Toan-Thinh Truong

Improvement of the More Efficient and Secure ID-Based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on ECC

Mobile devices (e.g., PDA, mobile phone, and notebook PC) become necessary for a convenient and modern life. Users can use them to access many applications, for example online shopping, mobile pay TV, internet banking, which have been deployed on internet or wireless networks easily. Therefore, secure communications in such wireless environments are more and more important because they protect transactions between users and servers from illegal adversaries. Especially, users are people vulnerable to attacks and there are many authentication schemes proposed to guarantee them. Recently, Islam and Biswas have proposed a more efficient and secure ID-based scheme for mobile devices on ECC to enhance security for authentication. They claimed that their scheme truly is more secure than previous ones and it can resist various attacks. However, it is not true because their scheme is vulnerable to known session-specific temporary information attack, and denial of service resulting from leaking servers database. In this paper, we present an improvement to their scheme in order to isolate such problems.

Robust Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme

Communications in the wireless environments such as GSM, CDPD, 3G, and 4G are very popular. Therefore, it is necessary to have a secure authentication scheme to protect transactions between users and servers from illegal adversaries. Especially, users are people vulnerable to attacks and there are many authentication schemes with smart cards proposed to guarantee them. Recently, Chen et al have proposed a scheme integrated with fingerprint of users to enhance security for authentication. With this idea, Chen et al.s scheme truly is more secure than previous ones. However, their scheme is easy to be compromised by replay attack. Furthermore, attackers can steal identity to re-register to obtain secret key to fake users and servers. In this paper, we present an improvement to their scheme in order to isolate such problems.

Robust Secure Dynamic ID Based Remote User Authentication Scheme for Multi-server Environment

Dynamic ID based authentication scheme is more and more important in wireless environments such as GSM, CDPD, 3G and 4G. One of important properties of such authentication scheme is anonymity. It must be guaranteed to defend the privacy of mobile users against outside attacks, and the scheme of Cheng-Chi Lee, Tsung-Hung Lin and Rui-Xiang Chang satisfies that requirement. However, another important property that should be considered is impersonation. The scheme must have capability to resist this kind of attack to protect legal users from illegal adversaries. In this paper, we demonstrate that Lee et al.’s scheme is still vulnerable to masquerade attack and session key attack with stolen smart card. Then we present an improvement of their scheme in order to isolate such problems.

Enhanced Dynamic Authentication Scheme (EDAS)

With non-stop growth in network environments, communication security is necessary. A strong protocol guarantees that users and service providers are secure against many kinds of attacks, such as impersonation and replay attack. Sood et al. proposed an authentication scheme based on dynamic identity to prevent transactions from being intercepted by malicious users. Although they claimed that their scheme has advantages over previous schemes with the same approach, we prove that their scheme is vulnerable to impersonation attack and stolen verification attack, and can be affected by clock synchronization. Therefore we propose a novel authentication scheme to enhance security and overcome limitations existing in Sood’s scheme. Our security analysis shows that our proposed method can efficiently resist known types of attacks. Experimental results also show that the method can be implemented and processed in real-time thus applicable for not only regular computers but also mobile devices.

Modified efficient and secure dynamic ID-Based user authentication scheme

Communication is necessary operations in wireless environments. Therefore, we must have a secure remote authentication to defend transactions against illegitimate adversaries in such risky channel. Smart card is one of methods that many schemes used due to its convenience. Recently, Khurram Khan has proposed an enhancement scheme using smart card to recover some pitfalls in Wang et al.s scheme. They claimed that their scheme remedy those security flaws. Nevertheless, we point out that Khan et al.s scheme cannot protect users anonymity. Besides, it does not achieve secret key forward secrecy and cannot resist denial of service attack due to values stored in servers database. Consequently, we present an improvement to their scheme to isolate such problems.

Dynamic Identity-Based Authentication Scheme with Perfect Forward Secrecy Session Key

Password is one of the simple and efficient methods to protect the transactions in insecure network environments. There are many authors researching in this area to suggest the protocols preventing illegitimate users from accessing the systems. In 2013, Y-H An proposed the scheme to isolate some problems which exist in Khan et al.’s scheme. In this paper, we demonstrate that Y-H An’s scheme is vulnerable to server forgery attack and cannot provide user’s anonymity. Furthermore, we also propose the modified scheme to overcome these limitations.

Secure Identity-Based Authentication Scheme Suitable for Limited-Resource Devices

In the internet banking environment, using credit cards to pay the services is one of the most popular and simplest methods. However, this is dangerous if users information or smart-card is stolen. With a non-stop development of mobile and wearable devices, user authentication scheme which is security and low-resource efficient is a subject of interest. Modern devices help securing login phase by exploit biometrics collecting from them. Recently, Saru Kumari et al. proposed a remote scheme with key agreement to overcome popular kinds of attacks. However, in this paper, we realize their scheme is still vulnerable to two-factor attack and does not achieve user anonymity. In addition to security analysis, we presented an improved scheme to have a better solution with elliptic curve cryptosystem.

Smart Kiosk with Gait-Based Continuous Authentication

The authors propose to develop a smart kiosk that plays the role of an identity selector activated implicitly when a user is approaching that kiosk. The identity of a user is recognized implicitly in background by a mobile/wearable device based on his or her gait features. Upon arriving at a smart kiosk, the authentication process is performed automatically with the current available user identity in his or her portable device. To realize our system, we propose a new secure authentication scheme compatible with gait-based continuous authentication that can resist against known attacks, including three-factor attacks. Furthermore, we also propose a method to recognize users from their moving patterns using multiple SVM classifiers. Experiments with a dataset with 38 people show that this method can achieve the accuracy up to 92.028i¾?%.

Two-Way Biometrics-Based Authentication Scheme on Mobile Devices

Online transactions with mobile devices through internet environment have become popular worldwide. Therefore, many authentication schemes have been proposed to protect users from various potential attacks in e-transactions with online service providers from mobile devices. In 2013, Khan et. al. propose a key-hash based scheme on mobile devices to resist known kinds of attacks that previous schemes cannot resist. However, we prove that Khan et. al.’s scheme still cannot withstand impersonation, denial of service, and three-factor attacks. This motivates our proposal of an improved scheme to further overcome the found limitations in Khan’s scheme. The main idea of our proposed method is that the user ID and the secret key of the server are hashed together to prevent user impersonation. We also prove that our method can also resist against known attacks, such as server and user impersonation attack, replay attack, password guessing attack, malicious user attack, mobile device loss attack, attacks due to ID theft, attacks using login request.

Smart Card Based User Authentication Scheme with Anonymity

Mobile devices (e.g., PDA, mobile phone, tablet, and notebook PC) become necessary for a convenient and modern life. So, we can use them to access services, for examples online shopping, internet banking. In such insecure environment, we see that communications are more and more essential because they defend users and providers against illegitimate adversaries. Recently, Shin et al have proposed scientific paper entitled ’A Remote User Authentication Scheme with Anonymity for Mobile Devices’ to enhance security for remote user authentication. They claimed that their scheme is truly more secure than previous ones and it can resist various attacks. However, it is not true because their scheme’s vulnerable to insider, impersonation and replay attacks. In this paper, we present an improvement to their scheme to isolate such problems.