2,095 research outputs found
An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards
With the recent proliferation of distributed systems and networking, remote
authentication has become a crucial task in many networking applications.
Various schemes have been proposed so far for the two-party remote
authentication; however, some of them have been proved to be insecure. In this
paper, we propose an efficient timestamp-based password authentication scheme
using smart cards. We show various types of forgery attacks against a
previously proposed timestamp-based password authentication scheme and improve
that scheme to ensure robust security for the remote authentication process,
keeping all the advantages that were present in that scheme. Our scheme
successfully defends the attacks that could be launched against other related
previous schemes. We present a detailed cryptanalysis of previously proposed
Shen et. al scheme and an analysis of the improved scheme to show its
improvements and efficiency.Comment: 6 page
A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes
With their increasing popularity in cryptosystems, biometrics have attracted more and more attention from the information security community. However, how to handle the relevant privacy concerns remains to be troublesome. In this paper, we propose a novel security model to formalize the privacy concerns in biometric-based remote authentication schemes. Our security model covers a number of practical privacy concerns such as identity privacy and transaction anonymity, which have not been formally considered in the literature. In addition, we propose a general biometric-based remote authentication scheme and prove its security in our security model
Dynamic Multi-Factor Security
This thesis identifies the current limitations of electronic remote authentication systems and presents a new remote authentication system that addresses these limitations. Examples of these limitations can be easily observed in everyday life. Some more common examples include: credit card theft, identity theft, insurance fraud and hacking of private computer networks. Our proposed solution includes a multi-factor protocol which has two key features. First, it dynamically updates private ID numbers such that no two iterations of the authentication protocol use the same set if private IDs for each involved party, using a True Random Number Generator (TRNG). This prevents any unauthorized access of private information, and even if this information is compromised, the authentication protocol is not compromised, since the subsequent iteration of authentication uses new IDs. Second, the protocol uses multiple authentication factors (two in our implementation), to further enhance security. These additional authentication factors are also dynamically updated after each iteration of the protocol. The protocol was implemented in a system which simulates a credit card transaction, highlighting the usefulness of our protocol in real world remote authentication. We expect this new electronic remote authentication system to solve many of the current failings of modern electronic authentication schemes
Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity
Dynamic ID-based remote user authentication schemes ensure efficient and
anonymous mutual authentication between entities. In 2013, Khan et al. proposed
an improved dynamic ID-based authentication scheme to overcome the security
flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that
Khan et al. does not satisfies the claim of the user's privacy and proposed an
efficient authentication scheme with user anonymity. The Sun and Cao's scheme
achieve improvement over Khan et al.'s scheme in both privacy and performance
point of view. Unfortunately, we identify that Sun and Cao's scheme does not
resist password guessing attack. Additionally, Sun and Cao's scheme does not
achieve forward secrecy
Authentication System based on ID-Network Smart Cards (ID-NSCards) for Critical Environments
Researchers in the Information Security area in the Carlos III University of Madrid (Spain) are interested to exploit the potential of an emerging technology: network smart cards. These new devices have a number of additional advantages for communications security in networked systems, comparing with the traditional smart cards. These interesting features could be applied to individuals identification procedures in environments where critical tasks or operations take place. The required collaboration would be focused in the development and implementation of an authentication system for critical environments based on this technology
Cryptanalysis of Yang-Wang-Chang's Password Authentication Scheme with Smart Cards
In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password
authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s
legendary timestamp-based remote authentication scheme using smart cards. After
analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that
their scheme is still insecure and vulnerable to four types of forgery attacks.
Hence, in this paper, we prove that, their claim that their scheme is
intractable is incorrect. Also, we show that even an attack based on Sun et
al._s attack could be launched against their scheme which they claimed to
resolve with their proposal.Comment: 3 Page
Two-factor remote authentication protocol with user anonymity based on elliptic curve cryptography
In order to provide secure remote access control, a robust and efficient authentication protocol should realize mutual authentication and session key agreement between clients and the remote server over public channels. Recently, Chun-Ta Li proposed a password authentication and user anonymity protocol by using smart cards, and they claimed that their protocol has satisfied all criteria required by remote authentication. However, we have found that his protocol cannot provide mutual authentication between clients and the remote server. To realize ‘real’ mutual authentication, we propose a two-factor remote authentication protocol based on elliptic curve cryptography in this paper, which not only satisfies the criteria but also bears low computational cost. Detailed analysis shows our proposed protocol is secure and more suitable for practical application
Experimental Study of DIGIPASS GO3 and the Security of Authentication
Based on the analysis of -digit one-time passwords(OTP) generated by
DIGIPASS GO3 we were able to reconstruct the synchronisation system of the
token, the OTP generating algorithm and the verification protocol in details
essential for an attack. The OTPs are more predictable than expected. A forgery
attack is described. We argue the attack success probability is . That
is much higher than which may be expected if all the digits are
independent and uniformly distributed. Under natural assumptions even in a
relatively small bank or company with customers the number of
compromised accounts during a year may be more than
- …