Amit K. Awasthi

A remote user authentication scheme using smart cards with forward secrecy

In 2000, Hwang and Li proposed a new remote user authentication scheme using smart cards. Chan and Chang showed that the masquerade attack is successful on this scheme. Recently Shen, Lin and Hwang pointed out a different type of attack on this scheme and presented a modified scheme to remove these defects. In this paper we present a new scheme which also overcomes these attacks. In this scheme previously generated passwords are secure even if the secret key of the system is leaked or is stolen.

An enhanced remote user authentication scheme using smart cards

In 2000, Hwang and Li proposed a new remote user authentication scheme using smart cards. Chan and Chang showed that the masquerade attack is successful on this scheme. Recently Shen, Lin and Hwang pointed out a different type of attack on this scheme and presented a modified scheme to remove these defects. Further in 2003, Leung et al. showed that this modified scheme is still vulnerable to the attack proposed by Chan and Cheng. In addition they showed that the extended attack proposed by Chang and Hwang also works well. In this paper we enhanced Shen, Lin and Hwangs scheme to overcome these attacks.

ID-based Ring Signature and Proxy Ring Signature Schemes from Bilinear Pairings

In 2001, Rivest et al. firstly introduced the concept of ring signatures. A ring signature is a simplified group signature without any manager. It protects the anonymity of a signer. The first scheme proposed by Rivest et al. was based on RSA cryptosystem and certificate based public key setting. The first ring signature scheme based on DLP was proposed by Abe, Ohkubo, and Suzuki. Their scheme is also based on the general certificate-based public key setting too. In 2002, Zhang and Kim proposed a new ID-based ring signature scheme using pairings. Later Lin and Wu proposed a more efficient ID-based ring signature scheme. Both these schemes have some inconsistency in computational aspect. In this paper we propose a new ID-based ring signature scheme and a proxy ring signature scheme. Both the schemes are more efficient than existing one. These schemes also take care of the inconsistencies in above two schemes.

A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce

In recent years, the increased availability of lower-cost telecommunications systems and customized patients monitoring devices made it possible to bring the advantages of telemedicine directly into the patient’s home. These telecare medicine information systems enable health-care delivery services. These systems are moving towards an environment where automated patient medical records and electronically interconnected telecare facilities are prevalent. Authentication, security, patient’s privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). A secure authentication scheme will be required to achieve these goals. Many schemes based on cryptography have been proposed to achieve the goals. However, many schemes are vulnerable to various attacks, and are neither efficient, nor user friendly. Specially, in terms of efficiency, some schemes are resulting in high time cost. In this paper we propose a new authentication scheme that is using the precomputing to avoid the time-consuming exponential computations. Finally, it is shown to be more secure and practical for telecare medicine environments.

An improved timestamp-based remote user authentication scheme

To protect the remote server from various malicious attacks, many authentication schemes have been proposed. Some schemes have to maintain a password verification table in the remote server for checking the legitimacy of the login users. To overcome potential risks of verification tables, researchers proposed remote user authentication schemes using smartcard, in which the remote server only keeps a secret key for computing the users passwords and does not need any verification table for verifying legal user. In 2003 Shen, Lin, and Hwang proposed a timestamp-based password authentication scheme using smartcards in which the remote server does not need to store the passwords or verification table for user authentication. Unfortunately, this scheme is vulnerable to some deadly attacks. In this paper, we analyze few attacks and finally propose an improved timestamp-based remote user authentication scheme. The modified scheme is more efficient and secure than original scheme.

A Hash Based Mutual RFID Tag Authentication Protocol in Telecare Medicine Information System

Radio Frequency Identification (RFID) is a technology which has multidimensional applications to reduce the complexity of today life. Everywhere, like access control, transportation, real-time inventory, asset management and automated payment systems etc., RFID has its enormous use. Recently, this technology is opening its wings in healthcare environments, where potential applications include patient monitoring, object traceability and drug administration systems etc. In this paper, we propose a secure RFID-based protocol for the medical sector. This protocol is based on hash operation with synchronized secret. The protocol is safe against active and passive attacks such as forgery, traceability, replay and de-synchronization attack.

RFID Authentication Protocol to Enhance Patient Medication Safety

Medication errors can cause substantial harm to patients. Automated patient medication system with RFID technology is purposely used to reduce the medication error, to improve the patient safety, to provide personalized patient medication and identification and also to provide counterfeit protection to the patients. In order to enhance medication safety for patients we propose a new dynamic ID based lightweight RFID authentication protocol. Due to low storage capacity and limited computational and communicational capacity of tags, only pseudo random number generator function, one way hash function and bitwise Xor operation are used in our authentication protocol. The proposed protocol is practical, secure and efficient for health care domain.

Quality, Reliability, Security and Robustness in Heterogeneous Networks

This book constitutes the thoroughly refereed post-conference proceedings of the 9th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, QShine 2013, which was held in National Capital Region (NCR) of India during January 2013. The 87 revised full papers were carefully selected from 169 submissions and present the recent technological developments in broadband high-speed networks, peer-to-peer networks, and wireless and mobile networks.

On the Authentication of the User from the Remote Autonomous Object

In 2003, Novikov and Kislev proposed a scheme for an authentication of the user from the remote autonomous object. Recently Yang et al. pointed out an evidence of man-in-middle attack. In this paper we show another evidence of man-in-middle-attack. We also pointed out that reflection attack can also be framed successfully on the scheme.

Security Enhancement of an Improved Remote User Authentication Scheme with Key Agreement

In 2014, Kumari, Khan and Li proposed smart card based secure and robust remote user authentication scheme with key agreement and claimed that their scheme is suitable, secure and efficient for real life applications. But in this paper, we demonstrate that their proposed mechanism is completely insecure as an adversary can easily obtain not only the security parameters of the protocol but also obtains the common session key of future communication between user and the server. In addition, an adversary gets password of the registered user as well as secret key of the server. Thus collapses the entire system and authors claims are proven to be wrong. Hence, to remedy the identified security flaws and to ensure secure communication through an insecure channel, we propose an upgraded secure and efficient authentication protocol. Furthermore, we verify the security of our authentication protocol informally as well as formally via widely accepted OFMC and CL-AtSe back-ends of AVISPA tool against active and passive attacks.