Sk Hafizul Islam

Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks

We observed that Farash et?al.s authentication protocol for WSN is susceptible to many security attacks.The protocol is also unable to preserve user anonymity.We designed an anonymity preserving authentication scheme for WSN.We analyze the security of the proposed protocol using AVISPA S/W.The proposed protocol is secure against active and passive attacks and more efficient than other protocols. Recently, Farash et?al. pointed out some security weaknesses of Turkanovic et?al.s protocol, which they extended to enhance its security. However, we found some problems with Farash et?al.s protocol, such as a known session-specific temporary information attack, an off-line password-guessing attack using a stolen-smartcard, a new-smartcard-issue attack, and a user-impersonation attack. Additionally, their protocol cannot preserve user-anonymity, and the secret key of the gateway node is insecure. The main intention of this paper is to design an efficient and robust smartcard-based user authentication and session key agreement protocol for wireless sensor networks that use the Internet of Things. We analyze its security, proving that our protocol not only overcomes the weaknesses of Farash et?al.s protocol, but also preserves additional security attributes, such as the identity change and smartcard revocation phases. Moreover, the results of a simulation using AVISPA show that our protocol is secure against active and passive attacks. The security and performance of our work are also compared with a number of related protocols.

Design and analysis of an improved smartcard-based remote user password authentication scheme

SUMMARY With the fast development of the Internet and the telecommunication technologies, internet users are carrying out various electronic transactions over internet by means of the authentication protocols. To ensure efficient and robust online transaction, security of authentication protocol turns out to be a great concern nowadays. As a result, smartcard-based password authentication and session key agreement scheme receives significant attention in recent years. In the literature, various authentication schemes have been proposed by the cryptographic research community. Recently, Li et al. analyze some security weaknesses of the authentication scheme of Chen et al. and propose an enhancement based on the discrete logarithm problem and computational Diffie–Hellman problem. This paper further cryptanalyzes the scheme of Li et al. and identifies various security loopholes and then constructs a modified authentication scheme as a remedy. The security and efficiency evaluations demonstrate that our scheme has more security features and low computation costs than the related schemes. Copyright

Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps

An efficient and secure ECM-3PAKE protocol with key confirmation is proposed.The proposed protocol is designed using extended chaotic maps and smartcard.The proposed protocol is provably secure in the random oracle model.The results of AVISPA show that our protocol resists active and passive attacks.The protocol is secure and computation efficient than the existing protocols. Recently, the theory and application of Chebyshev polynomials have been studied extremely by the cryptographic research community; many symmetric and asymmetric cryptographic protocols have been designed based on extended chaotic maps. In this paper, a computation cost efficient and robust three party password-based authenticated key exchange (ECM-3PAKE) protocol with key confirmation has been designed using extended chaotic maps and smartcard. In this protocol, two users can establish a common session key with the help of a trusted server. The proposed protocol is shown to be provably secure in the random oracle model and formally validated through the simulation of Automated Validation of Internet Security Protocols and Applications (AVISPA) software. The simulation results from different model checkers of AVISPA proved that the protocol can withstand the active and passive attacks. Besides, the informal security analysis gives the evidence of security and functional efficiencies of the protocol. In addition, the comparative analysis illustrates that the protocol performs better than the existing protocols.

A robust and anonymous patient monitoring system using wireless medical sensor networks

In wireless medical sensor network (WMSN), bio-sensors are implanted within the patient body to sense the sensitive information of a patient which later on can be transmitted to the remote medical centers for further processing. The patients data can be accessed using WMSN by medical professionals from anywhere across the globe with the help of Internet. As the patient sensitive information is transmitted over an insecure WMSN, so providing a secure access and privacy of the patients data are challenging issues in WMSN environments. However, in literature, to provide secure data access, few user authentication protocols exist. Most of these existing protocols may not be applicable to WMSNs for providing users anonymity. To fill these gaps, in this article, we propose an architecture for patient monitoring health-care system in WMSN and then design an anonymity-preserving mutual authentication protocol for mobile users. We used the AVISPA tool to simulate the proposed protocol. The results obtained indicate that the proposed authentication protocol resists the existing well known attacks. In addition, the BAN logic model confirms mutual authentication feature of the proposed protocol. Moreover, an informal cryptanalysis is also given, which ensures that the proposed protocol withstands all known attacks. We perform a comparative discussion of the proposed protocol against the existing protocols and the comparative results demonstrate that the proposed protocol is efficient and robust. Specifically, the proposed protocol is not only effective in providing robustness against common security threats, but it also offers an efficient login, robust mutual authentication, and user-friendly password change. A robust and anonymous user authentication protocol is designed to monitor patient health using wireless medical sensor networks.The security validation and authentication proof of the proposed protocol is done using AVISPA tool and BAN logic.The proposed protocol has superior performance than the existing protocols.

Anonymous and provably secure certificateless multireceiver encryption without bilinear pairing

Recently, numerous multireceiver identity-based encryption or identity-based broadcast encryption schemes have been introduced with bilinear pairing and probabilistic map-to-point MTP function. As the bilinear pairing and MTP functions are expensive operations, any cryptographic schemes based on these operations experience high computational burden. The certificateless public key cryptography sidesteps the private key escrow problem occurring in identity-based cryptosystem and certificate management troubles of certificate authority-based public key cryptography CA-PKC. We observed that certificateless multireceiver encryption CL-MRE scheme without pairing and MTP hash function has not yet been considered in the literature. In this paper, we proposed a bilinear pairing and MTP hash-function-free CL-MRE scheme with chosen ciphertext attack resilience. The detailed analyses provide evidence that our scheme achieves forward secrecy, backward secrecy, and low computation costs than others. The scheme also provides confidentiality of the message and receiver anonymity in the random oracle model with the hardness of computational Diffie-Hellman problem. Copyright

An enhanced multi-server authentication protocol using password and smart-card: cryptanalysis and design

At the present time, application of online communication systems are rapidly increasing and most of the clients depend on a set of servers to fulfill their daily needs. In order to access these servers, a client user needs to register to each server with different login credentials. To circumvent this situation, the concept of multi-server authentication has been adopted, where a user can access all the servers using a single login credential. In this paper, a two-factor multi-server authentication protocol, which is proposed by Leu and Hsieh, is analyzed and observed that the forgery attack and the off-line password-guessing attack can be made on it. Further, the off-line password-guessing attack and other security threats are found in similar kind of multi-server authentication protocol, which is designed by Li et al. This paper mainly focuses on enhancing the securities of the previously mentioned protocols and thus proposed a new protocol. We have employed formal and informal security analysis to analyze the proposed protocol. The performance of our protocol is also compared with the related protocols. It can also be noted that the designed protocol accomplishes mutual authentication, session key verification, and identity and password change phases. Copyright

A robust ElGamal-based password-authentication protocol using smart card for client-server communication.

Summary Smart card-based client-server authentication protocol is well popular for secure data exchange over insecure and hostile networks. Recently, Lee et al. put forward an authentication protocol by utilizing ElGamal cryptosystem and proved that it can withstand known security threats. This article evinces that the protocol of Lee et al. is unwilling to protect various important security vulnerabilities such as forgery attack and off-line password-guessing attack. To vanquish these loopholes, this article presents a robust authentication protocol for client-server communication over any insecure networks. The security explanation of our protocol has done through the formal and informal mechanism and its outcome makes sure that the designed protocol is strong enough to resist the known vulnerabilities. In addition, we have simulated our protocol using ProVerif online software and its results certify that our protocol is safe against private information of the client and server. This paper also has made performance estimation of the presented protocol and others, and the outcome favors the presented protocol.

An anonymous and provably secure authentication scheme for mobile user

Summary Chebyshev chaotic map is an important tool used in the domain of cryptography to develop different schemes for numerous applications. In 2014, Lin put forwarded a mobile user authentication system using dynamic identity and chaotic map. Lin declared that the scheme offers mutual authentication and session key agreement between user and server. Moreover, they stated that the scheme offers user anonymity and resilience against known attacks. However, we carefully examined Lins scheme and found that it is no longer usable for practical applications as (i) it has no facility to identify the wrong password and identity, which are inputted by the user during login and password update phases, (ii) it has no facility to protect user impersonation attack, and (iii) it has the problem of session key forward secrecy. We put forwarded an enhanced scheme based on extended chaotic map to repair the fragilities of Lins scheme. We formally examined the security of our scheme and demonstrated that it is provably secured in random oracle model. Further, we presented some informal cryptanalysis to make sure that the enhanced scheme is secure from known attacks. Our scheme is also computation efficient against other competitive protocols. Copyright

Security analysis and design of an efficient ECC-based two-factor password authentication scheme

Client-server-based communications provide a facility by which users can get several services from home via the Internet. As the Internet is an insecure channel, it is needed to protect information of communicators. An authentication scheme can fulfill the aforementioned requirements. Recently, Huang et al. presented an elliptic curve cryptosystem-based password authentication scheme. This work has demonstrated that the scheme of Huang et al. has security weakness against the forgery attack. In addition, this paper also presented that the scheme of Huang et al. has some design drawbacks. Therefore, this paper has focused on excluding the security vulnerabilities of the scheme of Huang et al. by proposing an elliptic curve cryptosystem-based password authentication scheme using smart card. The security of our scheme is based on the hardness assumption of the one-way hash functions and elliptic curve discrete logarithm problem. Furthermore, we have demonstrated that our scheme is secured against known attacks. The performance of our scheme is also nearly equal when compared to related competing schemes. Copyright

Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.