Azeem Irshad

A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card

The Session Initiation Protocol (SIP) has revolutionized the way of controlling Voice over Internet Protocol (VoIP) based communication sessions over an open channel. The SIP protocol is insecure for being an open text-based protocol inherently. Different solutions have been presented in the last decade to secure the protocol. Recently, Zhang et al. authentication protocol has been proposed with a sound feature that authenticates the users without any password-verifier database using smart card. However, the scheme has a few limitations and can be made more secure and optimized regarding cost of exchanged messages, with a few modifications. Our proposed key-agreement protocol makes a use of two server secrets for robustness and is also capable of authenticating the involved parties in a single round-trip of exchanged messages. The server can now authenticate the user on the request message received, rather than the response received upon sending the challenge message, saving another round-trip of exchanged messages and hence escapes a possible denial of service attack.

A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme

Session initiation protocol SIP provides the basis for establishing the voice over internet protocol sessions after authentication and exchanging signaling messages. SIP is one of the significant and extensively used protocols in the multimedia protocol stack. Since the RFC2617 was put forth, numerous schemes for SIP authentication have been presented to overcome the flaws. Recently, in 2012, Tang and Liu proposed SIP based authentication protocol and claimed for eliminating the threats in Arshad and Ikram protocol. However the scheme can be made more robust by making further improvements, as the former scheme may come under a threat by adversaries through impersonating a server, given that the user password is compromised. We have proposed an improved protocol for SIP authentication by using elliptic curve cryptography that encounters the previous threat with enhanced security. The analysis shows that proposed scheme is suitable for applications with higher security requirements. Copyright

An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography

The need for Lightweight cryptography is on the rise as transition has been made from wired to wireless network. Wireless systems inherently are insecure and resource (power) constrained, to deal with these constraints, many techniques for symmetric and asymmetric cryptography are defined. One such important developement is Signcryption to achieve message confidentiality, integrity, sender and message authentication, non repudiation, forward secrecy as well as unforgeability,and public verifiability. Since Signcryption combines the signature and encryption therefore the cost is very less in comparison to those schemes based on the signature then encryption. Many signcryption schemes have been proposed based on El-Gamal, RSA and ECC till today. This paper highlights limitations of the existing ECC based schemes using signcryption. These limitations include some missing security aspects as well as high computation power requirement, more communication overhead incurred and large memory requirements. Further it proposes an efficient lightweight signcryption scheme based on HECC which fulfills all the security requirements. The scheme reduced significant amounts of computation, communication costs and message size as compared to existing signcryption schemes making it the good candidate for environments suffer from the resource limitation problems.

A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme

The security for Telecare Medicine Information Systems (TMIS) has been crucial for reliable dispensing of the medical services to patients at distant locations. Security and privacy element needs to be there for any physician or caregiver to make certain an appropriate diagnosis, medical treatment or any other exchange of critical information. In this connection, many relevant TMIS-based authentication schemes have been presented, however various forms of attacks and inefficiencies render these schemes inapplicable for a practical scenario. Lately, Amin et al. proposed a scheme based on a multi-server authentication for TMIS. However, the Amin et al., scheme has been found vulnerable to user and server impersonation attacks. We have proposed an improved model with higher performance and efficiency, as evident from the forthcoming sections. Besides, the scheme has been backed up by formal security analysis using BAN logic to ensure the resilience of the proposed scheme.

An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre

Multi-server authentication (MSA) enables the user to avail multiple services permitted from various servers out of a single registration through registration centre. Earlier, through single-server authentication, a user had to register all servers individually for availing the respective services. In the last few years, many MSA-based schemes have been presented; however, most of these suffer communication overhead cost due to the Registration Centre (RC) involvement in every mutual authentication session. In voice communication this round-trip latency becomes even more noticeable. Hence, the focus of the protocols design has been shifted towards light-weight cryptographic techniques such as Chebyshev chaotic map technique (CCM). We have reviewed few latest MSA-related schemes based on CCM and elliptic curve cryptography (ECC) as well. Based on these limitations and considerations, we have proposed a single-round trip MSA protocol based on CCM technique that foregoes the RC involvement during mutual authentication. Our study work is cost efficient in terms of communication delay and computation, and provides enhanced security by the use of public key cryptosystem. The proposed scheme is duly backed by formal security analysis and performance evaluation.

A provably secure anonymous authentication scheme for Session Initiation Protocol

Recently, Lu et al. presented a mutual authentication scheme for Session Initiation Protocol. Lu et al. claimed their scheme provides safeguard against familiar attacks and offers efficient authentication facility. However, this paper divulges that the scheme of Lu et al. is prone to server and user impersonation attacks. Additionally, the scheme of Lu et al. implicates correctness concerns. Consequently, an enhanced scheme is proposed, not only to resolve correctness concerns but also to provide robustness against server and user impersonation attacks. The proposed scheme makes use of a user-specific secret parameter to deal with the security and correctness issues. The formal and informal security analysis proves the robustness and efficiency of the proposed scheme against all familiar attacks. Furthermore, security analysis is also substantiated through popular automated tool PROVERIF. Copyright

An improved and secure chaotic map based authenticated key agreement in multi-server architecture

Multi-Server Authentication (MSA) provides the user an efficient way to avail multiple services of various multimedia service providers, once after getting registered from a registration centre. Previously, a user had to register all servers individually to use their respective service; which proves to be a redundant and inefficient procedure in comparison with MSA. Many MSA-based techniques have been put forward by researchers, so far, however with proven pitfalls. In the last few years, the focus has been shifted towards a more flexible and efficient Chebyshev cryptographic technique. In this regard, recently Tan’s scheme presented a chaotic map based multi-server authentication scheme with a focus on login scalability. Nonetheless, Tan’s scheme has been found vulnerable to insider (impersonation attack) and stolen smart card attacks. Besides, the Tan’s scheme fails to differentiate the login requests between the two presented cases. The current study work is based on improving the Tan’s technique in terms of security in almost an equivalent cost. The security for proposed work is evaluated in the performance evaluation section, while it shows that the security is provable under formal security model, as well as using BAN Logic.

Comments on A privacy preserving three-factor authentication protocol for e-health clouds

The security provisioning of increasing healthcare data is of critical importance. The e-health clouds can be seen as a move towards an efficient management of such a big volume of healthcare data. Many schemes have been presented to bring more security and privacy along with efficiency, in the handling of data for booming e-health industry. Recently, in this connection, Jiang et al. (J Supercomput 1–24 doi:10.1007/s11227-015-1610-x, 2016) presented a three-factor authentication protocol for e-health clouds. In this letter, we identify a serious flaw in the mutual authentication phase of the scheme, since an adversary may launch a denial-of-service attack (DoS) against the service providing server. Finally, we suggest a modification in the scheme to overcome the DoS attack.

An improved lightweight multiserver authentication scheme

Summary Multiserver authentication complies with the up-to-date requirements of Internet services and latest applications. The multiserver architecture enables the expedient authentication of subscribers on an insecure channel for the delivery of services. The users rely on a single registration of a trusted third party for the procurement of services from various servers. Recently, Chen and Lee, Moon et al, and Wang et al presented multiserver key agreement schemes that are found to be vulnerable to many attacks according to our analysis. The Chen and Lee scheme was found susceptible to impersonation attack, trace attack, stolen smart card attack exposing session key, key-compromise impersonation attack, and inefficient password modification. The Moon et al is susceptible to stolen card attack leading to further attacks, ie, identity guessing, key-compromise impersonation attack, user impersonation attack, and session keys disclosure, while Wang et al is also found to be prone to trace attack, session-specific temporary information attack, key-compromise information attack, and privileged insider attack leading to session key disclosure and user impersonation attacks. We propose an improved protocol countering the indicated weaknesses of these schemes in an equivalent cost. Our scheme demonstrates automated and security analysis on the basis of Burrows-Abadi-Needham logic and also presents the performance evaluation for related schemes.

Security Enhancement for Authentication of Nodes in MANET by Checking the CRL Status of Servers

MANET security is becoming a challenge for researchers with the time. The lack of infrastructure gives rise to authentication problems in these networks. Most of the TTP and non-TTP based schemes seem to be impractical for being adopted in MANETs. A hybrid key-management scheme addressed these issues effectively by pre-assigned logins on offline basis and issuing certificates on its basis using 4G services. However, the scheme did not taken into account the CRL status of servers; if it is embedded the nodes need to check frequently the server’s CRL status for authenticating any node and place external messages outside MANET which leads to overheads. We have tried to reduce them by introducing an online MANET Authority responsible for issuing certificates by considering the CRL status of servers, renewing them and key verification within MANET that has greatly reduced the external messages.