Ankita Chaturvedi

Cryptanalysis and Improvement of Yan et al.'s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems

Remote user authentication is desirable for a Telecare Medicine Information System (TMIS) for the safety, security and integrity of transmitted data over the public channel. In 2013, Tan presented a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Yan et al. demonstrated some drawbacks in Tan’s scheme and proposed an improved scheme to erase the drawbacks of Tan’s scheme. We analyze Yan et al.’s scheme and identify that their scheme is vulnerable to off-line password guessing attack, and does not protect anonymity. Moreover, in their scheme, login and password change phases are inefficient to identify the correctness of input where inefficiency in password change phase can cause denial of service attack. Further, we design an improved scheme for TMIS with the aim to eliminate the drawbacks of Yan et al.’s scheme.

Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce

Telecare medicine information systems (TMIS) present the platform to deliver clinical service door to door. The technological advances in mobile computing are enhancing the quality of healthcare and a user can access these services using its mobile device. However, user and Telecare system communicate via public channels in these online services which increase the security risk. Therefore, it is required to ensure that only authorized user is accessing the system and user is interacting with the correct system. The mutual authentication provides the way to achieve this. Although existing schemes are either vulnerable to attacks or they have higher computational cost while an scalable authentication scheme for mobile devices should be secure and efficient. Recently, Awasthi and Srivastava presented a biometric based authentication scheme for TMIS with nonce. Their scheme only requires the computation of the hash and XOR functions.pagebreak Thus, this scheme fits for TMIS. However, we observe that Awasthi and Srivastava’s scheme does not achieve efficient password change phase. Moreover, their scheme does not resist off-line password guessing attack. Further, we propose an improvement of Awasthi and Srivastava’s scheme with the aim to remove the drawbacks of their scheme.

A secure password-based authentication and key agreement scheme using smart cards

Authentication schemes present a user-friendly and scalable mechanism to establish the secure and authorized communication between the remote entities over the insecure public network. Later, several authentication schemes have proposed in the literature. However, most of the existing schemes do not satisfy the desirable attributes, such as resistance against known attacks and user anonymity. In 2012, Chen et?al. designed a robust authentication scheme to erase the weaknesses of Sood et?al.s scheme. In 2013, Jiang et?al. showed that Chen et?al.s scheme is vulnerable to password guessing attack. Furthermore, Jiang et?al. presented an efficient solution to overcome the shortcoming of Chen et?al.s scheme. We demonstrate that Jiang et?al.s scheme does not withstand insider attack, on-line and off-line password guessing attacks, and user impersonation attack. Their scheme also fails to provide users anonymity. To overcome these drawbacks, we aim to propose an enhanced scheme, which reduces the computation overhead and satisfies all desirable security attributes, while retaining the original merits of Jiang et?al.s scheme. The proposed scheme is also comparable in terms of the communication and computational overheads with Jiang et?al.s scheme and other existing schemes. Furthermore, we simulate the enhanced scheme for the formal security analysis utilizing the widely-accepted AVISPA tool and show that the proposed scheme is resistant against active and passive attacks.

Improved Biometric-Based Three-factor Remote User Authentication Scheme with Key Agreement Using Smart Card

Remote user authentication is a very important mechanism in the network system to verify the correctness of remote user and server over the insecure channel. In remote user authentication, server and user mutually authenticate each other and draw a session key. In 2012, An presented a biometric based remote user authentication scheme and claimed that his scheme is secure. In this article, we analyze Ans scheme and show that his scheme is vulnerable to known session specific temporary information attack, forward secrecy attack. Moreover, we also identify that Ans scheme fails to ensure efficient login phase and user anonymity. Recently, Li et al. also presented a biometric based three-factor remote user authentication scheme with key agreement. They claimed that their scheme provides three-factor remote user authentication. However, we analyze and find that scheme does not achieve three-factor remote user authentication and also fails to satisfy key security attributes. Further, the article presents an improved anonymous authentication scheme which eliminates all the drawbacks of Ans and Li et al.s scheme. Moreover, proposed scheme presents efficient login and password change mechanism where incorrect password input can be quickly detected and user can freely change his password.

Design of a lightweight two-factor authentication scheme with smart card revocation

Smart card based authentication schemes present user-friendly and secure communication mechanism over insure public channel. Recently, Li etÂ?al. designed an authentication scheme with pre-smart card authentication to present efficient login phase and user-friendly password change phase. It can quickly detect illegitimate login attempt. We analyze the security of Li etÂ?al.s scheme, and identify the scheme insecure. Moreover, their scheme requires the computation of public key operations. To address the security and efficiency of mutual authentication design, we propose a lightweight authentication scheme, which supports smart card revocation. The proposed scheme requires the computation of only hash function and exclusive-or operations. Furthermore, we verify the correctness of mutual authentication using the widely-accepted BAN (Burrows, Abadi, and Needham) logic. Through the security and performance analysis, we show that our scheme is secure and computationally efficient than the existing schemes. Furthermore, the proposed scheme present efficient login and password change phases where incorrect login is quickly detected, and a user can freely change his password without server assistance.

Design of a secure smart card-based multi-server authentication scheme

Traditional two party client server authentication protocol may not provide a scalable solution for present network environments where personal and ubiquitous computing technologies are involved as it is now becoming multi-server based. To achieve efficient authorized communication, multi-server based authentication protocols have been designed. The key feature of multi-server based protocols is one time registration. We study the existing multi-server based authentication protocols, and identify that many of the multi-server based authentication protocols involve control server in mutual authentication or trusted server environment is required. The involvement of central authority in mutual authentication may be a bottleneck for large network, and the servers may be semi-trusted. To erase these drawbacks, Wei etźal. recently proposed a multi-server based authentication protocol. Their protocol does not require all servers to be trusted and involvement of control server in mutual authentication. Unfortunately, we identify the security vulnerability of Wei etźal.s scheme to insider attack and password guessing attack. Additionally, lack of pre-smart card authentication leads to denial of service attack. To enhance the security of Wei etźal.s protocol, we propose a secure biometric-based authentication scheme for multi-server environment using smart card. We simulate the proposed protocol for the formal security verification using the widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against active and passive attacks. In addition, we prove that our proposed scheme provides mutual authentication using the widely-accepted Burrows-Abadi-Needham (BAN) logic and is also secured against various well known attacks. In addition, our scheme is efficient in terms of computational and communication overheads as compared to Wei etźal.s scheme and other existing related schemes.

An improved biometric-based remote user authentication scheme for connected healthcare

The advancements in technology have made the internet an efficient and scalable tool to utilise for various online services; one of them is connected healthcare. The connected healthcare system presents the platform to deliver clinical service door to door. In these online services, it is required to ensure the authenticity of patients to protect medical resources/services. In 2013, Chang et al. presented biometric-based remote user authentication scheme with user anonymity for connected healthcare. They claimed that their biometrics based scheme is secure and efficient to validate the legality of the patient. Recently, Das and Goswami demonstrated that Chang et al.s scheme is vulnerable to insider attack and man-in-the middle attack. They also showed some flaws in login and password change phases of Chang et al.s scheme. Furthermore, they presented an improved scheme. However, we observe that Das and Goswamis scheme does not provide three factor authentication and is vulnerable to offline identity guessing attack. Further, we propose an improved biometric-based remote user authentication scheme for connected healthcare, which provides efficient login and password change phases where smart card quickly identifies the incorrect input. Moreover, the proposed scheme satisfies all desirable security attributes and achieves three factor authentication.

New Constructions of T-function

T-function is a mapping from a Boolean matrix to a Boolean matrix with the property that i-th column of the output matrix depends on the first i columns of the input matrix. In 2003, Klimov and Shamir first introduced the concept of T-function. Using T-function we can construct some invertible functions which can be used to construct block cipher. Some invertible and full cycle T-functions can be used to construct stream cipher. Inversion procedure of these functions are different from the normal invertible functions and which is also hard. In 2005, Hong et al. constructed new class of full cycle T-function. In their construction the i-th column of the output matrix actually depends only on the i-th column of the input matrix. Our construction is more general than Hong et al’s construction with good cryptographic properties. In this paper, we present a new construction of T-function. We study the invertibility, cycle length and nonlinearity of this T-function. Furthermore, we construct a new full cycle T-function. Invertible and highly nonlinear functions can be used to design block cipher. Full cycle functions can be used in LFSR based stream cipher to get the full period of the stream cipher in place of linear state update function.