A Proposed Approach for Multiserver Authentication and Key Agreement with User Protection and Security

Use of smart card makes remote user verification and key agreement easy, elastic to making a secure scattered system environment. It is very important to provide user privacy protection in authentication phase. In this paper, we are describing the performance comparison of Jung approach for multiple server authentication and key agreement schemes with user protection in network security with our proposed approach. First we are describing the juang approach then overview of our approach with comparison. All the areas those can be improved by us are also defined. Our approach is works for single server as well as multi sever environment. According to our analysis the juang approach is open to the element, leak-of-verifier attack and session key discovery attack and smart card loss attack. We are saving data into the server table in form of digital identity, smart card is removed by us, and so the new approach is safe from smart card loss attac

A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme

A ROBUST PRIMITIVE FOR AVOIDING DATA ATTACKS USING CRYPTOGRAPHY

Within our plan, a session secret is only accessible towards the interacting parties (user and server), which is unknown either to the registration center varieties. Within this paper, we first evaluate He-Wang’s plan and reveal that their plan is susceptible to a known session specific temporary information attack and impersonation attack. Additionally, we reveal that their plan doesn't provide strong user’s anonymity. In addition, He-Wang’s plan cannot supply the user revocation facility once the wise card sheds or taken or user’s authentication parameter is revealed. While using Burrows-Abadi-Needham logic, we reveal that our plan provides secure authentication. Additionally, we simulate our plan for that formal security verification while using broadly recognized and used automated validation of Internet security software methods and programs tool, and reveal that our plan is safe against passive and active attacks. Our plan provides high security together with low communication cost, computational cost, and number of security measures. Aside from these, He-Wang’s plan has some design flaws, for example wrong password login and it is effects and wrong password update during password change phase. Then we propose a brand new secure multi-server authentication protocol using biometric-based wise card and ECC with increased security benefits. Consequently, our plan is extremely appropriate for battery-limited mobile products as in comparison with He-Wang’s plan

On Security Analysis of Recent Password Authentication and Key Agreement Schemes Based on Elliptic Curve Cryptography

Secure and efficient mutual authentication and key agreement schemes form the basis for any robust network communication system. Elliptic Curve Cryptography (ECC) has emerged as one of the most successful Public Key Cryptosystem that efficiently meets all the security challenges. Comparison of ECC with other Public Key Cryptosystems (RSA, Rabin, ElGamal) shows that it provides equal level of security for a far smaller bit size, thereby substantially reducing the processing overhead. This makes it suitable for constrained environments like wireless networks and mobile devices as well as for security sensitive applications like electronic banking, financial transactions and smart grids. With the successful implementation of ECC in security applications (e-passports, e-IDs, embedded systems), it is getting widely commercialized. ECC is simple and faster and is therefore emerging as an attractive alternative for providing security in lightweight device, which contributes to its popularity in the present scenario. In this paper, we have analyzed some of the recent password based authentication and key agreement schemes using ECC for various environments. Furthermore, we have carried out security, functionality and performance comparisons of these schemes and found that they are unable to satisfy their claimed security goals