A Secure Remote User Authentication Scheme with Smart Cards

Remote user authentication scheme is one of the simplest and the most convenient authentication mechanisms to deal with secret data over insecure networks. These types of schemes are applicable to the areas such as computer networks, wireless networks, remote login systems, operation systems and database management systems.The goal of a remote user authentication scheme is to identify a valid card holder as having the rights and privileges indicated by the issuer of the card. In recent years, so many remote user authentication schemes have been proposed to authenticate a legitimate user, but none of them can solve all possible problems and withstand all possible attacks. This paper presents a secure remote user authentication scheme with smart cards. The proposed scheme provides the essential security requirements and achieves particular attributes

A Forward Secure Remote User Authentication Scheme

Remote user authentication schemes allow a valid user to login a remote server. In 2000, Hwang and Li\u27s proposed a new remote user authentication scheme with smart cards. In the recent years,some researchers pointed out the security weaknesses of Hwang and Li\u27s scheme and they also proposed some modified schemes to avoid these weaknesses. This paper analyzes that Hwang and Li\u27s scheme does not satisfy some essential security requirements. Hwang and Li\u27s scheme and all the modified schemes do not support mutual authentication between the remote user and the remote server also there is no session key generation phase for secure communication. In addition, in Hwang and Li\u27s scheme, the remote user is not free to change his password. This paper present an ideal remote user authentication scheme with smart cards that not only resolves all the security problems of Hwang and Li\u27s scheme, but also provides all the essential security requirements and forward secrecy to the remote server

An efficient password authentication scheme for smart card,”

Abstract Yang-Wang-Chang proposed an improved timestamp associated password authentication scheme based on YangShieh, who had earlier proposed timestamp-based remote authentication scheme using smart cards. In this paper, we propose an efficient password authentication scheme with smart card applying RSA. The proposed scheme withstands most of the attacks with minimum computational cost

Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach

As the most prevailing two-factor authentication mechanism, smart card based password authentication has been a subject of intensive research in the past decade and hundreds of this type of schemes have been proposed. However, most of them were found severely flawed, especially prone to the smart card loss problem, shortly after they were first put forward, no matter the security is heuristically analyzed or formally proved. In SEC\u2712, Wang pointed out that, the main cause of this issue is attributed to the lack of an appropriate security model to fully identify the practical threats. To address the issue, Wang presented three kinds of security models, namely Type I, II and III, and further proposed four concrete schemes, only two of which, i.e. PSCAV and PSCAb, are claimed to be secure under the harshest model, i.e. Type III security model. However, in this paper, we demonstrate that PSCAV still cannot achieve the claimed security goals and is vulnerable to an offline password guessing attack and other attacks in the Type III security mode, while PSCAb has several practical pitfalls. As our main contribution, a robust scheme is presented to cope with the aforementioned defects and it is proven to be secure in the random oracle model. Moreover, the analysis demonstrates that our scheme meets all the proposed criteria and eliminates several hard security threats that are difficult to be tackled at the same time in previous scholarship

Toward designing a secure authentication protocol for IoT environments

Authentication protocol is a critical part of any application to manage the access control in many applications. A former research recently proposed a lightweight authentication scheme to transmit data in an IoT subsystem securely. Although the designers presented the first security analysis of the proposed protocol, that protocol has not been independently analyzed by third-party researchers, to the best of our knowledge. On the other hand, it is generally agreed that no cryptosystem should be used in a practical application unless its security has been verified through security analysis by third parties extensively, which is addressed in this paper. Although it is an efficient protocol by design compared to other related schemes, our security analysis identifies the non-ideal properties of this protocol. More specifically, we show that this protocol does not provide perfect forward secrecy. In addition, we show that it is vulnerable to an insider attacker, and an active insider adversary can successfully recover the shared keys between the protocol’s entities. In addition, such an adversary can impersonate the remote server to the user and vice versa. Next, the adversary can trace the target user using the extracted information. Finally, we redesign the protocol such that the enhanced protocol can withstand all the aforementioned attacks. The overhead of the proposed protocol compared to its predecessor is only 15.5% in terms of computational cost

Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme

Two-way Mechanism to Enhance Confidentiality and Accuracy of Shared Information

As such internet and information technology have influenced the human life significantly thus the current technology cannot solely assure the security of shared information. Hence, to fulfil such requirements mass amount of research have been undertaken by various researchers among which one of the mechanisms is the use of dynamic key rather than static one. In this regard, we have proposed a method of key generation to provide the dynamic keys. The scheme not only can change the key but also provide the error control mechanism. At the end of this paper, a comparison with the existing techniques has also been made to prove the efficiency of the proposed scheme