Debasis Giri

An Efficient and Robust RSA-Based Remote User Authentication for Telecare Medical Information Systems

It is not always possible for a patient to go to a doctor in critical or urgent period. Telecare Medical Information Systems (TMIS) provides a facility by which a patient can communicate to a doctor through a medical server via internet from home. To hide the secret information of both parties (a server and a patient), an authentication mechanism is needed in TMIS. In 2013, Khan and Kumari proposed the authentication schemes for TMIS. In this paper, we have shown that Khan and Kumari’s scheme is insecure against off-line password guessing attack. We have also shown that Khan and Kumari’s scheme does not provide any security if the password of a patient is compromised. To improve the security and efficiency, a new authentication scheme for TMIS has been proposed in this paper. Further, the proposed scheme can resist all possible attacks and has better performance than the related schemes published earlier.

An Efficient Biometric and Password-Based Remote User Authentication using Smart Card for Telecare Medical Information Systems in Multi-Server Environment

The medical organizations have introduced Telecare Medical Information System (TMIS) to provide a reliable facility by which a patient who is unable to go to a doctor in critical or urgent period, can communicate to a doctor through a medical server via internet from home. An authentication mechanism is needed in TMIS to hide the secret information of both parties, namely a server and a patient. Recent research includes patient’s biometric information as well as password to design a remote user authentication scheme that enhances the security level. In a single server environment, one server is responsible for providing services to all the authorized remote patients. However, the problem arises if a patient wishes to access several branch servers, he/she needs to register to the branch servers individually. In 2014, Chuang and Chen proposed an remote user authentication scheme for multi-server environment. In this paper, we have shown that in their scheme, an non-register adversary can successfully logged-in into the system as a valid patient. To resist the weaknesses, we have proposed an authentication scheme for TMIS in multi-server environment where the patients can register to a root telecare server called registration center (RC) in one time to get services from all the telecare branch servers through their registered smart card. Security analysis and comparison shows that our proposed scheme provides better security with low computational and communication cost.

Efficient biometric and password based mutual authentication for consumer USB mass storage devices

A Universal Serial Bus (USB) Mass Storage Device (MSD), often termed a USB flash drive, is ubiquitously used to store important information in unencrypted binary format. This low cost consumer device is incredibly popular due to its size, large storage capacity and relatively high transfer speed. However, if the device is lost or stolen an unauthorized person can easily retrieve all the information. Therefore, it is advantageous in many applications to provide security protection so that only authorized users can access the stored information. In order to provide security protection for a USB MSD, this paper proposes a session key agreement protocol after secure user authentication. The main aim of this protocol is to establish session key negotiation through which all the information retrieved, stored and transferred to the USB MSD is encrypted. This paper not only contributes an efficient protocol, but also does not suffer from the forgery attack and the password guessing attack as compared to other protocols in the literature. This paper analyses the security of the proposed protocol through a formal analysis which proves that the information is stored confidentially and is protected offering strong resilience to relevant security attacks. The computational cost and communication cost of the proposed scheme is analyzed and compared to related work to show that the proposed scheme has an improved tradeoff for computational cost, communication cost and security.

An enhanced multi-server authentication protocol using password and smart-card: cryptanalysis and design

At the present time, application of online communication systems are rapidly increasing and most of the clients depend on a set of servers to fulfill their daily needs. In order to access these servers, a client user needs to register to each server with different login credentials. To circumvent this situation, the concept of multi-server authentication has been adopted, where a user can access all the servers using a single login credential. In this paper, a two-factor multi-server authentication protocol, which is proposed by Leu and Hsieh, is analyzed and observed that the forgery attack and the off-line password-guessing attack can be made on it. Further, the off-line password-guessing attack and other security threats are found in similar kind of multi-server authentication protocol, which is designed by Li et al. This paper mainly focuses on enhancing the securities of the previously mentioned protocols and thus proposed a new protocol. We have employed formal and informal security analysis to analyze the proposed protocol. The performance of our protocol is also compared with the related protocols. It can also be noted that the designed protocol accomplishes mutual authentication, session key verification, and identity and password change phases. Copyright

A robust ElGamal-based password-authentication protocol using smart card for client-server communication.

Summary Smart card-based client-server authentication protocol is well popular for secure data exchange over insecure and hostile networks. Recently, Lee et al. put forward an authentication protocol by utilizing ElGamal cryptosystem and proved that it can withstand known security threats. This article evinces that the protocol of Lee et al. is unwilling to protect various important security vulnerabilities such as forgery attack and off-line password-guessing attack. To vanquish these loopholes, this article presents a robust authentication protocol for client-server communication over any insecure networks. The security explanation of our protocol has done through the formal and informal mechanism and its outcome makes sure that the designed protocol is strong enough to resist the known vulnerabilities. In addition, we have simulated our protocol using ProVerif online software and its results certify that our protocol is safe against private information of the client and server. This paper also has made performance estimation of the presented protocol and others, and the outcome favors the presented protocol.

Security analysis and design of an efficient ECC-based two-factor password authentication scheme

Client-server-based communications provide a facility by which users can get several services from home via the Internet. As the Internet is an insecure channel, it is needed to protect information of communicators. An authentication scheme can fulfill the aforementioned requirements. Recently, Huang et al. presented an elliptic curve cryptosystem-based password authentication scheme. This work has demonstrated that the scheme of Huang et al. has security weakness against the forgery attack. In addition, this paper also presented that the scheme of Huang et al. has some design drawbacks. Therefore, this paper has focused on excluding the security vulnerabilities of the scheme of Huang et al. by proposing an elliptic curve cryptosystem-based password authentication scheme using smart card. The security of our scheme is based on the hardness assumption of the one-way hash functions and elliptic curve discrete logarithm problem. Furthermore, we have demonstrated that our scheme is secured against known attacks. The performance of our scheme is also nearly equal when compared to related competing schemes. Copyright

A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB Mass Storage Devices

This paper proposes a key agreement scheme after secure authentication to prevent the unauthorized access of the data stored in a Universal Serial Bus (USB) Mass Storage Device (MSD). Due to the system architecture of this proposed scheme, authorized users can store their data in a secure encrypted form after performing authentication. The novelty of this work is that users can retrieve the encrypted data in not only the current session but also across different sessions, thus reducing the required communications overhead. This paper then analyses the security of the proposed protocol through a formal analysis to demonstrate that the information has been stored securely and is also protected offering strong resilience to relevant security attacks. The computational and communication costs of the proposed scheme is analyzed and compared to related works to show that the proposed scheme has an improved tradeoff for computational cost, communication cost and security1.

An Improved Efficient Remote User Authentication Scheme in Multi-server Environment using Smart Card

In a single server environment, one server is responsible for providing services to all the authorized remote users. However, the problem arises if a user wishes to access several network services. To overcome this weakness, various multi-server authentication schemes have been proposed. In 2012, Taygi et al. [1] proposed a scheme for multi-server environment. But it is found that their proposed scheme is insecure against user impersonation attack, server masquerading attack, collaboration attack between a valid user and a server, smart card stolen attack, password guessing attack and password change attack. Then we propose an improved scheme can overcome possible attacks and also provides better computational cost as well as communication cost than related schemes published earlier.

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

The concept of two-factor multiserver authentication protocol was developed to avoid multiple number of registrations using multiple smart-cards and passwords. Recently, a variety of two-factor multiserver authentication protocols have been developed. It is observed that the existing RSA-based multiserver authentication protocols are not suitable in terms of computation complexities and security attacks. To provide lower complexities and security resilience against known attacks, this article proposes a two-factor (password and smart-card) user authentication protocol with the RSA cryptosystem for multiserver environments. The comprehensive security discussion proved that the known security attacks are eliminated in our protocol. Besides, our protocol supports session key agreement and mutual authentication between the application server and the user. We analyze the proof of correctness of the mutual authentication and freshness of session key using the BAN logic model. The experimental outcomes obtained through simulation of the Automated Validation of Internet Security Protocols and Applications (AVISPA) S/W show that our protocol is secured. We consider the computation, communication, and storage costs and the comparative explanations show that our protocol is flexible and efficient compared with protocols. In addition, our protocol offers security resilience against known attacks and provides lower computation complexities than existing protocols. Additionally, the protocol offers password change facility to the authorized user.

Dual image based reversible data hiding scheme using (7,4) hamming code

In this paper, we propose a new dual-image based reversible data hiding scheme through (7,4) Hamming code (RDHHC) using shared secret key. A block of seven pixels are collected from cover image and copied into two arrays then it is adjusted redundant Least Significant Bits (LSBs) using odd parity such that any error creation is encountered at the sender end and recovered at the receiver end. Before data embedding, we first complement the bit at shared secret position. After that, secret message bit is embedded by error creation caused by tamper in any suitable position except secret position and that error is detected as well as corrected at the receiver end using Hamming error correcting code. One shared secret position κ and one shared secret key ξ help to perform data embedding, data extraction and recovery of the original image. The secret data and original cover image are successfully recovered at the receiver end from dual stego image. Finally, we compare our scheme with other state-of-the-art methods and obtain reasonably better performance in terms of PSNR.