nach oben

Erschienen in:

19.05.2018

Secure Remote User Mutual Authentication Scheme with Key Agreement for Cloud Environment

verfasst von: Marimuthu Karuppiah, Ashok Kumar Das, Xiong Li, Saru Kumari, Fan Wu, Shehzad Ashraf Chaudhry, R. Niranchana

Erschienen in: Mobile Networks and Applications | Ausgabe 3/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks. Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally, we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.

Vorheriger Artikel RETRACTED ARTICLE: E-Health Cloud Security Using Timing Enabled Proxy Re-Encryption

Nächster Artikel Energy-Aware Fault-Tolerant Dynamic Task Scheduling Scheme for Virtualized Cloud Data Centers

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

Jetzt informieren

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

Jetzt informieren

Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772CrossRef

Hwang T-Y (1983) Password authentication using public-key encryption. In: Proceedings of IEEE international Carnahan conference on security technology, pp 141–144

Harn L, Huang D, Laih CS (1989) Password authentication using public-key cryptography. Computers and Mathematics with Applications 18(12):1001–1017MathSciNetMATHCrossRef

Shimizu A (1991) A dynamic password authentication method using a one-way function. Systems and Computers in Japan 22(7):32–40CrossRef

Neil H (1994) The s/key (tm) one-time password system. In: Symposium on network and distributed system security, pp 151–157

Shieh S-P, Yang W-H, Sun H-M (1997) An authentication protocol without trusted third party. IEEE Commun Lett 1(3):87–89CrossRef

Sandirigama M, Shimizu A (2000) Simple and secure password authentication protocol (sas). IEICE Trans Commun 83(6):1363–1365

Chang C-C, Wu T-C (1991) Remote password authentication with smart cards. IEE Proceedings Computers and Digital Techniques 138(3):165–168CrossRef

Hwang M-S, Li L-H (2000) A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(1):28–30CrossRef

10.

Chan C-K, Cheng L-M (2000) Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):992–993CrossRef

11.

Chang C-C (2003) Some forgery attacks on a remote user authentication scheme using smart cards. Informatica 14(3):289–294MathSciNetMATH

12.

Yeh H-T, Sun H-M, Hsieh B-T (2004) Security of a remote user authentication scheme using smart cards. IEICE Trans Commun 87(1):192–194

13.

Sun H-M (2000) An efficient remote use authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961CrossRef

14.

Chien H-Y, Jan J-K, Tseng Y-M (2002) An efficient and practical solution to remote authentication: smart card. Comput Secur 21(4):372–375CrossRef

15.

Hsu C-L (2004) Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces 26(3):167–169MathSciNetCrossRef

16.

Ku W-C, Chen S-M (2004) Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(1):204–207CrossRef

17.

Lee S-W, Kim H-S, Yoo K-Y (2005) Improvement of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces 27(2):181–183CrossRef

18.

Yoon E-J, Ryu E-K, Yoo K-Y (2004) Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(2):612–614CrossRef

19.

Sood SK, Sarje AK, Singh K (2010) An improvement of wang others.’s authentication scheme using smart cards. In: 2010 national conference on communications (NCC). IEEE, pp 1–5

20.

Song R (2010) Advanced smart card based password authentication protocol. Computer Standards & Interfaces 32(5):321–325CrossRef

21.

Chen B-L, Kuo W-C, Wuu L-C (2014) Robust smart-card-based remote user password authentication scheme. Int J Commun Syst 27(2):377–389CrossRef

22.

Li X, Niu J, Khan MK, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371CrossRef

23.

Xu J, Zhu W-T, Feng D-G (2009) An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 31(4):723–728CrossRef

24.

Jiang Q, Khan MK, Lu X, Ma J, He D (2016) A privacy preserving three-factor authentication protocol for e-health clouds. J Supercomput 72(10):3826–3849CrossRef

25.

Jiang Q, Chen Z, Li B, Shen J, Yang L, Ma J (2017) Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. J Ambient Intell Humaniz Comput:1–13

26.

Das ML, Saxena A, Gulati VP (2004) A dynamic id-based remote user authentication scheme. IEEE Trans Consum Electron 50(2):629–631CrossRef

27.

Liao I-E, Lee C-C, Hwang M-S (2005) Security enhancement for a dynamic id-based remote user authentication scheme. In: International conference on next generation web services practices, 2005. NWeSP 2005. IEEE, p 4

28.

Yoon E-J, Yoo K-Y (2006) Improving the dynamic id-based remote mutual authentication scheme. In: OTM confederated international conferences on the move to meaningful internet systems. Springer, pp 499–507

29.

Wang Y-Y, Liu J-Y, Xiao F-X, Dan J (2009) A more efficient and secure dynamic id-based remote user authentication scheme. Comput Commun 32(4):583–585CrossRef

30.

Wen F, Li X (2012) An improved dynamic id-based remote user authentication with key agreement scheme. Comput Electr Eng 38(2):381–387CrossRef

31.

Chang Y-F, Tai W-L, Chang H-C (2014) Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int J Commun Syst 27(11):3430–3440

32.

Jiang Q, Ma J, Li G, Li X (2015) Improvement of robust smart-card-based password authentication scheme. Int J Commun Syst 28(2):383–393CrossRef

33.

Xie Q, Dong N, Wong DS, Hu B (2016) Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. Int J Commun Syst 29(3):478–487CrossRef

34.

Kumari S, Khan MK, Li X (2014) An improved remote user authentication scheme with key agreement. Comput Electr Eng 40(6):1997–2012CrossRef

35.

Lu Y, Li L, Peng H, Yang Y (2016) Robust anonymous two-factor authenticated key exchange scheme for mobile client-server environment. Security and Communication Networks 9(11):1331–1339CrossRef

36.

Wang D, Gu Q, Cheng H, Wang P (2016) The request for better measurement: a comparative evaluation of two-factor authentication schemes. In: Proceedings of the 11th ACM on Asia conference on computer and communications security. ACM, pp 475–486

37.

Kaul SD, Awasthi AK (2016) Security enhancement of an improved remote user authentication scheme with key agreement. Wirel Pers Commun 89(2):621–637CrossRef

38.

Qi M, Chen J (2017) An efficient two-party authentication key exchange protocol for mobile environment. Int J Commun Syst 30(16):1–8CrossRef

39.

Wang C, Wang D, Xu G, Guo Y (2017) A lightweight password-based authentication protocol using smart card. Int J Commun Syst 30(16):1–11CrossRef

40.

Liao I-E, Lee C-C, Hwang M-S (2006) A password authentication scheme over insecure networks. J Comput Syst Sci 72(4):727–740MathSciNetMATHCrossRef

41.

Wu S, Zhu Y, Pu Q (2012) Robust smart-cards-based user authentication scheme with user anonymity. Security and Communication Networks 5(2):236–248CrossRef

42.

Yang G, Wong DS, Wang H, Deng X (2008) Two-factor mutual authentication based on smart cards and passwords. J Comput Syst Sci 74(7):1160–1172MathSciNetMATHCrossRef

43.

Madhusudhan R, Mittal RC (2012) Dynamic id-based remote user password authentication schemes using smart cards: a review. J Netw Comput Appl 35(4):1235–1248CrossRef

44.

Wang D, Cheng H, He D, Wang P (2018) On the challenges in designing identity-based privacy-preserving authentication schemes for mobile devices. IEEE Syst J 12(1):916–925CrossRef

45.

Karuppiah M (2016) Remote user authentication scheme using smart card: a review. Int J Internet Protoc Technol 9(2-3):107–120CrossRef

46.

Karuppiah M, Saravanan R (2014) A secure remote user mutual authentication scheme using smart cards. Journal of Information Security and Applications 19(4):282–294CrossRef

47.

Karuppiah M, Saravanan R (2015) A secure authentication scheme with user anonymity for roaming service in global mobility networks. Wirel Pers Commun 84(3):2055–2078CrossRef

48.

Wu F, Xu L, Kumari S, Li X, Das AK, Khan MK, Karuppiah M, Baliyan R (2016) A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks. Security and Communication Networks 9(16):3527–3542CrossRef

49.

Karuppiah M, Saravanan R (2015) Cryptanalysis and an improvement of new remote mutual authentication scheme using smart cards. J Discret Math Sci Cryptogr 18(5):623–649MathSciNetCrossRef

50.

Wang D, Wang P, Liu J (2014) Improved privacy-preserving authentication scheme for roaming service in mobile networks. In: 2014 IEEE wireless communications and networking conference (WCNC). IEEE, pp 3136–3141

51.

Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetMATHCrossRef

52.

Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual international cryptology conference. Springer, pp 388–397

53.

Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552MathSciNetMATHCrossRef

54.

Ma C-G, Wang D, Zhao S-D (2014) Security flaws in two improved remote user authentication schemes using smart cards. Int J Commun Syst 27(10):2215–2227CrossRef

55.

Bonneau J, Herley C, Van Oorschot PC, Stajano F (2012) The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: 2012 IEEE symposium on security and privacy. IEEE, pp 553–567

56.

Odelu V, Das AK, Goswami A (2015) An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card. Journal of Information Security and Applications 21:1–19CrossRef

57.

Sarkar P (2010) A simple and generic construction of authenticated encryption with associated data. ACM Trans Inf Syst Secur 13(4):33CrossRef

58.

Stinson DR (2006) Some observations on the theory of cryptographic hash functions. Des Codes Crypt 38 (2):259–277MathSciNetMATHCrossRef

59.

Das AK (2013) A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Netw Sci 2(1):12–27CrossRef

60.

Abdalla M, Fouque PA, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: 8th international workshop on theory and practice in public key cryptography public key cryptography (PKC 2005), vol 3386 of Lecture Notes in Computer Science, pp 65–84, Les Diablerets, Switzerland. Springer, Berlin

61.

Chang CC, Le HD (2016) A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366MathSciNetCrossRef

62.

Das AK, Kumari S, Odelu V, Li X, Wu F, Huang X (2016) Provably secure user authentication and key agreement scheme for wireless sensor networks. Security and Communication Networks 9(16):3670–3687CrossRef

63.

Wang D, He D, Wang P, Chu C-H (2015) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Dependable Secure Comput 12(4):428–442CrossRef

64.

Islam SK (2014) Design and analysis of an improved smartcard-based remote user password authentication scheme. Int J Commun Syst 29(11):1708–1719CrossRef

65.

Scott M, Costigan N, Abdulwahab W (2006) Implementing cryptographic pairings on smartcards. In: International workshop on cryptographic hardware and embedded systems. Springer, pp 134–147

66.

Crypto+ + library. [online]. http://www.cryptopp.com

Titel: Secure Remote User Mutual Authentication Scheme with Key Agreement for Cloud Environment
verfasst von: Marimuthu Karuppiah
Ashok Kumar Das
Xiong Li
Saru Kumari
Fan Wu
Shehzad Ashraf Chaudhry
R. Niranchana
Publikationsdatum: 19.05.2018
Verlag: Springer US
Erschienen in: Mobile Networks and Applications / Ausgabe 3/2019
Print ISSN: 1383-469X
Elektronische ISSN: 1572-8153
DOI: https://doi.org/10.1007/s11036-018-1061-8

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Carina Kießling von der Strategieberatung Roland Berger/© Monika Walther Fotografie | ATZ, Beijing Auto Show 2024: Deutsche Hersteller wollen angreifen./© EKH-Pictures / Generated with AI / Stock.adobe.com, Buchstaben, die aus einem Megaphon kommen/© MicroStockHub/Getty Images/iStock, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelektronik

ATZelectronics worldwide

Weitere Artikel der Ausgabe 3/2019

Decentralised Functional Signatures

The Digital Fingerprinting Analysis of Generic Twitter Sessions from Internet of Things Security Aspect

Data Driven Cyber-Physical System for Landslide Detection

SHSec: SDN based Secure Smart Home Network Architecture for Internet of Things

Price Versus Performance of Big Data Analysis for Cloud Based Internet of Things Networks

Editorial: Advanced Industrial Networks with IoT and Big Data

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.