Manik Lal Das

A dynamic ID-based remote user authentication scheme

Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.

Two-factor user authentication in wireless sensor networks

Wireless sensor networks (WSN) are typically deployed in an unattended environment, where the legitimate users can login to the network and access data as and when demanded. Consequently, user authentication is a primary concern in this resource-constrained environment before accessing data from the sensor/gateway nodes. In this letter, we present a two-factor user authentication protocol for WSN, which provides strong authentication, session key establishment, and achieves efficiency.

A novel remote user authentication scheme using bilinear pairings

The paper presents a remote user authentication scheme using the properties of bilinear pairings. In the scheme, the remote system receives user login request and allows login to the remote system if the login request is valid. The scheme prohibits the scenario of many logged in users with the same login-ID, and provides a flexible password change option to the registered users without any assistance from the remote system.

An improved bilinear pairing based remote user authentication scheme

Recently Das et al. proposed a novel remote user authentication scheme using bilinear pairings. Chou et al. identified a weakness in Das et al.s scheme and made an improvement. In this paper, we show that both Das et al.s and Chou et al.s schemes are insecure against forgery and replay attacks. We proposed an improved scheme that overcomes the security flaws without affecting the merits of the original scheme.

Hierarchical key management scheme using polynomial interpolation

We present a hierarchical key management scheme using cryptographic hash function and Newtons polynomial interpolation for users key and system resources management. A similar technique has been proposed in 2002 by Shen and Chen, but their scheme suffers large computational overhead and security weakness. We show that our scheme is secure and efficient in comparisons to the Shen and Chens scheme.

An efficient secure key issuing protocol in ID-based cryptosystems

This paper presents an efficient and secure protocol for key issuing in ID-based cryptosystems using bilinear pairings. We use a simple blinding technique to eliminate the need of secure channel and multiple authorities approach to avoid the key escrow problem. We show that our protocol overcomes the disadvantages of other pairing based schemes and is efficient compared to the existing key issuing protocol.

Threshold key issuing in identity-based cryptosystems

Secure key issuing in identity-based cryptosystems is a challenging task due to the inherent drawback of key escrow. Several protocols have been proposed for key issuing which do not require secure channel and eliminate key escrow problem. However, the existing secure and efficient protocol requires all the participating authorities to be mandatorily available for constructing the users private key. We present a secure and robust protocol for key issuing in identity-based cryptosystems by using the concept of threshold cryptosystems, which avoids the practical limitation.

MMPS: a versatile mobile-to-mobile payment system

The paper presents an effective mobile-to-mobile payment system. A mobile phone with or without SIM card is enabled as an EMV payment instrument and is linked to a debit or credit account in a bank to pay merchant who has a mobile phone or an online EMV capable terminal. In a single phone, multiple credit or debit accounts from different banks can be configured without compromising on security. The proposed framework provides a secure and convenient payment mechanism without any terminal infrastructure.

RFID security in the context of "internet of things"

Internet has emerged as a medium to connect entities across the world for emailing, conferencing, trading, gaming and so on. Internet of Things (IoT) is emerging as a global network for connecting any objects (physical or virtual) across the globe, ranging applications from home appliances to consumer electronics. In IoT, physical objects such as home appliances, vehicles, supply-chain items, containers, etc. should have unique identities for interacting among themselves. As a result, unique identification of trillion of objects is a foremost requirement in IoT. RFID (Radio Frequency IDentification) technology plays an important role in IoT for solving identification issues of objects around us in a cost effective manner. The usage of low cost RFID tags draws greater attention from researchers in recent past, as the cost of supply-chain items should not exceed much because of embedded tag cost. The communication between tag and reader takes place over insecure channel. Therefore, security concern has become an important issue in RFID systems. In recent years, several light-weight protocols and improvements have been proposed for RFID security. Some of them have succeeded with their security claim, but many protocols suffer from security weaknesses or design flaws. In this paper, we discuss a recently proposed protocols strengths and weaknesses and then proposed an improved protocol, retaining efficiency of the protocol intact.

A security framework for mobile-to-mobile payment network

This paper presents a framework for a mobile-to-mobile payment system, where a mobile phone, with or without SIM card, is used as an EMV payment instrument and is linked to a debit or credit account in a bank to pay any merchant who has a mobile phone or an on-line EMV capable terminal. In a single phone, multiple credit or debit accounts from different banks can be configured without compromising on security. The customer or consumer can manage many accounts with a common PIN and the framework provides a secure and convenient payment mechanism over-the-air.