Jaewook Jung

Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined users biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chens scheme.

An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards.

In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user’s management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.’s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.’s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.’s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties.

Efficient and robust user authentication scheme that achieve user anonymity with a Markov chain

Because of the evolution of mobile devices and networks, users can now access a network at any moment, in whatever place with a smart card. User authentication using smart card is a technique in which server checks the legality of a user between insecure channel, which avoid the peril of eavesdropping. Today, the user authentication schemes are proposed several ways. As schemes are proposed and analyzed for several years, way to authentication is also diversifying such as chaotic map and elliptic curve discrete logarithm problem. Recently, new authentication scheme is proposed which uses Markov Chain. The proposed scheme is explained that can resist several hazard of security such as reflection attack, forgery attack, parallel-session attack. However, we refer that existing scheme is still insecure to protect some several security attack such as user impersonation attack, off-line password guessing attack, and so on, so the existing scheme is unsuitable for real implementation. To fix these security flaws, we recommend an efficient and robust authentication scheme, which protects all the identified flaws of existent scheme. Furthermore, our propose scheme is more efficient and covers the identified vulnerability of existing scheme; therefore, our proposed scheme is more suitable to apply real-life application. Copyright

An enhanced remote user authentication scheme using smart card

Remote User authentication scheme is widely used for communication between authorized remote users over insecure network. In 2010, Manoj Kumar proposed a new secure remote user authentication scheme with smart cards. He claimed that the protocol was secure against replay attack, stolen verifier attack. However, we show that the protocol is vulnerable to stolen smart-cards attack and password guessing attack. In this paper, we will address detailed analysis of the flaw in Kumars scheme and resolve aforementioned problems.

Cryptanalysis and Improvement of Efficient Password-Based User Authentication Scheme using Hash Function

Remote user authentication schemes are commonly used for communication between authorized users and remote servers over an insecure network. Due to its simplicity and convenience this method is widely used in many environments, such as sensor networks or remote host login systems. In recent years, several remote user authentication schemes using smart cards have been proposed. Recently, Singhal and Ramaiya proposed an efficient smart card-based authentication scheme using hash function. They claimed that their scheme could withstand several kinds of attacks, including off-line password guessing attacks, user impersonation attacks, privileged-insider attacks, etc. However, there are some vulnerabilities in Singhal and Ramaiyas scheme. It was found their scheme could not withstand off-line password guessing attack and user impersonation attack. Besides, their scheme cannot achieve perfect forward secrecy, and also fail to preserve user anonymity. In this paper, we propose a security enhanced user authentication scheme to resolve the aforementioned weaknesses. Our proposed scheme is also based on the hash function and our analysis shows that this scheme is more efficient and secure than previous schemes.

Security Analysis and Improvements of Session Key Establishment for Clustered Sensor Networks

WSN (wireless sensor network) is one of the main technologies in IoT (Internet of Things) applications or services. To date, several schemes have been proposed to establish a pair-wise key between two nodes in WSN, and most of them are designed to establish long-term keys used throughout the network lifetime. However, in the near future, if WSN will be used for information infrastructures in various fields such as manufacturing, distribution, or public facilities management and its life cycle can be as long as that of other common networks, it will definitely be advantageous in terms of security to encrypt messages using session keys instead of long-term keys. In this paper, we propose a session key establishment scheme for clustered sensor networks that is based on elliptic curve Diffie-Hellman (ECDH) key exchange and hash chain. The proposed scheme eliminates vulnerabilities of existing schemes for WSN and has improved security. The proposed scheme is efficient in terms of energy costs compared to related schemes.

Cryptanalysis and improvement of robust authentication scheme for telecare medicine information systems

Telecare Medicine Information System holds up health-care delivery service between patients and doctor. Send the user or TMIS servers information through the public channel. To protect patients personal information such has telephone number, home address, health information is significant in communication protocol. Therefore, User authentication schemes for telecare medicine information systems (TMIS) have been proposed continuously. Recently, Kukki et al. proposed an improved authentication scheme for TMIS. Nevertheless, in this paper, we will demonstrate Kukkis scheme is still open to attack offline password guessing attack, user impersonation attack. To improve protection of security threat, we suggest new authentication scheme for TMIS which has more efficient and safety. The analysis demonstrations our proposed scheme is able to resist the weakness in Kukki et al.s scheme and has better accomplishment.

Construction of a Privacy Preserving Mobile Social Networking Service

The social-network application comes on, as the smart phone has come into wide use. The Social Network Service is making huge effect to the new relationship among the people. With this new wave, the development of the social-network application which is based on the smart phone is activated. Some of the social network application including the service, allow users to search other users who is close to the current location, for example, “WhosHere” of iPhone. These applications provides user checker which is based on the information of the other users such as age, gender, interest. However, this method demands the congruity of the information, i.e., the information of the searcher and the surveyee must perfectly match. Improving this aspect, in this paper, we propose a method to enhance privacy of social networking service, while preserving its original objective as a social hub. The proposed method is based on fuzzy vault scheme; the main contribution of our scheme is that the matching ratio that sets the degree of information correlation is variable and can be set by user.

Efficient and Secure Biometric-Based User Authenticated Key Agreement Scheme with Anonymity

At present, a number of users employ an authentication protocol so as to enjoy protected electronic transactions in wireless networks. In order to establish an efficient and robust the transaction system, numerous researches have been conducted relating to authentication protocols. Recently, Kaul and Awasthi presented an user authentication and key agreement scheme, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent two kinds of attacks, including off-line password guessing attacks and user impersonation attacks. Second, user anonymity rule cannot be upheld. Third, session key can be compromised by an attacker. Fourth, there is high possibility that the time synchronization trouble occurs. Therefore, we suggest an upgraded version of the user authenticated key agreement method that provides enhanced security. Our security and performance analysis shows that compared, to other associated protocols, our method not only improves the security level but also ensures efficiency.

An improved anonymous authentication scheme for roaming in ubiquitous networks

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people’s lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.’s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al’s scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments.