Husnain Naqvi

An enhanced privacy preserving remote user authentication scheme with provable security

Very recently, Kumari et al. proposed a symmetric key and smart card-based remote user password authentication scheme to enhance Chung et al.s scheme. They claimed their enhanced scheme to provide anonymity while resisting all known attacks. In this paper, we analyze that Kumari et al.s scheme is still vulnerable to anonymity violation attack as well as smart card stolen attack. Then we propose a supplemented scheme to overcome security weaknesses of Kumari et al.s scheme. We have analyzed the security of the proposed scheme in random oracle model which confirms the robustness of the scheme against all known attacks. We have also verified the security of our scheme using automated tool ProVerif. Copyright

Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems

Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. (J. Med. Syst. 38(10):135, 2014) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography (ECC) to improve Xu et al.’s (J. Med. Syst. 38(1):9994, 2014) protocol. They claimed their improved protocol to be efficient and provides all security requirements. However our analysis reveals that Islam et al.’s protocol suffers from user impersonation and server impersonation attacks. Furthermore we proposed an enhanced protocol. The proposed protocol while delivering all the virtues of Islam et al.’s protocol resists all known attacks.

An improved and provably secure privacy preserving authentication protocol for SIP

Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarantee secure SIP based communication, a number of authentication schemes are proposed, typically most of these are based on smart card due to its temper resistance property. Recently Zhang et al. presented an authenticated key agreement scheme for SIP based on elliptic curve cryptography. However Tu et al. (Peer to Peer Netw. Appl 1–8, 2014) finds their scheme to be insecure against user impersonation attack, furthermore they presented an improved scheme and claimed it to be secure against all known attacks. Very recently Farash (Peer to Peer Netw. Appl 1–10, 2014) points out that Tu et al.’s scheme is vulnerable to server impersonation attack, Farash also proposed an improvement on Tu et al.’s scheme. However, our analysis in this paper shows that Tu et al.’s scheme is insecure against server impersonation attack. Further both Tu et al.’s scheme and Farash’s improvement do not protect user’s privacy and are vulnerable to replay and denial of services attacks. In order to cope with these limitations, we have proposed a privacy preserving improved authentication scheme based on ECC. The proposed scheme provides mutual authentication as well as resists all known attacks as mentioned by Tu et al. and Farash.

An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient’s as well as TMIS server’s legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1–8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.’s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.’s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.’s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.’s scheme is also robust against known attacks.

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient. Contrarily, there are a number of security issues to be addressed, user anonymity and fair exchange have become important concerns along with authentication, confidentiality, integrity and non-repudiation. In a number of existing e-payment schemes, the customer pays for the product before acquiring it. Furthermore, many such schemes require very high computation and communication costs. To address such issues recently Yang et al. proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption. They excluded the need of digital signatures for authentication. Further they claimed their schemes to resist replay, man-in-middle, impersonation and identity theft attack while providing confidentiality, authenticity, integrity and privacy protection. However our analysis exposed that Yang et al.’s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An adversary just having knowledge of public parameters can easily masquerade as a legal user. Furthermore, we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.’s schemes. We prove the security of our schemes using automated tool ProVerif. The improved schemes are more robust and more lightweight than Yang et al.’s schemes which is evident from security and performance analysis.

A lightweight message authentication scheme for Smart Grid communications in power sector

Designed an authentication scheme for IoT based smart grid communication.Analyzed the scheme using automated tool ProVerif.The proposed scheme is more lightweight and secure than existing schemes. The Internet of Things (IoT) has plenty of applications including Smart Grid (SG). IoT enables smooth and efficient utilization of SG. It is assumed as the prevalent illustration of IoT at the moment. IP-based communication technologies are used for setting SG communication network, but they are challenged by huge volume of delay sensitive data and control information between consumers and utility providers. It is also challenged by numerous security attacks due to resource constraints in smart meters. Sundry schemes proposed for addressing these problems are inappropriate due to high communication, computation overhead and latency. In this paper, we propose a hybrid Diffie-Hellman based lightweight authentication scheme using AES and RSA for session key generation. To ensure message integrity, the advantages of hash based message authentication code are exploited. The scheme provides mutual authentication, thwarting replay and man-in-the-middle attacks and achieves message integrity, while reducing overall communication and computation overheads.

An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography

The need for Lightweight cryptography is on the rise as transition has been made from wired to wireless network. Wireless systems inherently are insecure and resource (power) constrained, to deal with these constraints, many techniques for symmetric and asymmetric cryptography are defined. One such important developement is Signcryption to achieve message confidentiality, integrity, sender and message authentication, non repudiation, forward secrecy as well as unforgeability,and public verifiability. Since Signcryption combines the signature and encryption therefore the cost is very less in comparison to those schemes based on the signature then encryption. Many signcryption schemes have been proposed based on El-Gamal, RSA and ECC till today. This paper highlights limitations of the existing ECC based schemes using signcryption. These limitations include some missing security aspects as well as high computation power requirement, more communication overhead incurred and large memory requirements. Further it proposes an efficient lightweight signcryption scheme based on HECC which fulfills all the security requirements. The scheme reduced significant amounts of computation, communication costs and message size as compared to existing signcryption schemes making it the good candidate for environments suffer from the resource limitation problems.

A Robust and Efficient Privacy Aware Handover Authentication Scheme for Wireless Networks

AbstractA handover authentication protocol ensures secure and seamless roaming over multiple access points. A number of such protocols are proposed, but most of these protocols are inefficient or insecure. Very recently, Li et al. (Wireless Pers Commun 80(2):581–589, 2015) proposed a privacy-aware handover authentication protocol, and claimed their protocol to be more lightweight and secure than existing protocols. However, our analysis identifies that Li et al.’s protocol is insecure against access point impersonation attack. As a remedy, we proposed an improved protocol to fix the security weakness of Li et al.’s protocol. The improved protocol achieves the provable security in the random oracle model against the hardness assumptions of the elliptic curve discrete logarithm problem and elliptic curve computational Diffie–Hellman problem. The proposed handover authentication protocol is also formally analyzed with the automated tool ProVerif. The improved protocol not only enhances the security but is more lightweight than other related protocols.

An improved and robust biometrics-based three factor authentication scheme for multiserver environments

The rapid advancement in communication technologies enables remote users to acquire a number of online services. All such online services are provided remotely facilitating the users to freely move any where with out disruption of the services. In order to ensure seamless and secure services to the remote user such services espouse authentication protocols. A number of authentication protocols are readily available to achieve security and privacy in remote client server architecture. Most of these schemes are tailored for single server architecture. In such scenario, if a user wants to attain the services provided by more than one servers he has to register with each server. In recent times, multiserver authentication has got much attention, where a user can register once and then can acquire services provided by multiple servers. Very recently, Lu et al. proposed a biometric, smart card and password-based three factor authentication scheme usable for multiserver environments. Furthermore, Lu et al. identified their scheme to resist known attacks. However, the analysis in this paper ascertains that Lu et al.’s scheme is vulnerable to impersonation attack. An adversary registered to the system just after knowing the public identity of a user can impersonate himself as the latter. Then we propose an improvement over Lu et al.’s scheme. Our improvement is more robust than the existing schemes. The security of proposed scheme is substantiated formally along with informal security discussion, while same is also validated using a popular automated tool ProVerif. The analysis confirms that proposed scheme achieves mutual authentication and is robust against known attacks. In addition, the proposed scheme does not incur any extra computation as compared with Lu et al.’s scheme.

An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre

Multi-server authentication (MSA) enables the user to avail multiple services permitted from various servers out of a single registration through registration centre. Earlier, through single-server authentication, a user had to register all servers individually for availing the respective services. In the last few years, many MSA-based schemes have been presented; however, most of these suffer communication overhead cost due to the Registration Centre (RC) involvement in every mutual authentication session. In voice communication this round-trip latency becomes even more noticeable. Hence, the focus of the protocols design has been shifted towards light-weight cryptographic techniques such as Chebyshev chaotic map technique (CCM). We have reviewed few latest MSA-related schemes based on CCM and elliptic curve cryptography (ECC) as well. Based on these limitations and considerations, we have proposed a single-round trip MSA protocol based on CCM technique that foregoes the RC involvement during mutual authentication. Our study work is cost efficient in terms of communication delay and computation, and provides enhanced security by the use of public key cryptosystem. The proposed scheme is duly backed by formal security analysis and performance evaluation.