A Secure Three-Factor Authentication Protocol for E-Governance System Based on Multiserver Environments

Cho, Yeongjae; Oh, Jihyeon; Kwon, Deokkyu; Son, Seunghwan; Yu, SungJin; Park, YoHan; Park, Young Ho

doi:10.1109/access.2022.3191419

Cited by 22 publications

(28 citation statements)

References 45 publications

(72 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This research paper [29] presents a secure three-factor mutual authentication protocol for e-governance systems in multi-server environments. The proposed protocol aims to address the vulnerabilities of a previously proposed smart card-based authentication protocol, including resistance to smart card theft, insider attacks, man-in-the-middle attacks, user impersonation, and session key disclosure.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Wi-Fi Radio Wave-Based Continuous Zero-Effort Two-Factor Authentication Utilizes Machine Learning

Alqahtani¹,

Alshyab²

2023

Preprint

View full text Add to dashboard Cite

<p>Two-factor authentication (2FA) is a widely adopted security measure that requires users to provide an additional layer of authentication beyond a username and password in order to access protected resources. While traditional 2FA methods rely on the user to manually enter a code or token, the use of machine learning (ML) has the potential to revolutionize 2FA by enabling automatic and continuous verification of a user’s identity. In this paper, we propose a continuous zero effort 2FA system that uses ML to verify a user’s identity based on the unique characteristics of their environment, including beacon frame characteristics and RSSI values collected from Wi-Fi access points (APs). This system allows for seamless and automatic authentication without requiring any additional input or action from the user beyond their initial login. Additionally, the continuous authentication feature of the proposed system ensures that access to protected resources is maintained only when the user’s two devices are co-located. Through experiments, we demonstrate the effectiveness of the proposed system in determining the location of the user’s devices based on beacon frame characteristics and Received Signal Strength Indicator (RSSI) values. The proposed system offers a convenient and secure solution for 2FA that utilizes the power of ML to enable automatic and continuous authentication. Furthermore, its scalability, flexibility, and adjustability make it a promising option for organizations and users who need a secure and convenient authentication system. Finally, we have included three Python codes in the appendix, which provide further insights into our evaluation and analysis of the proposed system.</p>

show abstract

Section: Related Workmentioning

confidence: 99%

“…The potential benefits of this approach [29] to addressing the vulnerabilities of mobile 2FA applications include increased security and resource-rich environment provided by offloading to the cloud. This can potentially reduce the risk of compromise for mobile 2FA applications and improve the overall security of the system.…”

Section: Related Workmentioning

confidence: 99%

Wi-Fi Radio Wave-Based Continuous Zero-Effort Two-Factor Authentication Utilizes Machine Learning

Alqahtani¹,

Alshyab²

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Protocols 35,41 fails to preserve users identity and protocols 37,41,42,45,46 are prone to user traceability. Protocols 35,36,[42][43][44] are prone to replay attack and protocols 39,40,42 are vulnerable to insider attack. Protocols 35,37 are prone to KSSTI attack and protocols 39,41 fails to provide forward secrecy.…”

Section: Performance Evaluationmentioning

confidence: 99%

“…• We compare the effectiveness of our protocol with Bouchaala et al, 35 Kaur et al, 36 Dharminder et al's 37 and other existing relevant protocols [39][40][41][42][43][44][45][46] in terms of security attributes, communication, and computational overheads.…”

Section: Motivations and Contributionmentioning

confidence: 99%

A novel and provably secure mutual authentication protocol for cloud environment using elliptic curve cryptography and fuzzy verifier

Patel

Shukla

Patel

2023

Concurrency and Computation

View full text Add to dashboard Cite

SummaryCloud computing is an emerging paradigm that enables on‐demand data storage without considering the local infrastructure limitations of end‐users. The extensive growth in number of servers, resources, and networks intensifies security and privacy concerns in clouds. This necessitates secure mutual authentication and key agreement mechanism to verify the legitimacy of participating entities. In accordance, several authentication protocols have been designed to authenticate end‐users over insecure channels. This article presents security analysis of recent protocols that claim to render security and privacy features. We demonstrate that Kaur et al.'s protocol is vulnerable to replay attack, Dharminder et al.'s protocol is prone to user traceability and known session‐specific temporary information (KSSTI) attacks, and Bouchaala et al.'s protocol is prone to replay and KSSTI attacks. To withstand the aforementioned attacks, we propose an enhanced protocol based on fuzzy verifier and elliptic curve cryptography for clouds. Our protocol safeguards against security attacks while providing privacy functionalities. The security analysis is illustrated under real‐or‐random model, and correctness is verified under the Scyther security verification tool. Finally, comparative analysis with existing protocols shows that our protocol delivers robust security with reasonable computational and communication overheads than state‐of‐the‐art protocols.

show abstract

“…The ROR model is widely used to prove the security of session keys of various authentication protocols [42]- [44].…”

Section: Formal Security Analysis Using Ror Modelmentioning

confidence: 99%

Design of Secure Mutual Authentication Scheme for Metaverse Environments Using Blockchain

et al. 2022

Self Cite

View full text Add to dashboard Cite

During the COVID-19 pandemic, engagement in various remote activities such as online education and meetings has increased. However, since the conventional online environments typically provide simple streaming services using cameras and microphones, there have limitations in terms of physical expression and experiencing real-world activities such as cultural and economic activities. Recently, metaverse environments, three-dimensional virtual reality that use avatars, have attracted increasing attention as a means to solve these problems. Thus, many metaverse platforms such as Roblox, Minecraft, and Fortnite have been emerging to provide various services to users. However, such metaverse environments are potentially vulnerable to various security threats because the users and platform servers communicate through public channels. In addition, sensitive user data such as identity, password, and biometric information are managed by each platform server. In this paper, we design a system model that can guarantee secure communication and transparently manage user identification data in metaverse environments using blockchain technology. We also propose a mutual authentication scheme using biometric information and Elliptic Curve Cryptography (ECC) to provide secure communication between users and platform servers and secure avatar interactions between avatars and avatars. To demonstrate the security of the proposed mutual authentication scheme, we perform informal security analysis, Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Applications (AVISPA). In addition, we compare the computation costs, communication costs, and security features of the proposed scheme with existing schemes in similar environments. The results demonstrate that the proposed scheme has lower computation and communication costs and can provide a wider range of security features than existing schemes. Thus, our proposed scheme can be used to provide secure metaverse environments.

show abstract

A Secure Three-Factor Authentication Protocol for E-Governance System Based on Multiserver Environments

Cited by 22 publications

References 45 publications

Wi-Fi Radio Wave-Based Continuous Zero-Effort Two-Factor Authentication Utilizes Machine Learning

Wi-Fi Radio Wave-Based Continuous Zero-Effort Two-Factor Authentication Utilizes Machine Learning

A novel and provably secure mutual authentication protocol for cloud environment using elliptic curve cryptography and fuzzy verifier

Design of Secure Mutual Authentication Scheme for Metaverse Environments Using Blockchain

Contact Info

Product

Resources

About