Arijit Karati

A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System

Telecare Medical Information System (TMIS) supports a standard platform to the patient for getting necessary medical treatment from the doctor(s) via Internet communication. Security protection is important for medical records (data) of the patients because of very sensitive information. Besides, patient anonymity is another most important property, which must be protected. Most recently, Chiou et al. suggested an authentication protocol for TMIS by utilizing the concept of cloud environment. They claimed that their protocol is patient anonymous and well security protected. We reviewed their protocol and found that it is completely insecure against patient anonymity. Further, the same protocol is not protected against mobile device stolen attack. In order to improve security level and complexity, we design a light weight authentication protocol for the same environment. Our security analysis ensures resilience of all possible security attacks. The performance of our protocol is relatively standard in comparison with the related previous research.

Provably Secure Identity-Based Signcryption Scheme for Crowdsourced Industrial Internet of Things Environments

Nowadays, the Internet of Things (IoT) and cloud computing have become more pervasive in the context of the industry as digitization becomes a business priority for various organizations. Therefore, industries outsource their crowdsourced Industrial IoT (IIoT) data in the cloud in order to reduce the cost for sharing data and computation. However, the privacy of such crowdsourced data in this environment has attracted wide attention across the globe. Signcryption is the significant cryptographic primitive that meets both requirement of authenticity and confidentiality of crowdsourced data among users/industries, and thus, it is ideal for ensuring secure authentic data storage and transmission in industrial crowdsourcing environments. In this paper, we introduce a new identity-based signcryption (IBSC) scheme using bilinear pairing for IIoT deployment. Besides, two hard problems are studied, called as, modified bilinear Diffie–Hellman inversion (MBDHI) assumption and modified bilinear strong Diffie–Hellman (MBSDH) assumption. The rigorous security analysis demonstrates that our IBSC scheme for IIoT is provably secure based on the intractability of decisional-MBDHI and MBSDH assumptions under formal security model without considering the concept of the random oracle. The performance comparison with other signcryption schemes shows satisfactory results. Thus, our IBSC scheme is appropriate for IIoT crowdsourcing environments, and also applicable for low-bandwidth communications.

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

The concept of two-factor multiserver authentication protocol was developed to avoid multiple number of registrations using multiple smart-cards and passwords. Recently, a variety of two-factor multiserver authentication protocols have been developed. It is observed that the existing RSA-based multiserver authentication protocols are not suitable in terms of computation complexities and security attacks. To provide lower complexities and security resilience against known attacks, this article proposes a two-factor (password and smart-card) user authentication protocol with the RSA cryptosystem for multiserver environments. The comprehensive security discussion proved that the known security attacks are eliminated in our protocol. Besides, our protocol supports session key agreement and mutual authentication between the application server and the user. We analyze the proof of correctness of the mutual authentication and freshness of session key using the BAN logic model. The experimental outcomes obtained through simulation of the Automated Validation of Internet Security Protocols and Applications (AVISPA) S/W show that our protocol is secured. We consider the computation, communication, and storage costs and the comparative explanations show that our protocol is flexible and efficient compared with protocols. In addition, our protocol offers security resilience against known attacks and provides lower computation complexities than existing protocols. Additionally, the protocol offers password change facility to the authorized user.

Secure Remote Login Scheme with Password and Smart Card Update Facilities

Smart card and password-based user authentication scheme is popular for accessing remote services from the remote server over insecure communication. In this regard, numerous user authentication protocols have been proposed in the literature. However, we have observed that still none of the protocols provide complete facilities such as password change process, password recover process, and smart card revocation process to the registered user. The main aim of this paper is to design a secure user authentication protocol which provides complete facilities to the registered user. The security analysis of the protocol is presented which confirms that the same protocol is secure against various common attacks. Our protocol is not only provide complete facilities to the registered user, but also provides session key agreement as well as mutual authentication between the \(U_i\) and RS. The performance of the proposed scheme is relatively better than existing related schemes.

Efficient and provably secure random oracle-free adaptive identity-based encryption with short-signature scheme

Identity-based encryption IBE is one of the important public key encryption techniques where not only the identity of the receiver is used for secure and efficient encryption, but it also has several merits over other traditional public-key ones. However, two main disadvantages of many such IBE-based systems are the requirement of a large number of public parameters and different random oracle operations, where it is known that a random oracle due to improper implementation is vulnerable under chosen ciphertext attack. This paper designs an efficient IBE scheme ROFIBE with recipient anonymity, reduction in public parameters and random oracle-free operation. The scheme is developed based on a proposed hard problem, named as decisional extended bilinear Diffie-Hellman assumption DEBDH and on analysis it is found to be secured under standard security model. In addition, a new short-signature scheme based on the proposed IBE is developed under the difficulty of solving proposed q-extended bilinear strong Diffie-Hellman assumption q-EBSDH. As performance analysis, we compare both the proposed schemes with other existing related ones and find that our schemes are computationally and communicationally efficient and effectively usable in real life applications. Copyright

Design of an enhanced authentication protocol and its verification using AVISPA

In the password based authenticated protocol, protecting off-line guessing attack is quite intricate owing to its low entropy property. In order to withstand it, three-factor (e.g., biometric, smartcard and password) authentication now becoming an important research paradigm in information security. Cheng et al.s suggested an authenticated and key negotiation protocol using biometric and Quadratic Residue Problem (QRP), and they claim that it is robust against known attacks. However, our careful observation demonstrates that the protocol endures from a variety of security loopholes. We further observed that the protocol does not hold mutual authentication property. To conquer the security vulnerability, we aim to design an extended authentication protocol. The results obtained from AVISPA simulation assuarence against the security attacks. Further cryptanalysis on our scheme shows that it resists all known attacks. We found satisfactory results by comparing with Cheng et al.s protocol.

Malicious node detection using ID-based authentication technique

In ad-hoc as well as internet networks, there may exist several malicious nodes which may reduce system reliability and robustness of the network. Therefore, detection of malicious node in the networks is a vibrant research area. For this, several techniques have been adopted in the literature. In this paper, we proposed malicious node detection protocol using authentication technique for ad hoc as well as internet networks. As the protocol depends on one-way hash operation and does not consider any high computation such as exponentiation or pairing computation, so it achieves high performance. Besides, the number of message passes is also reduced to authenticate a node within the network. The proposed protocol is simulated using AVISPA software, and the simulation results make certain that the protocol is SAFE under OFMC and CL-AtSe models. In addition, the complexities of the protocol are satisfactory.

Cryptanalysis and Improvement of a Certificateless Short Signature Scheme using Bilinear Pairing

Recently, various certificate-less signature (CLS) schemes have been developed using bilinear pairing to provide authenticity of message. In 2015, Jia-Lun Tsai proposed a certificate-less pairing based short signature scheme using elliptic curve cryptography (ECC) and prove its security under random oracle. However, it is shown that the scheme is inappropriate for its practical use as there is no message-signature dependency present during signature generation and verification. Thus, the scheme is vulnerable. To overcome these attacks, this paper aims to present a variant of Jia-Lun Tsais short signature scheme. Our scheme is secured under the hardness of collusion attack algorithm with k traitors (k---CAA). The performance analysis demonstrates that proposed scheme is efficient than other related signature schemes.

Cryptanalysis of Zheng Et al.'s Pairing-Free Secure IBE Scheme

Recently, Zheng et al. Proposed a provable secure IBE scheme without bilinear map under standard security model where it is claimed that their constructed scheme is secured against adaptively chosen cipher text attack. On cryptanalysis, we show through the derivation and solution of a set of linear congruence that their scheme is vulnerable to the key compromisation attack, thus, the message confidentiality is also compromised. Furthermore, our claim is justified by developing an alternative method based on the hamming distance of users identities.

A pairing-free and provably secure certificateless signature scheme

Abstract Certificateless Signature (CLS) scheme is a notable cryptographic technique for solving the key escrow problem in identity-based cryptosystem (IBC). In the CLS, the private key is computed collectively by both the key generation center (KGC) and the signer which ensures that no vindictive KGC masquerades the actual signer. Recently, a number of CLS schemes have been proposed using bilinear pairing and show their immunity under standard security model. It is well known that one such pairing operation requires significantly more computational cost than the other cryptographic operations. In this paper, we propose a new CLS scheme using elliptic curve cryptography (ECC), which does not require bilinear pairing operation. Our CLS scheme is analyzed formally and found to be provably secure against both the Type-I and Type-II attacks based on the intractability of elliptic curve discrete logarithm problem (ECDLP) under the random oracle model. Performance evaluation demonstrates that the proposed CLS scheme outperforms than other competitive CLS schemes.