The Experts below are selected from a list of 41874 Experts worldwide ranked by ideXlab platform
Muhammad Khurram Khan - One of the best experts on this subject based on the ideXlab platform.
-
A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security
Wireless Personal Communications, 2016Co-Authors: Jianwei Niu, Sk Hafizul Islam, Muhammad Khurram Khan, Saru Kumari, Ashok Kumar Das, Xiong Li, Fan WuAbstract:The widespread popularity of the computer networks has triggered concerns about information security. Password-based User Authentication with key agreement protocols have drawn attentions since it provides proper Authentication of a User before granting access right to services, and then ensure secure communication over insecure channels. Recently, Lee et al. pointed out different security flaws on Tsaur et al.’s multi-server User Authentication protocol, and they further proposed an extended chaotic maps-based User Authentication with key agreement protocol for multi-server environments. However, we observed that Lee et al.’s protocol has some functionality and security flaws, i.e., it is inefficient in detection of unauthorized login and it does not support password change mechanism. Besides, their protocol is vulnerable to registration center spoofing attack and server spoofing attack. In order to remedy the aforementioned flaws, we proposed a novel chaotic maps-based User Authentication with key agreement protocol for multi-server environments. The proposed protocol is provably secure in the random oracle model under the chaotic-maps based computational Diffie-Hellman assumption. In addition, we analyzed our protocol using BAN logic model. We also compared our protocol with Lee et al.’s protocol in aspects of computation cost, functionalities and securities.
-
An improved remote User Authentication scheme with key agreement
Computers & Electrical Engineering, 2014Co-Authors: Saru Kumari, Muhammad Khurram Khan, Xiong LiAbstract:In distributed systems, User Authentication schemes based on password and smart card are widely used to ensure only authorized access to the protected services. Recently, Chang et al. presented an untraceable dynamic-identity-based User Authentication scheme with verifiable-password-update. In this research, we illustrate that Chang et al.’s scheme violates the purpose of dynamic-identity contrary to authors’ claim. We show that once the smart card of an arbitrary User is lost, passwords of all registered Users are at risk. Using information from an arbitrary smart card, an adversary can impersonate any User of the system. In addition, its password change phase has loopholes and is misguiding. The scheme has no provision for session key agreement and the smart card lacks any verification mechanism. Then we come-up with an improved remote User Authentication scheme with the session key agreement, and show its robustness over related schemes.
-
cryptanalysis and security enhancement of a more efficient secure dynamic id based remote User Authentication scheme
Computer Communications, 2011Co-Authors: Muhammad Khurram Khan, Sookyun Kim, Khaled AlghathbarAbstract:Remote User Authentication is a method, in which remote server verifies the legitimacy of a User over an insecure communication channel. Currently, smart card-based remote User Authentication schemes have been widely adopted due to their low computational cost and convenient portability for the Authentication purpose. Recently, Wang et al. proposed a dynamic ID-based remote User Authentication scheme using smart cards. They claimed that their scheme preserves anonymity of User, has the features of strong password chosen by the server, and protected from several attacks. However, in this paper, we point out that Wang et al.'s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme: does not provide anonymity of a User during Authentication, User has no choice in choosing his password, vulnerable to insider attack, no provision for revocation of lost or stolen smart card, and does provide session key agreement. To remedy these security flaws, we propose an enhanced Authentication scheme, which covers all the identified weaknesses of Wang et al.'s scheme and is more secure and efficient for practical application environment.
-
cryptanalysis and security improvements of two factor User Authentication in wireless sensor networks
Sensors, 2010Co-Authors: Muhammad Khurram Khan, Khaled AlghathbarAbstract:User Authentication in wireless sensor networks (WSN) is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote Users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor User Authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: Users cannot change/update their passwords, it does not provide mutual Authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor User Authentication in WSNs.
-
an efficient and practical fingerprint based remote User Authentication scheme with smart cards
Lecture Notes in Computer Science, 2006Co-Authors: Muhammad Khurram Khan, Jiashu ZhangAbstract:, Recently, Lee et al. proposed a fingerprint-based remote User Authentication scheme using smart cards. We demonstrate that their scheme is vulnerable and susceptible to the attack and has some practical pitfalls. Their scheme performs only unilateral Authentication (only client Authentication) and there is no mutual Authentication between User and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, in their scheme, remote system generates and assigns the passwords, and Users cannot choose and change their passwords. Moreover, passwords are long pseudorandom numbers and difficult to remember for a User. To solve these problems, we propose an efficient and practical fingerprint-based remote User Authentication scheme using smart cards, which is based on one-way collision free hash functions. Proposed scheme not only overcomes all the drawbacks and problems of Lee et al.'s scheme, but also provides a secure and User-friendly fingerprint-based remote User Authentication over insecure network. In addition, computational costs and efficiency of the proposed scheme are better than Lee et al.'s scheme.
Manik Lal Das - One of the best experts on this subject based on the ideXlab platform.
-
two factor User Authentication in wireless sensor networks
IEEE Transactions on Wireless Communications, 2009Co-Authors: Manik Lal DasAbstract:Wireless sensor networks (WSN) are typically deployed in an unattended environment, where the legitimate Users can login to the network and access data as and when demanded. Consequently, User Authentication is a primary concern in this resource-constrained environment before accessing data from the sensor/gateway nodes. In this letter, we present a two-factor User Authentication protocol for WSN, which provides strong Authentication, session key establishment, and achieves efficiency.
-
an improved bilinear pairing based remote User Authentication scheme
Computer Standards & Interfaces, 2009Co-Authors: Thulasi Goriparthi, Manik Lal Das, Ashutosh SaxenaAbstract:Recently Das et al. proposed a novel remote User Authentication scheme using bilinear pairings. Chou et al. identified a weakness in Das et al.'s scheme and made an improvement. In this paper, we show that both Das et al.'s and Chou et al.'s schemes are insecure against forgery and replay attacks. We proposed an improved scheme that overcomes the security flaws without affecting the merits of the original scheme.
-
a novel remote User Authentication scheme using bilinear pairings
Computers & Security, 2006Co-Authors: Manik Lal Das, Ashutosh Saxena, Ved Prakash Gulati, Deepak B PhatakAbstract:The paper presents a remote User Authentication scheme using the properties of bilinear pairings. In the scheme, the remote system receives User login request and allows login to the remote system if the login request is valid. The scheme prohibits the scenario of many logged in Users with the same login-ID, and provides a flexible password change option to the registered Users without any assistance from the remote system.
-
a dynamic id based remote User Authentication scheme
IEEE Transactions on Consumer Electronics, 2004Co-Authors: Manik Lal Das, Ashutosh Saxena, Ved Prakash GulatiAbstract:Password-based Authentication schemes are the most widely used techniques for remote User Authentication. Many static ID-based remote User Authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the Users to choose and change their passwords, and maintain a verifier table to verify the validity of the User login. In this paper we present a dynamic ID-based remote User Authentication scheme using smart cards. Our scheme allows the Users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.
Jamuna Kanta Sing - One of the best experts on this subject based on the ideXlab platform.
-
a dynamic password based User Authentication scheme for hierarchical wireless sensor networks
Journal of Network and Computer Applications, 2012Co-Authors: Ashok Kumar Das, Pranay Sharma, Santanu Chatterjee, Jamuna Kanta SingAbstract:Most queries in wireless sensor network (WSN) applications are issued at the point of the base station or gateway node of the network. However, for critical applications of WSNs there is a great need to access the real-time data inside the WSN from the nodes, because the real-time data may no longer be accessed through the base station only. So, the real-time data can be given access directly to the external Users (parties) those who are authorized to access data as and when they demand. The User Authentication plays a vital role for this purpose. In this paper, we propose a new password-based User Authentication scheme in hierarchical wireless sensor networks. Our proposed scheme achieves better security and efficiency as compared to those for other existing password-based approaches. In addition, our scheme has merit to change dynamically the User's password locally without the help of the base station or gateway node. Furthermore, our scheme supports dynamic nodes addition after the initial deployment of nodes in the existing sensor network.
Dong Ho Won - One of the best experts on this subject based on the ideXlab platform.
-
an anonymous User Authentication and key agreement scheme based on a symmetric cryptosystem in wireless sensor networks
Sensors, 2016Co-Authors: Jaewook Jung, Younsung Choi, Jiye Kim, Dong Ho WonAbstract:In wireless sensor networks (WSNs), a registered User can login to the network and use a User Authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient User Authentication process. Recently, Chen et al. proposed a secure User Authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.’s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve User anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous User Authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.’s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes.
-
cryptanalysis of advanced biometric based User Authentication scheme for wireless sensor networks
2015Co-Authors: Younsung Choi, Junghyun Nam, Youngsook Lee, Seyoun Jung, Dong Ho WonAbstract:Recently, wireless sensor networks can provide a practicable real-time monitoring system because wireless sensors can be easily deployed in various environments. To provide secure and efficient communication, various User Authentication schemes have been proposed. In 2012, He et al. proposed a robust biometric-based User Authentication scheme but Yoon and Kim demonstrated that He et al.’s scheme has various security problems. And they proposed an advanced biometric-based User Authentication scheme. In this paper, we analyze Yoon and Kim’s scheme and perform the cryptanalysis. We find out that it has still various security weakness such as no perfect forward secrecy, session key exposure by GW node, a DoS attack, no revocation phase, and biometric recognition error.
-
cryptanalysis of dynamic id based User Authentication scheme using smartcards without verifier tables
CSA CUTE, 2015Co-Authors: Jaewook Jung, Donghoon Lee, Younsung Choi, Jiye Kim, Jongho Mun, Dong Ho WonAbstract:Password-based remote User Authentication technique is the most commonly used for secure communication over insecure network environments. Due to its simplicity and efficiency, it is widely used in many fields such as e-commerce, distributed system, remote host login system, etc. In recent years, several dynamic ID-based User Authentication schemes using password and smart card have been proposed to provide mutual Authentication between the User and server. Recently, Lee proposed an efficient dynamic ID-based User Authentication scheme without verifier tables. Lee claimed that his scheme can resist off-line password guessing attack, User impersonation attack and provide User anonymity. In this paper, we demonstrate that Lee’s enhanced scheme is not secure against off-line password guessing attack and User impersonation attack in violation of its security claim as well as it fails to preserve User anonymity.
-
Security enhanced User Authentication protocol for wireless sensor networks using elliptic curves cryptography
Sensors (Switzerland), 2014Co-Authors: Younsung Choi, Junghyun Nam, Donghoon Lee, Jaewook Jung, Jiye Kim, Dong Ho WonAbstract:Wireless sensor networks (WSNs) consist of sensors, gateways and Users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various User Authentication protocols have been proposed. In 2011, Yeh et al. first proposed a User Authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual Authentication, perfect forward secrecy, and key agreement between the User and sensor. Later in 2013, Shi et al. proposed a new User Authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced User Authentication protocol using ECC for WSNs.
-
security weakness of a dynamic id based User Authentication scheme with key agreement
2012Co-Authors: Mijin Kim, Namje Park, Dong Ho WonAbstract:A remote User Authentication scheme is a method to confirm the identity of a remote individual login to the server over an untrusted, public network. In 2012, Wen-Li proposed a dynamic ID-based User Authentication scheme with key agreement and claimed that their scheme resisted impersonation attack and avoided leakage of partial information However, we find out that Wen-Li’s scheme could leak some key information to an adversary and is exposed to man in the middle attack launched by any adversary. In this paper we conduct detailed analysis of flaws in Wen-Li’s scheme.
Lihua Li - One of the best experts on this subject based on the ideXlab platform.
-
a new remote User Authentication scheme for multi server architecture
Future Generation Computer Systems, 2003Co-Authors: Minshiang Hwang, Lihua LiAbstract:Abstract Remote User Authentication is used to validate the legitimacy of a remote login User. Conventional User Authentication schemes are suited to solve the privacy and security problems for the single client/server architecture environment. However, the use of computer networks and information technology has grown spectacularly. More and more network architectures are used in multi-server environments. In this paper, we propose a new remote User Authentication scheme. The scheme can be used in multi-server environments. In our scheme, the system does not need to maintain any verification table, and the Users who have registered in the servers do not need to remember different login passwords for various servers. In addition, our scheme can also withstand replay and modification attacks. Furthermore, it allows Users to choose their passwords freely, and a User can be removed from the system easily when the subscription expires.
-
a new remote User Authentication scheme using smart cards
IEEE Transactions on Consumer Electronics, 2000Co-Authors: Minshiang Hwang, Lihua LiAbstract:We propose a new remote User Authentication scheme using smart cards. The scheme is based on the ElGamal's (1985) public key cryptosystem. Our scheme does not require a system to maintain a password table for verifying the legitimacy of the login Users. In addition, our scheme can withstand message replaying attack.
