Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications

A suitable key agreement protocol plays an essential role in protecting the communications over open channels among users using Voice over Internet Protocol (VoIP). This paper presents a robust and flexible password authenticated key agreement protocol with user anonymity for Session Initiation Protocol (SIP) used by VoIP communications. Security analysis demonstrates that our protocol enjoys many unique properties, such as user anonymity, no password table, session key agreement, mutual authentication, password updating freely and conveniently revoking lost smartcards etc. Furthermore, our protocol can resist the replay attack, the impersonation attack, the stolen-verifier attack, the man-in-middle attack, the Denning-Sacco attack, and the offline dictionary attack with or without smartcards. Finally, performance analysis shows that our protocol is more suitable for practical application in comparison with other related protocols

A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP

Session Initiation Protocol (SIP) is an essential part of most Voice over Internet Protocol (VoIP) architecture. Although SIP provides attractive features, it is exposed to various security threats, and so an efficient and secure authentication scheme is sought to enhance the security of SIP. Several attempts have been made to address the tradeoff problem between security and efficiency, but designing a successful authenticated key agreement protocol for SIP is still a challenging task from the viewpoint of both performance and security, because performance and security as two critical factors affecting SIP applications always seem contradictory. In this study, we employ biometrics to design a lightweight privacy preserving authentication protocol for SIP based on symmetric encryption, achieving a delicate balance between performance and security. In addition, the proposed authentication protocol can fully protect the privacy of biometric characteristics and data identity, which has not been considered in previous work. The completeness of the proposed protocol is demonstrated by Gong, Needham, and Yahalom (GNY) logic. Performance analysis shows that our proposed protocol increases efficiency significantly in comparison with other related protocols

Improved Secure and Low Computation Authentication Protocol for Wireless Body Area Network with ECC and 2d Hash Chain

Since technologies have been developing rapidly, Wireless Body Area Network (WBAN) has emerged as a promising technique for healthcare systems. People can monitor patients’ body condition and collect data remotely and continuously by using WBAN with small and compact wearable sensors. These sensors can be located in, on, and around the patient’s body and measure the patient’s health condition. Afterwards sensor nodes send the data via short-range wireless communication techniques to an intermediate node. The WBANs deal with critical health data, therefore, secure communication within the WBAN is important. There are important criteria in designing a security protocol for a WBAN. Sensor nodes in a WBAN have limited computation power, battery capacity, and limited memory. Therefore, there have been many efforts to develop lightweight but secure authentication protocols. In this thesis, a computationally efficient authentication protocol based on Elliptic Curves Cryptography (ECC) and 2D hash chain has been proposed. This protocol can provide high level security and require significantly low computation power on sensor nodes. In addition, a novel key selection algorithm has been proposed to improve efficiency of key usage and reduce computation cost. For this protocol, ECC is used for key exchange and key encryption. The scheme encrypts a key with ECC to create a pair of points and uses this pair of points as keys for an intermediate node and sensor nodes. 2D hash chain technique is used for generating 2D key pool for authentication procedure. This technique can generate many keys efficiently and effectively with hash functions. For security part, this protocol provides essential security features including mutual authentication, perfect forward security, session key establishment, and etc., while providing high level security. In experimental results, this protocol reduced sensor nodes’ computation cost significantly by using combination of ECC and 2D hash chain. Moreover, the computation cost on the intermediate node has been reduced to 48.2% of the existing approach by the new key selection algorithm at an initial authentication. After the initial authentication, the intermediate node’s computation cost is further reduced to 47.1% of the initial authentication by eliminating synchronization phase. In addition, communication cost which is the total packet size of all messages is 1280-bits, which is 5392-bits smaller than the existing approach, for entire authentication and after the initial authentication the cost is reduced to 768-bits

On Security Analysis of Recent Password Authentication and Key Agreement Schemes Based on Elliptic Curve Cryptography

Secure and efficient mutual authentication and key agreement schemes form the basis for any robust network communication system. Elliptic Curve Cryptography (ECC) has emerged as one of the most successful Public Key Cryptosystem that efficiently meets all the security challenges. Comparison of ECC with other Public Key Cryptosystems (RSA, Rabin, ElGamal) shows that it provides equal level of security for a far smaller bit size, thereby substantially reducing the processing overhead. This makes it suitable for constrained environments like wireless networks and mobile devices as well as for security sensitive applications like electronic banking, financial transactions and smart grids. With the successful implementation of ECC in security applications (e-passports, e-IDs, embedded systems), it is getting widely commercialized. ECC is simple and faster and is therefore emerging as an attractive alternative for providing security in lightweight device, which contributes to its popularity in the present scenario. In this paper, we have analyzed some of the recent password based authentication and key agreement schemes using ECC for various environments. Furthermore, we have carried out security, functionality and performance comparisons of these schemes and found that they are unable to satisfy their claimed security goals

Two-factor remote authentication protocol with user anonymity based on elliptic curve cryptography

In order to provide secure remote access control, a robust and efficient authentication protocol should realize mutual authentication and session key agreement between clients and the remote server over public channels. Recently, Chun-Ta Li proposed a password authentication and user anonymity protocol by using smart cards, and they claimed that their protocol has satisfied all criteria required by remote authentication. However, we have found that his protocol cannot provide mutual authentication between clients and the remote server. To realize ‘real’ mutual authentication, we propose a two-factor remote authentication protocol based on elliptic curve cryptography in this paper, which not only satisfies the criteria but also bears low computational cost. Detailed analysis shows our proposed protocol is secure and more suitable for practical application

Authentic-caller : self-enforcing authentication in a next generation network

The Internet of Things (IoT) or the Cyber-Physical System (CPS) is the network of connected devices, things and people which collect and exchange information using the emerging telecommunication networks (4G, 5G IP-based LTE). These emerging telecommunication networks can also be used to transfer critical information between the source and destination, informing the control system about the outage in the electrical grid, or providing information about the emergency at the national express highway. This sensitive information requires authorization and authentication of source and destination involved in the communication. To protect the network from unauthorized access and to provide authentication, the telecommunication operators have to adopt the mechanism for seamless verification and authorization of parties involved in the communication. Currently, the next-generation telecommunication networks use a digest-based authentication mechanism, where the call-processing engine of the telecommunication operator initiates the challenge to the request-initiating client or caller, which is being solved by the client to prove his credentials. However, the digest-based authentication mechanisms are vulnerable to many forms of known attacks e.g., the Man-In-The-Middle (MITM) attack and the password guessing attack. Furthermore, the digest-based systems require extensive processing overheads. Several Public-Key Infrastructure (PKI) based and identity-based schemes have been proposed for the authentication and key agreements. However, these schemes generally require smart-card to hold long-term private keys and authentication credentials. In this paper, we propose a novel self-enforcing authentication protocol for the SIPbased next-generation network based on a low-entropy shared password without relying on any PKI or trusted third party system. The proposed system shows effective resistance against various attacks e.g., MITM, replay attack, password guessing attack, etc. We a..

A Survey on Wireless Sensor Network Security

Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes is also very likely in real-life deployment scenarios. Due to resource constraints in the sensor nodes, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs. Security in sensor networks is, therefore, a particularly challenging task. This paper discusses the current state of the art in security mechanisms for WSNs. Various types of attacks are discussed and their countermeasures presented. A brief discussion on the future direction of research in WSN security is also included.Comment: 24 pages, 4 figures, 2 table

An Efficient Lightweight Provably Secure Authentication Protocol for Patient Monitoring Using Wireless Medical Sensor Networks

The refurbishing of conventional medical network with the wireless medical sensor network has not only amplified the efficiency of the network but concurrently posed different security threats. Previously, Servati and Safkhani had suggested an Internet of Things (IoT) based authentication scheme for the healthcare environment promulgating a secure protocol in resistance to several attacks. However, the analysis demonstrates that the protocol could not withstand user, server, and gateway node impersonation attacks. Further, the protocol fails to resist offline password guessing, ephemeral secret leakage, and gateway-by-passing attacks. To address the security weaknesses, we furnish a lightweight three-factor authentication framework employing the fuzzy extractor technique to safeguard the user’s biometric information. The Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Scyther simulation tool have been imposed as formal approaches for establishing the validity of the proposed work. The heuristic analysis stipulates that the proposed work is impenetrable to possible threats and offers several security peculiarities like forward secrecy and three-factor security. A thorough analysis of the preexisting works with the proposed ones corroborates the intensified security and efficiency with the reduced computational, communication, and security overheads