Two-factor remote authentication protocol with user anonymity based on elliptic curve cryptography

In order to provide secure remote access control, a robust and efficient authentication protocol should realize mutual authentication and session key agreement between clients and the remote server over public channels. Recently, Chun-Ta Li proposed a password authentication and user anonymity protocol by using smart cards, and they claimed that their protocol has satisfied all criteria required by remote authentication. However, we have found that his protocol cannot provide mutual authentication between clients and the remote server. To realize ‘real’ mutual authentication, we propose a two-factor remote authentication protocol based on elliptic curve cryptography in this paper, which not only satisfies the criteria but also bears low computational cost. Detailed analysis shows our proposed protocol is secure and more suitable for practical application

Post-Quantum Secure Remote Password Protocol from RLWE Problem

Secure Remote Password (SRP) protocol is an augmented Password-based Authenticated Key Exchange (PAKE) protocol based on discrete logarithm problem (DLP) with various attractive security features. Compared with basic PAKE protocols, SRP does not require server to store user\u27s password and user does not send password to server to authenticate. These features are desirable for secure client-server applications. SRP has gained extensive real-world deployment, including Apple iCloud, 1Password etc. However, with the advent of quantum computer and Shor\u27s algorithm, classic DLP-based public key cryptography algorithms are no longer secure, including SRP. Motivated by importance of SRP and threat from quantum attacks, we propose a RLWE-based SRP protocol (RLWE-SRP) which inherit advantages from SRP and elegant design from RLWE key exchange. We also present parameter choice and efficient portable C++ implementation of RLWE-SRP. Implementation of our 209-bit secure RLWE-SRP is more than 3x faster than 112-bit secure original SRP protocol, 5.5x faster than 80-bit secure J-PAKE and 14x faster than two 184-bit secure RLWE-based PAKE protocols with more desired properties

Competent Encryption Framework Based Secure Access Mechanism for Cloud Data Services

The demand for remote data storage and computation services is increasing exponentially in our data-driven society; thus, the need for secure access to such data and services. In this paper, we design a new -based authentication protocol to provide secure access to a remote (cloud) server. In the proposed approach, we consider data of a user as a secret credential. We then derive a unique identity from the user’s data, which is further used to generate the user’s private key. In addition, we propose an efficient approach to generate a session key between two communicating parties using for a secure message transmission. Session management in distributed Internet services is traditionally based on username and password, explicit logouts and mechanisms of user session expiration using classic timeouts. Emerging solutions allow substituting username and password with data during session establishment, but in such an approach still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the session timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by applying s in the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts based on the quality, frequency and type of data transparently acquired from the user. The analysis is carried out to assess the ability of the protocol to contrast security attacks exercised by different kinds of attackers

Provable Security Analysis of the Secure Remote Password Protocol

This paper analyses the Secure Remote Password Protocol (SRP) in the context of provable security. SRP is an asymmetric Password-Authenticated Key Exchange (aPAKE) protocol introduced in 1998. It allows a client to establish a shared cryptographic key with a server based on a password of potentially low entropy. Although the protocol was part of several standardization efforts, and is deployed in numerous commercial applications such as Apple Homekit, 1Password or Telegram, it still lacks a formal proof of security. This is mainly due to some of the protocol\u27s design choices which were implemented to circumvent patent issues. Our paper gives the first security analysis of SRP in the universal composability (UC) framework. We show that SRP is UC-secure against passive eavesdropping attacks under the standard CDH assumption in the random oracle model. We then highlight a major protocol change designed to thwart active attacks and propose a new assumption -- the additive Simultaneous Diffie Hellman (aSDH) assumption -- under which we can guarantee security in the presence of an active attacker. Using this new assumption as well as the Gap CDH assumption, we prove security of the SRP protocol against active attacks. Our proof is in the Angel-based UC framework , a relaxation of the UC framework which gives all parties access to an oracle with super-polynomial power. In our proof, we assume that all parties have access to a DDH oracle (limited to finite fields). We further discuss the plausibility of this assumption and which level of security can be shown without it

Enhanced IoT Wi-Fi protocol standard’s security using secure remote password

In the Internet of Things (IoT) environment, a network of devices is connected to exchange information to perform a specific task. Wi-Fi technology plays a significant role in IoT based applications. Most of the Wi-Fi-based IoT devices are manufactured without proper security protocols. Consequently, the low-security model makes the IoT devices vulnerable to intermediate attacks. The attacker can quickly target a vulnerable IoT device and breaches that vulnerable device's connected network devices. So, this research suggests a password protection based security solution to enhance Wi-Fi-based IoT network security. This password protection approach utilizes the secure remote password protocol (SRPP) in Wi-Fi network protocols to avoid brute force attack and dictionary attack in Wi-Fi-based IoT applications. The performance of the IoT security solution is implemented and evaluated in the GNS3 simulator. The simulation analysis report shows that the suggested password protection approach supports scalability, integrity and data protection against intermediate attacks

Modern methods for user authentication

Diplomová práce se zabývá moderními metodami autentizace uživatelů. V první části práce jsou stručně popsány protokoly, které se používají v současnosti a shrnuty jejich výhody a nevýhody. V teoretickém úvodu jsou pak rozebrány principy autentizace s nulovou znalostí, password-based protokoly a popsán návrh hašovací funkce nové generace. V praktické části jsou popsány konkrétní implementace autentizačních protokolů - Ohta-Okamoto protokol jako zástupce protokolů s nulovou znalostí a SRP (Secure Remote Password), který zastupuje password-based protokoly. V obou případech je popsán postup instalace, proveden rozbor jejich implementace na úrovni zdrojových kódů a ten následně porovnán s přenášenými daty zachycenými programem Wireshark. U protokolu SRP je provedeno ověření bezpečnosti nástrojem AVISPA. V závěru je u obou protokolů shrnuta bezpečnostní analýza.The main focus of Master’s thesis is modern methods for user authentication. In the first part are briefly described currently used protocols and pointed out thein advantages and disadvantages. The theoretical introduction analyzes the principles of zero-knowledge authentication, password-based protocols and describes the concept of a new generation hash function. The practical part describes the specific implementation of authentication protocols - Ohta-Okamoto protocol as a representative of the zero knowledge protocols and SRP (Secure Remote Password), which represents password-based protocols. In both cases, the installation procedure is described following the analysis of their implementation (at the source code level) and then compared with the transmitted data captured by Wireshark. The SRP protocol is verified by AVISPA tool. There is summary of both protocols security analysis in the conclusion.

Cryptanalysis of a Markov Chain Based User Authentication Scheme

Session key agreement protocol using smart card is extremely popular in client-server environment for secure communication. Remote user authentication protocol plays a crucial role in our daily life such as e-banking, bill-pay, online games, e-recharge, wireless sensor network, medical system, ubiquitous devices etc. Recently, Djellali et al. proposed a session key agreement protocol using smart card for ubiquitous devices. The main focus of this paper is to analyze security pitfalls of smart card and password based user authentication scheme. We have carefully reviewed Djellali et al.\u27s scheme and found that the same scheme suffers from several security weaknesses such as off-line password guessing attack, privileged insider attack. Moreover, we demonstrated that the Djellali et al.\u27s scheme does not provide proper security protection on the secret key of the server and presents inefficient password change phase