On Security Analysis of Recent Password Authentication and Key Agreement Schemes Based on Elliptic Curve Cryptography

Secure and efficient mutual authentication and key agreement schemes form the basis for any robust network communication system. Elliptic Curve Cryptography (ECC) has emerged as one of the most successful Public Key Cryptosystem that efficiently meets all the security challenges. Comparison of ECC with other Public Key Cryptosystems (RSA, Rabin, ElGamal) shows that it provides equal level of security for a far smaller bit size, thereby substantially reducing the processing overhead. This makes it suitable for constrained environments like wireless networks and mobile devices as well as for security sensitive applications like electronic banking, financial transactions and smart grids. With the successful implementation of ECC in security applications (e-passports, e-IDs, embedded systems), it is getting widely commercialized. ECC is simple and faster and is therefore emerging as an attractive alternative for providing security in lightweight device, which contributes to its popularity in the present scenario. In this paper, we have analyzed some of the recent password based authentication and key agreement schemes using ECC for various environments. Furthermore, we have carried out security, functionality and performance comparisons of these schemes and found that they are unable to satisfy their claimed security goals

Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications

A suitable key agreement protocol plays an essential role in protecting the communications over open channels among users using Voice over Internet Protocol (VoIP). This paper presents a robust and flexible password authenticated key agreement protocol with user anonymity for Session Initiation Protocol (SIP) used by VoIP communications. Security analysis demonstrates that our protocol enjoys many unique properties, such as user anonymity, no password table, session key agreement, mutual authentication, password updating freely and conveniently revoking lost smartcards etc. Furthermore, our protocol can resist the replay attack, the impersonation attack, the stolen-verifier attack, the man-in-middle attack, the Denning-Sacco attack, and the offline dictionary attack with or without smartcards. Finally, performance analysis shows that our protocol is more suitable for practical application in comparison with other related protocols

A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP

Session Initiation Protocol (SIP) is an essential part of most Voice over Internet Protocol (VoIP) architecture. Although SIP provides attractive features, it is exposed to various security threats, and so an efficient and secure authentication scheme is sought to enhance the security of SIP. Several attempts have been made to address the tradeoff problem between security and efficiency, but designing a successful authenticated key agreement protocol for SIP is still a challenging task from the viewpoint of both performance and security, because performance and security as two critical factors affecting SIP applications always seem contradictory. In this study, we employ biometrics to design a lightweight privacy preserving authentication protocol for SIP based on symmetric encryption, achieving a delicate balance between performance and security. In addition, the proposed authentication protocol can fully protect the privacy of biometric characteristics and data identity, which has not been considered in previous work. The completeness of the proposed protocol is demonstrated by Gong, Needham, and Yahalom (GNY) logic. Performance analysis shows that our proposed protocol increases efficiency significantly in comparison with other related protocols

An Authentication Protocol for Future Sensor Networks

Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols.Comment: This article is accepted for the publication in "Sensors" journal. 29 pages, 15 figure

A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography

User authentication is a crucial service in wireless sensor networks (WSNs) that is becoming increasingly common in WSNs because wireless sensor nodes are typically deployed in an unattended environment, leaving them open to possible hostile network attack. Because wireless sensor nodes are limited in computing power, data storage and communication capabilities, any user authentication protocol must be designed to operate efficiently in a resource constrained environment. In this paper, we review several proposed WSN user authentication protocols, with a detailed review of the M.L Das protocol and a cryptanalysis of Das’ protocol that shows several security weaknesses. Furthermore, this paper proposes an ECC-based user authentication protocol that resolves these weaknesses. According to our analysis of security of the ECC-based protocol, it is suitable for applications with higher security requirements. Finally, we present a comparison of security, computation, and communication costs and performances for the proposed protocols. The ECC-based protocol is shown to be suitable for higher security WSNs

An authentic-based privacy preservation protocol for smart e-healthcare systems in iot

© 2013 IEEE. Emerging technologies rapidly change the essential qualities of modern societies in terms of smart environments. To utilize the surrounding environment data, tiny sensing devices and smart gateways are highly involved. It has been used to collect and analyze the real-time data remotely in all Industrial Internet of Things (IIoT). Since the IIoT environment gathers and transmits the data over insecure public networks, a promising solution known as authentication and key agreement (AKA) is preferred to prevent illegal access. In the medical industry, the Internet of Medical Things (IoM) has become an expert application system. It is used to gather and analyze the physiological parameters of patients. To practically examine the medical sensor-nodes, which are imbedded in the patient\u27s body. It would in turn sense the patient medical information using smart portable devices. Since the patient information is so sensitive to reveal other than a medical professional, the security protection and privacy of medical data are becoming a challenging issue of the IoM. Thus, an anonymity-based user authentication protocol is preferred to resolve the privacy preservation issues in the IoM. In this paper, a Secure and Anonymous Biometric Based User Authentication Scheme (SAB-UAS) is proposed to ensure secure communication in healthcare applications. This paper also proves that an adversary cannot impersonate as a legitimate user to illegally access or revoke the smart handheld card. A formal analysis based on the random-oracle model and resource analysis is provided to show security and resource efficiencies in medical application systems. In addition, the proposed scheme takes a part of the performance analysis to show that it has high-security features to build smart healthcare application systems in the IoM. To this end, experimental analysis has been conducted for the analysis of network parameters using NS3 simulator. The collected results have shown superiority in terms of the packet delivery ratio, end-to-end delay, throughput rates, and routing overhead for the proposed SAB-UAS in comparison to other existing protocols

A New Efficient Authenticated and Key Agreement Scheme for SIP Using Digital Signature Algorithm on Elliptic Curves, Journal of Telecommunications and Information Technology, 2017, nr 2

Voice over Internet Protocol (VoIP) has been recently one of the more popular applications in Internet technology. It benefits lower cost of equipment, operation, and better integration with data applications than voice communications over telephone networks. However, the voice packets delivered over the Internet are not protected. The session initiation protocol (SIP) is widely used signaling protocol that controls communications on the Internet, typically using hypertext transport protocol (HTTP) digest authentication, which is vulnerable to many forms of attacks. This paper proposes a new secure authentication and key agreement scheme based on Digital Signature Algorithm (DSA) and Elliptic Curve Cryptography (ECC) named (ECDSA). Security analysis demonstrates that the proposed scheme can resist various attacks and it can be applied to authenticate the users with different SIP domains

Building Secure and Anonymous Communication Channel: Formal Model and its Prototype Implementation

Various techniques need to be combined to realize anonymously authenticated communication. Cryptographic tools enable anonymous user authentication while anonymous communication protocols hide users' IP addresses from service providers. One simple approach for realizing anonymously authenticated communication is their simple combination, but this gives rise to another issue; how to build a secure channel. The current public key infrastructure cannot be used since the user's public key identifies the user. To cope with this issue, we propose a protocol that uses identity-based encryption for packet encryption without sacrificing anonymity, and group signature for anonymous user authentication. Communications in the protocol take place through proxy entities that conceal users' IP addresses from service providers. The underlying group signature is customized to meet our objective and improve its efficiency. We also introduce a proof-of-concept implementation to demonstrate the protocol's feasibility. We compare its performance to SSL communication and demonstrate its practicality, and conclude that the protocol realizes secure, anonymous, and authenticated communication between users and service providers with practical performance.Comment: This is a preprint version of our paper presented in SAC'14, March 24-28, 2014, Gyeongju, Korea. ACMSAC 201