocol by making it resistant against a semi-trusted third party. On the other hand, we also recall that symmetric key-based protocols can already offer a nice set of security features. We see a trend in the current generation of papers published on public key-based client–Server Authentication protocols, showing that only a very limited amount of them really exploit the power that public key cryptography can offer with respect to this privacy towards a semi-trusted third party, and most of them do not even satisfy the same security features able to be also realised by a much more efficient symmetric key-based protocol. This paper serves as a warm wake-up call to all protocol designers to rethink the usage of more heavyweight constructions compared to symmetric key-based mechanisms in order to ensure that if they are used, they also fully exploit their inherent strength.
Srdjan Capkun - One of the best experts on this subject based on the ideXlab platform.
-
salve Server Authentication with location verification
ACM IEEE International Conference on Mobile Computing and Networking, 2016Co-Authors: Deryeuan Yu, Aanjhan Ranganathan, Ramya Jayaram Masti, Claudio Soriente, Srdjan CapkunAbstract:The Location Service (LCS) proposed by the telecommunication industry is an architecture that allows the location of mobile devices to be accessed in various applications. We explore the use of LCS in location-enhanced Server Authentication, which traditionally relies on certificates. Given recent incidents involving certificate authorities, various techniques to strengthen Server Authentication were proposed. They focus on improving the certificate validation process, such as pinning, revocation, or multi-path probing. In this paper, we propose using the Server's geographic location as a second factor of its authenticity. Our solution, SALVE, achieves location-based Server Authentication by using secure DNS resolution and by leveraging LCS for location measurements. We develop a TLS extension that enables the client to verify the Server's location in addition to its certificate. Successful Server Authentication therefore requires a valid certificate and the Server's presence at a legitimate geographic location, e.g., on the premises of a data center. SALVE prevents Server impersonation by remote adversaries with mis-issued certificates or stolen private keys of the legitimate Server. We develop a prototype implementation and our evaluation in real-world settings shows that it incurs minimal impact to the average Server throughput. Our solution is backward compatible and can be integrated with existing approaches for improving Server Authentication in TLS.
-
MobiCom - SALVE: Server Authentication with location verification
Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking, 2016Co-Authors: Deryeuan Yu, Aanjhan Ranganathan, Ramya Jayaram Masti, Claudio Soriente, Srdjan CapkunAbstract:The Location Service (LCS) proposed by the telecommunication industry is an architecture that allows the location of mobile devices to be accessed in various applications. We explore the use of LCS in location-enhanced Server Authentication, which traditionally relies on certificates. Given recent incidents involving certificate authorities, various techniques to strengthen Server Authentication were proposed. They focus on improving the certificate validation process, such as pinning, revocation, or multi-path probing. In this paper, we propose using the Server's geographic location as a second factor of its authenticity. Our solution, SALVE, achieves location-based Server Authentication by using secure DNS resolution and by leveraging LCS for location measurements. We develop a TLS extension that enables the client to verify the Server's location in addition to its certificate. Successful Server Authentication therefore requires a valid certificate and the Server's presence at a legitimate geographic location, e.g., on the premises of a data center. SALVE prevents Server impersonation by remote adversaries with mis-issued certificates or stolen private keys of the legitimate Server. We develop a prototype implementation and our evaluation in real-world settings shows that it incurs minimal impact to the average Server throughput. Our solution is backward compatible and can be integrated with existing approaches for improving Server Authentication in TLS.
Azeem Irshad - One of the best experts on this subject based on the ideXlab platform.
-
An Improved Biometric Multi-Server Authentication Scheme for Chang et al.'s Protocol
Information Technology And Control, 2019Co-Authors: Azeem Irshad, Shehzad Ashraf, Muhammad Shafiq, Muhammad Usman, Muhammad Asif, Saru KumariAbstract:The remote Authentication has been advancing with the growth of online services being offered on remotely basis. This calls for an optimal Authentication framework other than single-Server Authentication. In this connection, the multi-Server Authentication architecture has been introduced in the literature that enables the users to avail variety of services of various Servers, using a single pair of identity and password. Lately, we have witnessed a few multi-Server Authentication schemes in the literature, although security with loopholes. One of those multi-Server Authentication schemes has been presented by Chang et al. recently. Our analysis shows that the Chang et al. is vulnerable to impersonation attack, stolen smart card attack. In this study, we have reviewed the protocol thoroughly, and proposed an improved model, that is resistant to all known and identified attacks. The formal and informal security analysis for proposed model is also presented in this study, besides performance and its evaluation analysis.
-
Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme
Information Technology And Control, 2018Co-Authors: Azeem Irshad, Shehzad Ashraf Chaudhary, Husnain Naqvi, Muhammad Shafiq, Muhammad Usman, Omid Mir, Ambrina KanwalAbstract:Multi-Server Authentication makes convenient to benefit from services of various service providers on the basis of one-time registration through a trusted third party. Since, the users are reluctant to register themselves separately from all Servers due to the hassle of remembering many passwords and other cost constraints. The multi-Server Authentication enables the immediate provision of services by the real-time verification of users on an insecure channel. The literature for multi-Server oriented authenticated key agreement could be traced back to Li et al. and Lee et al., in 2000. Since then, numerous multi-Server Authentication techniques have been put forth. Nonetheless, the research academia looks for more secure and efficient Authentication protocols. Recently, Chen and Lee’s scheme presented a two-factor multi-Server key agreement protocol, which is found to be prone to impersonation, stolen smart card, key-compromise impersonation attack, and trace attacks. Besides, the scheme is also found to have the inefficient password modification procedure. We propose an improved protocol that counters the above limitations in almost an equivalent computation cost. Moreover, our protocol is supplemented with formal security analysis using BAN logic along with performance analysis and evaluation. DOI: http://dx.doi.org/10.5755/j01.itc.47.3.17361
-
An efficient and secure design of multi-Server authenticated key agreement protocol
The Journal of Supercomputing, 2018Co-Authors: Azeem Irshad, Shehzad Ashraf Chaudhry, Saru Kumari, Husnain Naqvi, Shouket Raheem, Ambrina Kanwal, Muhammad UsmanAbstract:Multi-Server Authentication, being a crucial component of remote communication, provides the ease of one-time registration to users from a centralized registration authority. Therefore, the users could avail the offered services after getting authenticated of any service provider using the same registration credentials. In recent years, many multi-Server Authentication protocols have been demonstrated. Nonetheless, the existing schemes do not meet the security and efficiency requirements of the time. Recently, Chuang et al. presented a multi-Server biometric Authentication protocol which was later crypt-analysed and improved by Lin et al. with the identification of few attacks. Later, we discover that Lin et al.’s protocol is still prone to replay attack, privileged insider attack, trace attack, de-synchronization attack and key-compromise impersonation attacks. In this study, we present a multi-Server Authentication protocol which is not only comparable with Lin et al.’s scheme but also efficient than other state-of-the-art multi-Server protocols. The security properties of our scheme are proved using formal analysis and evaluated with automated verification tool based on ProVerif.
-
An Improved and Secure Chaotic-Map Based Multi-Server Authentication Protocol Based on Lu et al. and Tsai and Lo’s Scheme
Wireless Personal Communications, 2017Co-Authors: Azeem Irshad, Qi Xie, Bander A. Alzahrani, Muhammad Usman Ashraf, Muhammad Sher, Fan Wu, Saru KumariAbstract:The simple password based Authentication techniques have been evolving into more secure and advanced protocols, capable of countering the advanced breed of threats. Following this development, the multi-Server Authentication (MSA), lets subscribers the provision of services from various service providers out of a single registration performed initially. The user seeks to register from registration centre first, and could avail a range of services onwards. The research efforts on MSA based framework, for making it lightweight and security resilient, has been going on a reasonable pace. However, yet we have not come up with a framework that can be relied upon for deployment in an access network bearing nodes that demand low computational cost. Recently, in this regard, Tsai and Lo presented a chaotic map-based multi-Server Authentication protocol. However, the Tsai and Lo scheme is found vulnerable to key-compromise impersonation attack, Bergamo et al. and password guessing attack by Lu et al. In return, Lu et al. presented a model countering the flaws of Tsai and Lo scheme. We review both schemes and found that Tsai et al. is still vulnerable to more threats, and at the same time, we demonstrate that Lu et al. is also vulnerable to RC-spoofing attack, replay attack, anonymity failure and bears some technical flaws. In this paper, we propose a secure and efficient scheme improved upon Tsai et al. protocol. Besides, this study work presents the formal security analysis using BAN logic and performance efficiency has also been evaluated against contemporary protocols.
-
An improved and secure chaotic map based authenticated key agreement in multi-Server architecture
Multimedia Tools and Applications, 2017Co-Authors: Azeem Irshad, Qi Xie, Shehzad Ashraf Chaudhry, Muhammad Sher, Saru Kumari, Fan WuAbstract:Multi-Server Authentication (MSA) provides the user an efficient way to avail multiple services of various multimedia service providers, once after getting registered from a registration centre. Previously, a user had to register all Servers individually to use their respective service; which proves to be a redundant and inefficient procedure in comparison with MSA. Many MSA-based techniques have been put forward by researchers, so far, however with proven pitfalls. In the last few years, the focus has been shifted towards a more flexible and efficient Chebyshev cryptographic technique. In this regard, recently Tan’s scheme presented a chaotic map based multi-Server Authentication scheme with a focus on login scalability. Nonetheless, Tan’s scheme has been found vulnerable to insider (impersonation attack) and stolen smart card attacks. Besides, the Tan’s scheme fails to differentiate the login requests between the two presented cases. The current study work is based on improving the Tan’s technique in terms of security in almost an equivalent cost. The security for proposed work is evaluated in the performance evaluation section, while it shows that the security is provable under formal security model, as well as using BAN Logic.
