MOTP: An Identity Authentication Scheme for M-Commerce
|
|
- Mitchell Holmes
- 5 years ago
- Views:
Transcription
1 Chinese Journal of Electronics Vol.22, No.1, Jan MOTP: An Identity Authentication Scheme for M-Commerce ZHU Xiaomin 1, SHANG Xiaopu 2, WANG Chuanchen 2 and ZHANG Runtong 2 (1.School of Mechanical, Electronic and Control Engineering, Beijing Jiaotong University, Beijing , China) (2.Institute of Information Systems, Beijing Jiaotong University, Beijing , China) Abstract With the development of E-commerce and mobile communication technology, Mobile E-commerce (M-commerce) has become one of the important means of trade. Identity authentication is the basic security issue in M-commerce. In this paper, an efficient Elliptic curve based One-time password (OTP) identity authentication scheme (MOTP) for M-commerce is proposed, also, International mobile equipment identity (IMEI) of mobile devices is introduced as an important authentication factors. At the end, this paper analyzes the novel scheme by BAN logic and does simulation in OPNET. Key words M-commerce, Identity authentication, One-time password (OTP), BAN Logic, Simulation. I. Introduction M-commerce refers to a form of business that conducts commerce using mobile device. One of most security issues is how to realize identity certification which can avoid a fake server get user s private information or a fake user s client get sensitive information from server, and finally prevent economic loss. Currently, majority of the authentication certification is based on the simple user name/password and short message [1,2]. These methods make the length of transmitted cipher key short and easily intercepted by others during wireless transmission. In order to increase security of authentication, some authentication methods based on biological characteristics (e.g. fingerprints) are proposed, however, it is also vulnerable to replay attacks [3,4] and the device cost is high, which are not suitable for universal use in wireless communication networks [5,6]. Also, some authentication systems use digital signature techniques, but they have to run on a complete Certification authority (CA) system, besides, the cost of certification process is high, which increases the requirement for mobile device s performance [7]. Lamport [8] first proposed the usage of HASH function to generate One-time passwords (OTP), the OTP authentication technology does not require third-party certification, with low calculation workload and cost, can be easily and quickly loaded on any system without additional hardware, although some improvement should be done, it is still a relatively feasible scheme suitable in M- commerce [9]. This paper, follows the idea of OTP, presents a bidirectional identity authentication scheme MOTP to improve the securityinm-commerce. Theschemealsomakesuseofelliptic curve algorithm to improve the authentication security, and introduces IMEI as the sole identifier of mobile device. In the next section, we describe the scheme of MOTP. The security and performance of the scheme is analyzed in Section III and Section IV. Finally, we conclude in Section V. II. The Scheme of MOTP MOTP use OTP as the basic idea, for OTP is simple on implementation and its requirement on device s compute ability is low, the communication times between server and client is not so many, and it doesn t need 3rd parity authentication during the process. Traditionally, OTP schemes can be divided into three types [10] : password sequence (S/Key) scheme, scheme of time synchronization and challenge/response scheme. In environment of M-commerce, OTP schemes have the following problems: (1) Lack of a two-way authentication between client and server; (2) The challenge/response scheme, require hardware support; (3) The S/Key scheme cannot effectively resist the smallnumber-attacks; (4) The time synchronization scheme has high requirements of time synchronization and propagation delay on both the client and server. 1. Considerations on the scheme design The novel identity authentication scheme we proposed in this paper for M-commerce will realize: (1) Two-way authentication between client and server. (2) Resist against replay-attacks and small-numberattacks. The authentication process will be divided into two stages. Manuscript Received Mar. 2012; Accepted Apr This work is supported by the National Natural Science Foundation of China (No ), Beijing Natural Science Foundation (No ), the Fundamental Research Funds for Central Universities of China (No.2011JBM365, No.2011YJS226) and Beijing Municipal Science and Technology Commission (No.Z ).
2 MOTP: An Identity Authentication Scheme for M-Commerce 147 (3) Computational load and the implemental costs are minimized compared with the existing OTP schemes. The whole authentication process will be divided into two parts. The first part is the authentication of the user s identity on mobile device; the second part is the authentication between mobile device and server. In this paper, we only focus on the second part. 2. Registration stage In the registration process, users using the server generate secure elliptic curve generated by the user s public key, private key, then the user with the server public key exchange, the last user to register the server s public key encryption. The ID and password (PW) are chosen by the user during the registration, before registration, the server generates secure elliptic curve (ECC) parameters, and selects its private key (KSS) as well as public keys (KSR). When user applies for registration, the server sends ECC parameters with KSR to user, user selects its own private key (KUS) and public key (KUR) When registration, MOTP follows the following steps: (1) User inputs registration ID and PW, then the user send encrypted PW, current time T and device s IMEI to server. (2) The server decrypts and saves IMEI, encrypted PW and T 0 for further certification (suppose IMEI and PW), then send successful registration message to user. Fig.1 shows the whole stage and here E means encryption. Fig. 1. The registration stage 3. The authentication stage The authentication process follows the following steps: (1) User enters the ID and PW and sends them to server after encryption, the server receives and checks IMEI,verifies whether E KUR(PW)isequaltoE KUR(PW). If they are the same, the process continues, otherwise the login process is stopped. (2) The user extracts the login time T 1, and sends A=E KSR(IMEI,T 1) to server, and saves T 1 temporarily. (3) The server uses its private key to decrypt E KSS(A), obtains IMEI and T 1, then sends B=E KUR(IMEI,T 1,T 0)to user. (4) The User decrypts E KUS(B) by its private key, obtains IMEI, T 1 and T 0. They are compared with the T 1 saved earlier, if they are equal, the server authentication is completed, otherwise the login process is stopped. At the same time, T 0 is shown to the user, in order to the check the latest login time to prevent theft of account. (5) The User sends C=E KSR(IMEI,T 0)toserver,and the server uses the private key to decrypt E KSS(C), obtains IMEI and T 0, which are compared with the T 0 saved earlier; If they are identical, the user is verified, otherwise the login process is stopped.. (6) The client end destructs T 1, and the server replaces T 0 with T 1. The login process is finished. Fig.2 shows the whole process of login stage. Fig. 2. The login stage 4. Security analysis on the scheme By using MOTP, the following advantages on security can be achieved: (1) Realizes two-way authentication. Step (4) realized the authentication for server, the user end decrypts E KUS(B) by the private key, obtains IMEI, T 1 and T 0.ThisisthencomparedwiththeT 1 saved earlier; step (5) realized the authentication for user, the server decrypts E KSS(C) with the private key and obtains IMEI, T 1 and T 0, which are compared with the initially saved T 0. (2) Resists against replay attacks and small-numberattacks effectively. The uncertain factor proposed in this certification scheme is the time T, thereby the passwords are only valid once, and the information intercepted by the attacker is not valid for the next use. Meanwhile, the OTPs are a combination of public and private key with IMEI, which differs from traditional S/Key scheme, which also prevents smallnumber-attacks. (3) The password in form of clear text only appears on the user device. For during the transmission in the network, it will be in the form of encrypted message with high security. III. The Proof of Logicality of the Scheme 1. Introduction of Proof on BAN Logicality In this paper, we use BAN logic as formal analytical tools to analyze MOTP and prove its security. Some relevant inferential rules of BAN logical proof include:
3 148 Chinese Journal of Electronics 2013 (R1) The message implication rule: P Q K P, P {X} K P Q X (R2) The nonce-verification rule: (R3) The arbitration rule: (R4) The belief rule: P X, P Y P (X, Y ) (R5) The freshness rule: P #(X),P Q X P Q X P Q X, P Q X P X P (X, Y ) P X P #(X) P #(X, Y ) P Q (X, Y ) P Q X The objectives which the logical proofs of BAN logic need to achieve include the following two levels of beliefs: Primary belief: Secondary belief: A A K B, B A K B A B A K B, B A A K B If the authentication protocol is lack of key agreement function, then K may be replaced by the authentication information agreed by the main participant, and if the outcome of the analysis on the protocol could achieve the ultimate belief, then the protocol can be considered secure, otherwise, the protocol is considered flawed. 2. Modeling of the scheme If we take C as user, S as server, the protocol during the registration stage can be described as follows: (M1) C S: IMEI, E KUR(PW); (M2) S C: successful message M; (M3) C S: E KSR(IMEI,T 1); (M4) S C: E KUR(IMEI,T 1,T 0); (M5) C S: E KSR(IMEI,T 0); (M6) S C: successful message M. The first, second and sixth messages were neglected during the above step, as they play no role in analyzing the logic attributes of the protocol. To simplify, T 1 and T 0 are treated as one random number. The idealized protocol as follows (M3) C S: E KSR(IMEI,T 1); (M4) S C: E KUR(IMEI,T 1,T 0); (M5) C S: E KSR(IMEI,T 0). Some assumptions of initialized state as follows: (A1) S KSR; (A2) C KUR; (A3) C IMEI; (A4) S #(IMEI); (A5) C #(IMEI); (A6) S C => IMEI. 3. The logical reasoning From M3 we obtain: (F1) S<E KSR(IMEI,T 1); Using F1 and A1, and applying R1, the following is obtained: (F2) S C (IMEI,T 1); Using A3 and applying Rule (7), the following is obtained: (F3) S C#(IMEI,T 1); Using F2 and F3, and applying R2, we obtain: (F4) S C (IMEI,T 1); Using F4 and applying R4, we obtain: (F5) S C IMEI; Using F5 and A6, and applying R3, we obtain: (F6) S IMEI; From M4 we know that: (F7) C<E KSR(IMEI,T 1); Using F7 and A2, and applying R1, we obtain: (F8) C S (IMEI,T 1); Using A4, and applying R7, we obtain: (F9) C S#(IMEI,T 1); Using F8 and F9, and applying R3, we obtain: (F10) C S (IMEI,T 1); Using F10 and applying R4, we obtain: (F11) C S IMEI. The above analysis indicates that the protocol is consistent with the ultimate goal, which achieved certification purposes, i.e. the primary belief: A3 and F6; and secondary belief: F6 and F11. Similarly, if the scheme corresponds with the ultimate goal after logic reasoning for the login stage, and achieves the objective of authentication, then we have primary belief as: A5 and function S IMEI, and secondary belief as: function S C = IMEI and C S IMEI. Thus, the formal analysis of MOTP is completed. IV. Simulations In this section, we will simulate three authentication schemes on OPNET Modeler 8.1. Except the scheme we proposed, another two schemes in Refs.[11] and [12] are used as comparison. The simulation time is 30 minutes; AES algorithm with key length of 128bits is used for the symmetric encryption function; the modulus length for modular exponential computation is 1024bits; the model of the simulation network layer is in the form of a client connection. In the first and second simulation, thicker solid line represents MOTP, the thinner solid line represents the challenge/response scheme, and the thin dotted line represents the simple username/password model. 1. Single runtime of the schemes Fig.3 shows the simulation result and the runtimes of three models are compared. The vertical axis represents the runtime of authentication process.
4 MOTP: An Identity Authentication Scheme for M-Commerce 149 Fig. 3. Runtime Fig. 4. The Channel utilization rate Fig. 5. Queue delay Due to the adoption of elliptic curve technology in MOTP, the runtime is longer than that of the simple dynamic password authentication, which is about 0.5s for average. Though its average runtime maintains at around 1.75s, it is in the acceptable range. The runtime of challenge/response scheme is 0.05s longer than ours, because MOTP has fewer handshakes between user and server, as well as a faster asymmetric key encryption algorithm which is the elliptic curve algorithm. 2. Channel utilization rate Fig.4 demonstrates the channel utilization rates of the two models. In this simulation, six connections between mobile devices and server are established. Until the system reach stable status, the channel utilization rate of MOTP is about 4.8%, the simple password authentication model is around 4.5%, and the rate of traditional time synchronization technology certification program is about 5.0%. In comparison with the traditional time synchronization authentication scheme, MOTP has a lower utilization rate; it means accommodate more user access at the same time. On the other hand, due to the simple username/password scheme of this program having no encryption/decryption and computational skills, it has a little lower utilization rate. In other words, the new enhances the security of the authentication but not increase the channel burden. 3. Delay analysis The outcome of the delay simulation on the scheme is shown in Fig.5. In this diagram, the vertical axis represents the delayed time in seconds. Δ represents the model of MOTP, represents the traditional challenge/response authentication scheme model, represents the simple username/password authentication model. As to the servers, the shorter the delay time, the higher the efficiency to response user s requests, which can improve the quality of service. The average delay time of the novel scheme is about 0.147s; The delay time of the traditional time synchronization technology certification scheme is around 0.188s; The simple user name/password authentication model has average value of 0.187s. Obviously, MOTP has higher efficiency to respond user s requests when running. 4. Summary of simulations Based on the simulation, MOTP has no major difference on performance compared with the simple username/password authentication scheme. However, the security performance is improved. Meanwhile, compared with the challenge/response authentication scheme, the performance of MOTP is better (show as Table 1). Table 1. Overall results of simulations on OPNET Parameters of Challenge/response simulation scheme MOTP Single runtime of models Longer Shorter Delay Longer Shorter Utilization rate Higher Lower V. Conclusions The authentication of user identity is the premise of ensuring information security in M-commerce. OTP is relatively safe and efficient comparing with other authentication schemes, moreover, it is easy to implement and utilize, which is suitable for identity authentication in M-commerce. Considering the attributes of M-commerce environment as well as the problems may exist when adopt OTP in M-commerce, this paper proposed MOTP, a novel identity authentication scheme, and proved the scheme by BAN formal protocol, finally did simulation on OPNET. Based on the analysis and simulation, it can conclude that MOTP has high simplicity and implemental efficiency. More important, the novel scheme totally satisfies the requirement of a two-way authentication, overcomes some weak points that similar schemes possess, also it prevents replay attacks and counterfeiting attacks effectively, it is a suitable and advanced authentication scheme in M-commerce. References [1] Yu Zheng, Dake He and Mingxing He, An authentication scheme in mobile terminal users based on trusted computation, Chinese Journal of Computers, Vol.29, No.8, pp , [2] Mu Yang, Runtong Zhang and Yi Yang, New OTP authentication scheme for m-commerce based on one time password, Computer Security, Vol.28, No.B06, pp.71 72, 75, [3] Chao Li, Yang Xin, Xinxin Niu, Identity authentication scheme based on biometric certificate, Computer Engineering, Vol.33, No.20, pp , [4] L. Fan, C.X. Xu, J.H. Li, User authentication scheme using smart cards for multi-server environments, Chinese Journal of Electronics, Vol.15, No.1, pp.79 84, [5] Ji Dongyao, Wang Yumin, An Authentication and Micropayment Protocol for Mobile Computing Network, Acta Electronica Sinica, Vol.30, No.4, pp , (in Chinese)
5 150 Chinese Journal of Electronics 2013 [6] Ping Han, Yanqin Zhu, Xizhao Luo, Identity authentication scheme using OTP in wireless LAN, Computer Engineering, Vol.34, No.14, pp , 165, [7] Tianfa Liu, Qiyuan Feng, Guiyong Yang, Reserch of authentication technique based on OTP, Computer Applications and Software, Vol.8, No.8, pp , 206, [8] L. Lamport, Password authentication with insecure communication, Communication of ACM, Vol.24, No.11, pp , [9] Chunli Lin, Chingpo Hung, Masquerade on one-time password authentication scheme, Future Generation Communication and Networking, Vol.2, pp , [10] Hesheng Wu, Xunli Fan, Weimin Wu, An efficient one-time password authentication, Application Research of Computers, Vol.20, No.8, pp.57 59, [11] T.H. Chert, W.B. Lee, G. Horng, Secure SAS-like password authentication schemes, Computer Standards and Interfaces, Vol.27, No.1, pp.25 31, [12] G. Horn, K.M. Martin, C.J. Mitchell, Authentication protocols for mobile network environment value-added services, IEEE Transaction on Vehicular Technology, Vol.51, No.2, pp , ZHU Xiaomin received B.S. and M.S. degrees from Tianjin University, Tianjin, China, in 1985 and in 1988, respectively, and the Ph.D. degree from Technical University of Crete, Greece, in She is presently an Associate Professor in the School of Mechanical, Electronic and Control Engineering at Beijing Jiaotong University in China. Her research interests cover E-commerce, system evaluation and optimization, and optimal control, and she has participated/was in charge of over 40 research projects in those related areas. She has published 58 papers and is an author or co-author of 15 books. ( SHANG Xiaopu received B.S. degree from PLA Information Engineering University, Zhengzhou, China, in He is currently a Ph.D. candidate in Information System at the Beijing Jiaotong University, Beijing, China. His research interests include wireless sensor networks and information security. ( shangxiaopu@bjtu.edu.cn) WANG Chuanchen received the B.S. degree from Tsinghua University, Beijing, China, in He is currently working toward the Ph.D. degree in Information Management at the Beijing Jiaotong University, Beijing, China. His current main research areas include electronic publication, group key management and secure group communication. ( wcc@phei.com.cn) ZHANG Runtong (Correspondence author) received B.S. degree from Dalian Maritime University, Liaoning, China, in 1985, and the Ph.D. degree from Technical University of Crete, Greece, in He is presently a Professor and the Director of Institute of Information Systems at the Beijing Jiaotong University in China. His research interests cover traffic engineering in mobile communication, optimal control and information security. ( rtzhang@bjtu.edu.cn)
An Efficient and Secure Multi-server Smart Card based Authentication Scheme
An Efficient Secure Multi-server Smart Card based Authentication Scheme Toshi Jain Department of r Science Engineering Oriental Institute of Science & Technology Bhopal, India Seep Pratap Singh Department
More informationRemote User Authentication Scheme in Multi-server Environment using Smart Card
Remote User Authentication Scheme in Multi-server Environment using Smart Card Jitendra Kumar Tyagi A.K. Srivastava Pratap Singh Patwal ABSTRACT In a single server environment, one server is responsible
More informationEfficient remote mutual authentication and key agreement
computers & security 25 (2006) 72 77 available at www.sciencedirect.com journal homepage: www.elsevier.com/locate/cose Efficient remote mutual authentication and key agreement Wen-Gong Shieh*, Jian-Min
More informationSmart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme
Smart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme Y.. Lee Department of Security Technology and Management WuFeng niversity, hiayi, 653, Taiwan yclee@wfu.edu.tw ABSTRAT Due
More informationA Smart Card Based Authentication Protocol for Strong Passwords
A Smart Card Based Authentication Protocol for Strong Passwords Chin-Chen Chang 1,2 and Hao-Chuan Tsai 2 1 Department of Computer Science and Information Engineering, Feng Chia University, Taichung, Taiwan,
More informationSecurity Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards
Security Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards Younghwa An Computer Media Information Engineering, Kangnam University, 111, Gugal-dong, Giheung-gu, Yongin-si,
More informationOn the Security of Yoon and Yoo s Biometrics Remote User Authentication Scheme
On the Security of Yoon and Yoo s Biometrics Remote User Authentication Scheme MING LIU * Department of Tourism Management WEN-GONG SHIEH Department of Information Management Chinese Culture University
More informationEfficient password authenticated key agreement using bilinear pairings
Mathematical and Computer Modelling ( ) www.elsevier.com/locate/mcm Efficient password authenticated key agreement using bilinear pairings Wen-Shenq Juang, Wei-Ken Nien Department of Information Management,
More informationSecure Smart Card Based Remote User Authentication Scheme for Multi-server Environment
Secure Smart Card Based Remote User Authentication Scheme for Multi-server Environment Archana P.S, Athira Mohanan M-Tech Student [Cyber Security], Sree Narayana Gurukulam College of Engineering Ernakulam,
More informationA Simple User Authentication Scheme for Grid Computing
International Journal of Network Security, Vol.7, No.2, PP.202 206, Sept. 2008 202 A Simple User Authentication Scheme for Grid Computing Rongxing Lu, Zhenfu Cao, Zhenchuan Chai, and Xiaohui Liang (Corresponding
More informationA SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS
ISSN 1392 124X INFORMATION TECHNOLOGY AND CONTROL, 2012, Vol.41, No.1 A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS Bae-Ling Chen 1, Wen-Chung Kuo 2*, Lih-Chyau Wuu 3 1
More informationA SMART CARD BASED AUTHENTICATION SCHEME FOR REMOTE USER LOGIN AND VERIFICATION. Received April 2011; revised September 2011
International Journal of Innovative Computing, Information and Control ICIC International c 2012 ISSN 1349-4198 Volume 8, Number 8, August 2012 pp. 5499 5511 A SMART CARD BASED AUTHENTICATION SCHEME FOR
More informationStudy on data encryption technology in network information security. Jianliang Meng, Tao Wu a
nd International Workshop on Materials Engineering and Computer Sciences (IWMECS 05) Study on data encryption technology in network information security Jianliang Meng, Tao Wu a School of North China Electric
More informationA Simple Password Authentication Scheme Based on Geometric Hashing Function
International Journal of Network ecurity, Vol.16, No.3, PP.237-243, May 2014 237 A imple Password Authentication cheme Based on Geometric Hashing Function Xu Zhuang 1, Chin-Chen Chang 2,3, Zhi-Hui Wang
More informationResearch and Design of Crypto Card Virtualization Framework Lei SUN, Ze-wu WANG and Rui-chen SUN
2016 International Conference on Wireless Communication and Network Engineering (WCNE 2016) ISBN: 978-1-60595-403-5 Research and Design of Crypto Card Virtualization Framework Lei SUN, Ze-wu WANG and Rui-chen
More informationArticle An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks
Article An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks Youngseok Chung 1,2, Seokjin Choi 1, Youngsook Lee 3, Namje Park
More informationSecurity Flaws of Cheng et al. s Biometric-based Remote User Authentication Scheme Using Quadratic Residues
Contemporary Engineering Sciences, Vol. 7, 2014, no. 26, 1467-1473 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.49118 Security Flaws of Cheng et al. s Biometric-based Remote User Authentication
More informationISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 10, April 2014
Two Way User Authentication Using Biometric Based Scheme for Wireless Sensor Networks Srikanth S P (Assistant professor, CSE Department, MVJCE, Bangalore) Deepika S Haliyal (PG Student, CSE Department,
More informationAn Improved Timestamp-Based Password Authentication Scheme Using Smart Cards
An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards Al-Sakib Khan Pathan and Choong Seon Hong Department of Computer Engineering, Kyung Hee University, Korea spathan@networking.khu.ac.kr
More informationA FAST HANDSHAKE CACHING PROTOCOL WITH CACHING CENTER
INTERNATIONAL JOURNAL OF INFORMATION AND SYSTEMS SCIENCES Volume 1, Number 2, Pages 137 149 c 2005 Institute for Scientific Computing and Information A FAST HANDSHAKE CACHING PROTOCOL WITH CACHING CENTER
More informationA Compatible Public Service Platform for Multi-Electronic Certification Authority
Applied Mechanics and Materials Submitted: 2014-04-26 ISSN: 1662-7482, Vol. 610, pp 579-583 Accepted: 2014-05-26 doi:10.4028/www.scientific.net/amm.610.579 Online: 2014-08-11 2014 Trans Tech Publications,
More informationRobust Two-factor Smart Card Authentication
Robust Two-factor Smart Card Authentication Omer Mert Candan Sabanci University Istanbul, Turkey mcandan@sabanciuniv.edu Abstract Being very resilient devices, smart cards have been commonly used for two-factor
More informationA Multi-function Password Mutual Authentication Key Agreement Scheme with Privacy Preservingg
Journal of Information Hiding and Multimedia Signal Processing 2014 ISSN 2073-4212 Ubiquitous International Volume 5, Number 2, April 2014 A Multi-function Password Mutual Authentication Key Agreement
More informationGrenzen der Kryptographie
Microsoft Research Grenzen der Kryptographie Dieter Gollmann Microsoft Research 1 Summary Crypto does not solve security problems Crypto transforms security problems Typically, the new problems relate
More informationA Simple User Authentication Scheme for Grid Computing
A Simple User Authentication Scheme for Grid Computing Rongxing Lu, Zhenfu Cao, Zhenchuai Chai, Xiaohui Liang Department of Computer Science and Engineering, Shanghai Jiao Tong University 800 Dongchuan
More informationA ROBUST AND FLEXIBLE BIOMETRICS REMOTE USER AUTHENTICATION SCHEME. Received September 2010; revised January 2011
International Journal of Innovative Computing, Information and Control ICIC International c 2012 ISSN 1349-4198 Volume 8, Number 5(A), May 2012 pp. 3173 3188 A ROBUST AND FLEXIBLE BIOMETRICS REMOTE USER
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationSource Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network
Source Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network 1 Ms.Anisha Viswan, 2 Ms.T.Poongodi, 3 Ms.Ranjima P, 4 Ms.Minimol Mathew 1,3,4 PG Scholar, 2 Assistant Professor,
More informationCryptanalysis on Four Two-Party Authentication Protocols
Cryptanalysis on Four Two-Party Authentication Protocols Yalin Chen Institute of Information Systems and Applications, NTHU, Tawain d949702@oz.nthu.edu.tw Jue-Sam Chou * Dept. of Information Management
More informationAn Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings
An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings Debasis Giri and P. D. Srivastava Department of Mathematics Indian Institute of Technology, Kharagpur 721 302, India
More informationA Two-Fold Authentication Mechanism for Network Security
Asian Journal of Engineering and Applied Technology ISSN 2249-068X Vol. 7 No. 2, 2018, pp. 86-90 The Research Publication, www.trp.org.in A Two-Fold for Network Security D. Selvamani 1 and V Selvi 2 1
More informationA flexible biometrics remote user authentication scheme
Computer Standards & Interfaces 27 (2004) 19 23 www.elsevier.com/locate/csi A flexible biometrics remote user authentication scheme Chu-Hsing Lin*, Yi-Yi Lai Department of Computer Science and Information
More informationThe Password Change Phase is Still Insecure
Manoj Kumar: The password change phase change is still insecure 1 The Password Change Phase is Still Insecure Manoj Kumar!"#$ %&''%% E. Mail: yamu_balyan@yahoo.co.in Abstract In 2004, W. C. Ku and S. M.
More informationCryptanalysis and Improvement of a Dynamic ID Based Remote User Authentication Scheme Using Smart Cards
Journal of Computational Information Systems 9: 14 (2013) 5513 5520 Available at http://www.jofcis.com Cryptanalysis and Improvement of a Dynamic ID Based Remote User Authentication Scheme Using Smart
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationOn the Security of a Certificateless Public-Key Encryption
On the Security of a Certificateless Public-Key Encryption Zhenfeng Zhang, Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080,
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationResearch on System Login Security Encryption Method Based on MD5
2016 International Conference on Control and Automation (ICCA 2016) ISBN: 978-1-60595-329-8 Research on System Login Security Encryption Method Based on MD5 Xi-mei ZHANG 1, Ying LI 2,Yi-Zhen CAO 3 and
More informationADS-B Data Authentication Based on ECC and X.509 Certificate
JOURNAL OF ELECTRONIC SCIENCE AND TECHNOLOGY, VOL. 10, NO. 1, MARCH 2012 51 Data Authentication Based on ECC and X.509 Certificate Wei-Jun Pan, Zi-Liang Feng, and Yang Wang Abstract An automatic dependent
More informationThe Modified Scheme is still vulnerable to. the parallel Session Attack
1 The Modified Scheme is still vulnerable to the parallel Session Attack Manoj Kumar Department of Mathematics, Rashtriya Kishan (P.G.) College Shamli- Muzaffarnagar-247776 yamu_balyan@yahoo.co.in Abstract
More informationCryptanalysis of a timestamp-based password authentication scheme 1
Cryptanalysis of a timestamp-based password authentication scheme 1 Lizhen Yang a Kefei Chen a a Department of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200030, P.R.China
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationSecure and Efficient Smart Card Based Remote User Password Authentication Scheme
International Journal of Network Security, Vol.18, No.4, PP.782-792, July 2016 782 Secure and Efficient Smart Card Based Remote User Password Authentication Scheme Jianghong Wei, Wenfen Liu and Xuexian
More informationAn Improved and Secure Smart Card Based Dynamic Identity Authentication Protocol
International Journal of Network Security, Vol.14, No.1, PP.39 46, Jan. 2012 39 An Improved and Secure Smart Card Based Dynamic Identity Authentication Protocol Sandeep Kumar Sood Department of Computer
More informationResearch on WSN Secure Communication Method Based on Digital Watermark for the Monitoring of Electric Transmission Lines
DOI: 10.23977/acss.2019.31002 EISSN 2371-8838 Advances in Computer, Signals and Systems (2019) 3: 8-14 Clausius Scientific Press, Canada Research on WSN Secure Communication Method Based on Digital Watermark
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationOutline More Security Protocols CS 239 Computer Security February 4, 2004
Outline More Security Protocols CS 239 Computer Security February 4, 2004 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationImprovement of recently proposed Remote User Authentication Schemes
Improvement of recently proposed Remote User Authentication Schemes Guanfei Fang and Genxun Huang Science Institute of Information Engineering University, Zhengzhou, 450002, P.R.China feifgf@163.com Abstract
More informationOutline More Security Protocols CS 239 Computer Security February 6, 2006
Outline More Security Protocols CS 239 Computer Security February 6, 2006 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationEnhanced Delegation Based Authentication Protocol for Secure Roaming Service with Synchronization
JOURNAL OF ELECTRONIC SCIENCE AND TECHNOLOGY, VOL. 9, NO. 4, DECEMBER 2011 345 Enhanced Delegation Based Authentication Protocol for Secure Roaming Service with Synchronization Hsing-Bai Chen, Yung-Hsiang
More informationTrust-Propagation Based Authentication Protocol in Multihop Wireless Home Networks
Trust-Propagation Based Authentication Protocol in Multihop Wireless Home Networks Han Sang Kim, Jin Wook Lee*, Sandeep K. S. Gupta and Yann-Hang Lee Department of Computer Science and Engineering Arizona
More informationA Hash-based Strong Password Authentication Protocol with User Anonymity
International Journal of Network Security, Vol.2, No.3, PP.205 209, May 2006 (http://isrc.nchu.edu.tw/ijns/) 205 A Hash-based Strong Password Authentication Protocol with User Anonymity Kumar Mangipudi
More informationAvailable online at ScienceDirect. IERI Procedia 4 (2013 ) 2 7
Available online at www.sciencedirect.com ScienceDirect IERI Procedia 4 (2013 ) 2 7 2013 International Conference on Electronic Engineering and Computer Science The Web Security Password Authentication
More informationCryptanalysis of a Markov Chain Based User Authentication Scheme
Cryptanalysis of a Markov Chain Based User Authentication Scheme Ruhul Amin, G.P. Biswas Indian School of Mines, Dhanbad Department of Computer Science & Engineering Email: amin ruhul@live.com, gpbiswas@gmail.com
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationCryptanalysis Of Dynamic ID Based Remote User Authentication Scheme With Key Agreement
1 Cryptanalysis Of Dynamic ID Based Remote User Authentication Scheme With Key Agreement Sonam Devgan Kaul, Amit K. Awasthi School of Applied Sciences, Gautam Buddha University, Greater Noida, India sonamdevgan11@gmail.com,
More informationOutline. More Security Protocols CS 239 Security for System Software April 22, Needham-Schroeder Key Exchange
Outline More Security Protocols CS 239 Security for System Software April 22, 2002 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and
More informationA robust smart card-based anonymous user authentication protocol for wireless communications
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2014 A robust smart card-based anonymous user authentication
More informationAn Enhanced Dynamic Identity Based Remote User Authentication Scheme Using Smart Card without a Verification Table
An Enhanced Dynamic Identity Based Remote User Authentication Scheme Using Smart Card without a Verification Table B. Sumitra, Research Scholar, Christ University, Bangalore, India (*Corresponding Author)
More information1. Diffie-Hellman Key Exchange
e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Diffie-Hellman Key Exchange Module No: CS/CNS/26 Quadrant 1 e-text Cryptography and Network Security Objectives
More informationIntelligent Terminal System Based on Trusted Platform Module
American Journal of Mobile Systems, Applications and Services Vol. 4, No. 3, 2018, pp. 13-18 http://www.aiscience.org/journal/ajmsas ISSN: 2471-7282 (Print); ISSN: 2471-7290 (Online) Intelligent Terminal
More informationA Noble Remote User Authentication Protocol Based on Smart Card Using Hash Function
A Noble Remote User Authentication Protocol Based on Smart Card Using Hash Function Deepchand Ahirwal 1, Prof. Sandeep Raghuwanshi 2 1 Scholar M.Tech, Information Technology, Samrat Ashok Technological
More informationMixed Symmetric Key and Elliptic Curve Encryption Scheme Used for Password Authentication and Update Under Unstable Network Environment
Journal of Information Hiding and Multimedia Signal Processing c 2017 ISSN 2073-4212 Ubiquitous International Volume 8, Number 3, May 2017 Mixed Symmetric Key and Elliptic Curve Encryption Scheme Used
More informationBlind Signature Scheme Based on Elliptic Curve Cryptography
Blind Signature Scheme Based on Elliptic Curve Cryptography Chwei-Shyong Tsai Min-Shiang Hwang Pei-Chen Sung Department of Management Information System, National Chung Hsing University 250 Kuo Kuang Road.,
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationKey Exchange. Secure Software Systems
1 Key Exchange 2 Challenge Exchanging Keys &!"#h%&'() & & 1 2 6(6 1) 2 15! $ The more parties in communication, the more keys that need to be securely exchanged " # Do we have to use out-of-band methods?
More informationAn efficient and practical solution to secure password-authenticated scheme using smart card
An efficient and practical solution to secure password-authenticated scheme using smart card R. Deepa 1, R. Prabhu M.Tech 2, PG Research scholor 1, Head of the Department 2 Dept.of Information Technology,
More informationSEMINAR REPORT ON BAN LOGIC
SEMINAR REPORT ON BAN LOGIC Submitted by Name : Abhijeet Chatarjee Roll No.: 14IT60R11 SCHOOL OF INFORMATION TECHNOLOGY INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR-721302 (INDIA) Abstract: Authentication
More informationChongqing, China. *Corresponding author. Keywords: Wireless body area network, Privacy protection, Data aggregation.
2016 International Conference on Computer, Mechatronics and Electronic Engineering (CMEE 2016) ISBN: 978-1-60595-406-6 The Data Aggregation Privacy Protection Algorithm of Body Area Network Based on Data
More informationSecure Access to Private Services in Intranet for Mobile Clients
Research Journal of Applied Sciences, Engineering and Technology 5(6): 1978-1985, 2013 ISSN: 2040-7459; e-issn: 2040-7467 Maxwell Scientific Organization, 2013 Submitted: July 12, 2012 Accepted: August
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationSecurity Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement
Security Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement Young-Hwa An* * Division of Computer and Media Information Engineering, Kangnam University 111, Gugal-dong,
More informationCryptanalysis on Two Certificateless Signature Schemes
Int. J. of Computers, Communications & Control, ISSN 1841-9836, E-ISSN 1841-9844 Vol. V (2010), No. 4, pp. 586-591 Cryptanalysis on Two Certificateless Signature Schemes F. Zhang, S. Li, S. Miao, Y. Mu,
More informationBAN Logic. Logic of Authentication 1. BAN Logic. Source. The language of BAN. The language of BAN. Protocol 1 (Needham-Schroeder Shared-Key) [NS78]
Logic of Authentication 1. BAN Logic Ravi Sandhu BAN Logic BAN is a logic of belief. In an analysis, the protocol is first idealized into messages containing assertions, then assumptions are stated, and
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationA Limitation of BAN Logic Analysis on a Man-in-the-middle Attack
ISS 1746-7659, England, U Journal of Information and Computing Science Vol. 1, o. 3, 2006, pp. 131-138 Limitation of Logic nalysis on a Man-in-the-middle ttack + Shiping Yang, Xiang Li Computer Software
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationEnhanced three factor security protocol for consumer USB mass storage devices
Enhanced three factor security protocol for consumer SB mass storage devices Article Accepted Version He, D., umar, N., Lee, J. H. and Sherratt, R. S. (2014) Enhanced three factor security protocol for
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationPORTABLE communication systems (PCSs) do not require
IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, VOL. 4, NO. 1, JANUARY 2005 57 A New Delegation-Based Authentication Protocol for Use in Portable Communication Systems Wei-Bin Lee and Chang-Kuo Yeh Abstract
More informationA Survey on Cryptography Based QR code authentication
A Survey on Cryptography Based QR code authentication Ronak M. Parmar 1, Krunal J. Panchal 2 1 Student, Computer Engineering Department, L.J. Institute of Engineering & Technology, Gujarat, India 2 Assistant
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationarxiv: v1 [cs.cr] 31 Dec 2018
Security analysis of a self-embedding fragile image watermark scheme Xinhui Gong, Feng Yu, Xiaohong Zhao, Shihong Wang School of Science, Beijing University of Posts and Telecommunications, Beijing 100876,
More informationComments on four multi-server authentication protocols using smart card
Comments on four multi-server authentication protocols using smart card * Jue-Sam Chou 1, Yalin Chen 2, Chun-Hui Huang 3, Yu-Siang Huang 4 1 Department of Information Management, Nanhua University Chiayi
More informationResearch on the safety of the communication link of the Radio Based Cab Signaling system
Research on the safety of the communication link of the Radio Based Cab Signaling system C. Li, Y. Zhang, J. Wang & H. Wang Automation Research Institute of Transportation Science & Technology, Beijing
More informationProvably Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 31, 727-742 (2015) Provably Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks * KUO-YANG WU 1, KUO-YU TSAI 2, TZONG-CHEN
More informationA New Method Of VPN Based On LSP Technology
2nd Joint International Information Technology, Mechanical and Electronic Engineering Conference (JIMEC 2017) A New Method Of VPN Based On LSP Technology HaiJun Qing 1, 2 1, 2, ChaoXiang Liang, LiPing
More informationAn improved authenticated key agreement protocol for telecare medicine information system
DOI 10.1186/s40064-016-2018-7 RESEARCH Open Access An improved authenticated key agreement protocol for telecare medicine information system Wenhao Liu, Qi Xie *, Shengbao Wang and Bin Hu *Correspondence:
More informationA Robust Image Zero-Watermarking Algorithm Based on DWT and PCA
A Robust Image Zero-Watermarking Algorithm Based on DWT and PCA Xiaoxu Leng, Jun Xiao, and Ying Wang Graduate University of Chinese Academy of Sciences, 100049 Beijing, China lengxiaoxu@163.com, {xiaojun,ywang}@gucas.ac.cn
More informationA Novel Smart-Card Based Authentication Scheme Using Proactive Secret Sharing
A Novel Smart-Card Based Authentication Scheme Using Proactive Secret Sharing Yuesheng Zhu, Bojun Wang*, Cheng Cai Lab of Communication and Information Security, Institute of Big Data Technologies, Shenzhen
More informationConnected Dominating Set Construction Algorithm for Wireless Networks Based on Connected Subset
Journal of Communications Vol., No., January 0 Connected Dominating Set Construction Algorithm for Wireless Networks Based on Connected Subset Qiang Tang,, Yuan-Sheng Luo,, Ming-Zhong Xie,, and Ping Li,
More informationA Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography
A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography Ashok Kumar J 1, and Gopinath Ganapathy 2 1,2 School of Computer Science, Engineering and Applications
More informationAuthentication Part IV NOTE: Part IV includes all of Part III!
Authentication Part IV NOTE: Part IV includes all of Part III! ECE 3894 Hardware-Oriented Security and Trust Spring 2018 Assoc. Prof. Vincent John Mooney III Georgia Institute of Technology NOTE: THE FOLLOWING
More informationOffline dictionary attack on TCG TPM weak authorisation data, and solution
Offline dictionary attack on TCG TPM weak authorisation data, and solution Liqun Chen HP Labs, UK Mark Ryan HP Labs, UK, and University of Birmingham Abstract The Trusted Platform Module (TPM) is a hardware
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationPAPER Further Improved Remote User Authentication Scheme
1426 IEICE TRANS. FUNDAMENTALS, VOL.E94 A, NO.6 JUNE 2011 PAPER Further Improved Remote User Authentication Scheme Jung-Yoon KIM a), Student Member, Hyoung-Kee CHOI, Member, and John A. COPELAND, Nonmember
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationMining Temporal Association Rules in Network Traffic Data
Mining Temporal Association Rules in Network Traffic Data Guojun Mao Abstract Mining association rules is one of the most important and popular task in data mining. Current researches focus on discovering
More informationA PROPOSED AUTHENTICATION SCHEME USING THE CONCEPT OF MINDMETRICS
A PROPOSED AUTHENTICATION SCHEME USING THE CONCEPT OF MINDMETRICS Nitin Shinde 1, Lalit Shejwal 2, Uditkumar Gupta 3, Priyanka Pawar 4 1, 2, 3, 4 Department of Computer Engineering, Sinhgad Institute of
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More information