YoHan Park

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.

Provably Secure and Efficient Authentication Protocol for Roaming Service in Global Mobility Networks

In global mobility networks, a mobile user can access roaming services using a mobile device at anytime and anywhere. However, mobile users can be vulnerable to various attacks by adversaries, because the roaming services are provided through public network. Therefore, an anonymous mobile user authentication for roaming services is an essential security issue in global mobility networks. Recently, Lee et al. pointed out the security weaknesses of a previous scheme and proposed an advanced secure anonymous authentication scheme for roaming services in global mobility networks. However, we found that the scheme proposed by Lee et al. is vulnerable to password guessing and user impersonation attacks, and that it cannot provide perfect forward secrecy and secure password altered phase. In this paper, to overcome the security weaknesses of the scheme proposed by Lee et al., we propose an improved secure anonymous authentication scheme using shared secret keys between home agent and foreign agent. In addition, we analyze the security of our proposed scheme against various attacks and prove that it provides secure mutual authentication using Burrows–Abadi–Needham logic. In addition, the formal security analysis using the broadly-accepted real-or-random (ROR) random oracle model and the formal security verification using the widely accepted automated validation of the Internet security protocols and applications tool show that the proposed scheme provides the session key security and protection against replay as well as man-in-the-middle attacks, respectively. Finally, we compare the performance of the proposed scheme with the related schemes, and the results show that the proposed scheme provides better security and comparable efficiency as compared with those for the existing schemes.

Security analysis and enhancements of an improved multi-factor biometric authentication scheme

Many remote user authentication schemes have been designed and developed to establish secure and authorized communication between a user and server over an insecure channel. By employing a secure remote user authentication scheme, a user and server can authenticate each other and utilize advanced services. In 2015, Cao and Ge demonstrated that An’s scheme is also vulnerable to several attacks and does not provide user anonymity. They also proposed an improved multi-factor biometric authentication scheme. However, we review and cryptanalyze Cao and Ge’s scheme and demonstrate that their scheme fails in correctness and providing user anonymity and is vulnerable to ID guessing attack and server masquerading attack. To overcome these drawbacks, we propose a security-improved authentication scheme that provides a dynamic ID mechanism and better security functionalities. Then, we show that our proposed scheme is secure against various attacks and prove the security of the proposed scheme using BAN Logic.