A more secure digital rights management authentication scheme based on smart card

Kumari, Saru; Khan, Muhammad Khurram

doi:10.1007/s11042-014-2361-z

Cited by 17 publications

(12 citation statements)

References 30 publications

(36 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, these designed protocols were vulnerable to various potential attacks, including privileged insider, impersonation and offline password guessing attacks, because they relied exclusively on the password. Many subsequent MAKA schemes have been designed to overcome these security weaknesses using smart cards [7]- [9] and/or biometrics [10]- [12]. However, these schemes stored user sensitive data in a server database, hence if the server stored data is revealed by an adversary, the whole system collapses.…”

Section: A Background and Motivationmentioning

confidence: 99%

LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things

et al. 2020

View full text Add to dashboard Cite

Wireless body area networks (WBANs) and wireless sensor networks (WSNs) are important concepts for the Internet of Things (IoT). They have been applied to various healthcare services to ensure that users can access convenient medical services by exchanging physiological data between user and medical server. User physiological data is collected by sensor nodes and sent to medical service providers, doctors, etc. using public channels. However, these channels are vulnerable to various potential attacks, and hence, it is essential to design provably secure and lightweight mutual authentication (MA) schemes for medical IoT to protect user privacy and achieve secure communication. A lightweight mutual authentication and key agreement (MAKA) scheme was designed in 2019 to guarantee user privacy, but we found that the scheme does not withstand impersonation, stolen senor node and leaking verification table attacks, and it does not also ensure anonymity, untraceability and secure mutual authentication. This paper proposes a provably secure and lightweight MAKA scheme for medical IoT, called LAKS Non-verification table (NVT), that does not require a server verification table. We assess LAKS-NVT's security against various potential attacks and demonstrate that it achieves secure MA between sensor node and server using Burrows-Abadi-Needham logic. We employ the well-known Real-Or-Random which is random oracle model to prove that LAKS-NVT provides a session key security. In addition, the formal security verification using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool has been performed and the results show that LAKS-NVT is also secure. We compare LAKS-NVT's performance against contemporary authentication schemes, and verify that it achieves better security and comparable efficiency. The practical perspective of LAKS-NVT is also carried out via the Network Simulator 2 (NS2) simulation study.

show abstract

Section: A Background and Motivationmentioning

confidence: 99%

LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things

et al. 2020

View full text Add to dashboard Cite

show abstract

“…For the analysis of the security of Chaudhry et al and the proposed scheme in this paper, we consider the adversarial model with following the capacity of adversary: The adversary has full control over the public communication channel, which means that can eavesdrop, insert, delete, alter, or intercept any of the transmitted messages of the public channel. If obtains a stolen or lost mobile device of a user in some way, he/she is able to extract the secret parameters from the device using side-channel attacks [ 33 – 36 ]. is capable of enumerating off-line all of the possible items in the Cartesian product within polynomial time, where and denote the dictionary spaces of the identity and password, respectively [ 37 , 38 ].…”

Section: Preliminary Knowledgementioning

confidence: 99%

“…If obtains a stolen or lost mobile device of a user in some way, he/she is able to extract the secret parameters from the device using side-channel attacks [ 33 – 36 ].…”

Section: Preliminary Knowledgementioning

confidence: 99%

An improved anonymous authentication scheme for roaming in ubiquitous networks

Lee

Moon

et al. 2018

PLoS ONE

View full text Add to dashboard Cite

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people’s lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.’s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al’s scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments.

show abstract

“…1,2,14 The protocol of Kuo et al 1 is secure against stolen smart card similar to the protocol of Li et al But the protocol of Bapana et al 14 is vulnerable to stolen smart card and stolen server attacks. In the same year, Kumari et al 15 proposed a powerful scheme that is resistant against stolen smart card, stolen verifier, and insider attacks. Also, some lightweight schemes have been recently designed.…”

Section: Related Workmentioning

confidence: 99%

Provable analysis and improvement of smart card–based anonymous authentication protocols

Far

Alagheband

2018

Int J Communication

View full text Add to dashboard Cite

Summary Nowadays, authentication protocols are essential for secure communications specially for roaming networks, distributed computer networks, and remote wireless communication. The numerous users in these networks rise vulnerabilities. Thus, privacy‐preserving methods have to be run to provide more reliable services and sustain privacy. Anonymous authentication is a method to remotely authenticate users with no revelation about their identity. In this paper, we analyze 2 smart card–based protocols that the user's identity is anonymous. However, we represent that they are vulnerable to privileged insider attack. It means that the servers can compromise the users' identity for breaking their privacy. Also, we highlight that the Wen et al protocol has flaws in both stolen smart card and stolen server attacks and the Odelu et al protocol is traceable. Then, we propose 2 modified anonymous authentication protocols. Finally, we analyze our improved protocols with both heuristic and formal methods.

show abstract

A more secure digital rights management authentication scheme based on smart card

Cited by 17 publications

References 30 publications

LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things

LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things

An improved anonymous authentication scheme for roaming in ubiquitous networks

Provable analysis and improvement of smart card–based anonymous authentication protocols

Contact Info

Product

Resources

About