Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement

During the past decade, the electronic healthcare (e-health) system has been evolved into a more patient-oriented service with smaller and smarter wireless devices. However, these convenient smart devices have limited computing capacity and memory size, which makes it harder to protect the user’s massive private data in the e-health system. Although some works have established a secure session key between the user and the medical server, the weaknesses still exist in preserving the anonymity with low energy consumption. Moreover, the misuse of biometric information in key agreement process may lead to privacy disclosure, which is irreparable. In this study, we design a dynamic privacy protection mechanism offering the biometric authentication at the server side whereas the exact value of the biometric template remains unknown to the server. And the user anonymity can be fully preserved during the authentication and key negotiation process because the messages transmitted with the proposed scheme are untraceable. Furthermore, the proposed scheme is proved to be semantic secure under the Real-or-Random Model. The performance analysis shows that the proposed scheme suits the e-health environment at the aspect of security and resource occupation

A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB mass storage devices

This paper proposes a key agreement scheme after secure authentication to prevent the unauthorized access of the data stored in a Universal Serial Bus (USB) Mass Storage Device (MSD). Due to the system architecture of this proposed scheme, authorized users can store their data in a secure encrypted form after performing authentication. The novelty of this work is that users can retrieve the encrypted data in not only the current session but also across different sessions, thus reducing the required communications overhead. This paper then analyses the security of the proposed protocol through a formal analysis to demonstrate that the information has been stored securely and is also protected offering strong resilience to relevant security attacks. The computational and communication costs of the proposed scheme is analyzed and compared to related works to show that the proposed scheme has an improved tradeoff for computational cost, communication cost and security

An Anonymous Authenticated Key Agreement Protocol Secure in Partially Trusted Registration Server Scenario for Multi-Server Architectures

The accelerated advances in information communication technologies have made it possible for enterprises to deploy large scale applications in a multi-server architecture (also known as cloud computing environment). In this architecture, a mobile user can remotely obtain desired services over the Internet from multiple servers by initially executing a single registration on a trusted registration server (RS). Due to the hazardous nature of the Internet, to protect user privacy and online communication, a lot of multi-server authenticated-key-agreement (MSAKA) schemes have been furnished. However, all such designs lack in two very vital aspects, i.e., 1) no security under the partially trusted RS and 2) RS cannot control a user to access only a wanted combination of service-providing servers. To address these shortcomings, we present a new MSAKA protocol using self-certified public-key cryptography (SCPKC). We confirm the security of the proposed scheme by utilizing the well-known automated verification tool AVISPA and also provide a formal security proof in the random oracle model. Moreover, the software implementation of the proposed scheme, and a performance and security metrics comparison shows that it portrays a better security performance trade-off, and hence is more appropriate for real-life applications having resource constraint devices

Identifying Comparison and Selection Criteria for Authentication Schemes and Methods

Multiple techniques exist for performing authentication such as text passwords and smart cards. Multi-factor authentication combines two or more of these techniques in order to enhance security. It is of interest to know what the current research on these authentication techniques is and what comparison and selection criteria exist that help in the decision of these techniques. A systematic literature review is performed in order to obtain the desired knowledge. Moreover, the found comparison and selection criteria are analyzed and organized in order to generate a list of criteria that can be used to help in the decision of authentication techniques in different situations. The results of this research help to cover the gap in literature that could be observed through literature, which is the lack of works that focus on the comparison and selection of authentication techniques.Sociedad Argentina de Informática e Investigación Operativ

Identifying Comparison and Selection Criteria for Authentication Schemes and Methods

Multiple techniques exist for performing authentication such as text passwords and smart cards. Multi-factor authentication combines two or more of these techniques in order to enhance security. It is of interest to know what the current research on these authentication techniques is and what comparison and selection criteria exist that help in the decision of these techniques. A systematic literature review is performed in order to obtain the desired knowledge. Moreover, the found comparison and selection criteria are analyzed and organized in order to generate a list of criteria that can be used to help in the decision of authentication techniques in different situations. The results of this research help to cover the gap in literature that could be observed through literature, which is the lack of works that focus on the comparison and selection of authentication techniques.Sociedad Argentina de Informática e Investigación Operativ

Device fingerprinting identification and authentication: A two-fold use in multi-factor access control schemes

Network security has always had an issue with secure authentication and identification. In the current mixed device network of today, the number of nodes on a network has expanded but these nodes are often unmanaged from a network security perspective. The solution proposed requires a paradigm shift, a recognition of what has already happened, identity is for sale across the internet. That identity is the users’ network ID, their behavior, and even their behavior in using the networks. Secondly a majority of the devices on the Internet have been fingerprinted. Use of device fingerprinting can help secure a network if properly understood and properly executed. The research into this area suggests a solution. Which is the use of device fingerprints including clock skews to identify the devices and a dual- authentication process targeted at authenticating the device and the user. Not only authenticating the identity presented but also combining them into a unified entity so failure to authenticate part of the entity means the whole is denied access to the network and its resources