An Anonymous Device to Device Authentication Protocol Using ECC and Self Certified Public Keys Usable in Internet of Things Based Autonomous Devices

Alzahrani, Bander A.; Chaudhry, Shehzad Ashraf; Barnawi, Ahmed; Al-Barakati, Abdullah; Shon, Taeshik

doi:10.3390/electronics9030520

Cited by 21 publications

(24 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They analyzed and revealed security pitfalls of protocols by Islam and Biswas [7] and Mandal et al [8]. In this article, we demonstrate that the protocol proposed by Alzahrani et al [6] suffers from some problems in design and is insecure against insider attacks, key compromise attack, and fails to provide anonymity. On the other hand, the proposed protocol by Li et al [9] for D2D-based communication is elaborated here and is shown to be vulnerable against key compromise attack and replay attack.…”

Section: Introductionmentioning

confidence: 68%

See 1 more Smart Citation

A Secure Anonymous D2D Mutual Authentication and Key Agreement Protocol for IoT Environments

Hajian

Haghighat

Erfani

2021

Preprint

View full text Add to dashboard Cite

Internet of Things (IoT) is a developing technology in our time that is prone to security problems as it uses wireless and shared networks. A challenging scenario in IoT environments is Device-to-Device (D2D) communication that an authentication server as a trusted third-party, does not involve in the authentication and key agreement process. It is only involved in the process of allocating long-term secret keys and their update. A lot of authentication protocols have been suggested for such situations. This article demonstrated that three state-of-the-art related protocols failed to remain anonymous, insecure against key compromise impersonation (KCI) attack, and clogging attack. To counter the pitfalls of them, a new D2D mutual authentication and key agreement protocol is designed here. The proposed protocol is anonymous, untraceable, and highly secure. Moreover, there is no need for a secure channel to generate a pair of private and public keys in the registration phase.) Formal security proof and security analysis using BAN logic, Real-Or-Random (ROR) model, and Scyther tool showed that our proposed protocol satisfied security requirements. Furthermore, communication cost, computation cost, and energy consumption comparisons denoted our schema has better performance, compared to other protocols.

show abstract

Section: Introductionmentioning

confidence: 68%

“…Also, Chaudhry et al' protocol [10] cannot counter the clogging attack. Thus, a novel protocol for D2D communications without the presence of a trusted third party to improve protocols by Alzahrani et al [6], Chaudhry et al [10], and Li et al [9] is proposed here. The proposed protocol is highly efficient and secure.…”

Section: Introductionmentioning

confidence: 99%

A Secure Anonymous D2D Mutual Authentication and Key Agreement Protocol for IoT Environments

Hajian

Haghighat

Erfani

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Key Compromise Impersonation Attacks. Key compromise impersonation attacks [38] mean that adversary A knows the long-term key of one entity and tries to impersonate the other entity. Here, we assume that A obtains the longterm private key x of GWN.…”

Section: Cryptanalysis Of Wu Et Al's Protocolmentioning

confidence: 99%

A Provably Secure Three-Factor Authentication Protocol for Wireless Sensor Networks

Yang

Lee

Chu

et al. 2021

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

The wireless sensor network is a network composed of sensor nodes self-organizing through the application of wireless communication technology. The application of wireless sensor networks (WSNs) requires high security, but the transmission of sensitive data may be exposed to the adversary. Therefore, to guarantee the security of information transmission, researchers propose numerous security authentication protocols. Recently, Wu et al. proposed a new three-factor authentication protocol for WSNs. However, we find that their protocol cannot resist key compromise impersonation attacks and known session-specific temporary information attacks. Meanwhile, it also violates perfect forward secrecy and anonymity. To overcome the proposed attacks, this paper proposes an enhanced protocol in which the security is verified by the formal analysis and informal analysis, Burross-Abadii-Needham (BAN) logic, and ProVerif tools. The comparison of security and performance proves that our protocol has higher security and lower computational overhead.

show abstract

“…Furthermore, as the adaption of e-Healthcare increases, the need of patient-privacy should be the first priority as all the communication is taking place through public channel [6], [7]. To prevent various threats, an authentication scheme can be implemented to ensure that TMIS are only accessed by legitimate users [8]- [11]. Recently, Wu et al [12] introduced a two-factor authentication scheme by employing smart-card and password for TMIS.…”

Section: Introductionmentioning

confidence: 99%

ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments

et al. 2020

Self Cite

View full text Add to dashboard Cite

A variety of three-factor smart-card based schemes, specifically designed for telecare medicine information systems (TMIS) are available for remote user authentication. Most of the existing schemes for TMIS are customarily proposed for the single server-based environments and in a single-server environment. Therefore, there is a need for patients to distinctly register and login with each server to employ distinct services, so it escalates the overhead of keeping the cards and memorizing the passwords for the users. Whereas, in a multi-server environment, users only need to register once to resort various services for exploiting the benefits of a multi-server environment. Recently, Barman et al. proposed an authentication scheme for e-healthcare by employing a fuzzy commitment and asserted that the scheme can endure many known attacks. Nevertheless, after careful analysis, this paper presents the shortcoming related to its design as well as it is to prove in this paper that the scheme of Barman et al. is prone to many attacks including: server impersonation, session-key leakage, user impersonation, secret temporary parameter leakage attacks as well as its lacks user anonymity. Moreover, their scheme has the scalability issue. In order to mitigate the aforementioned issues, this work proposes an amended three-factor symmetric-key based secure authentication and key agreement scheme for multi-server environments (ITSSAKA-MS). The security of ITSSAKA-MS is proved formally under automated tool AVISPA along with a security feature discussion. Although, the proposed scheme requisites additional communication and computation costs, but the informal and automated formal security analysis indicate that only proposed scheme withstands several known attacks as compared with recent schemes. INDEX TERMS Authentication and key-agreement (AKA), AVISPA tool, E-Healthcare, Fuzzy commitment scheme, Multi-server authentication, Telecare medicine information system (TMIS).

show abstract

An Anonymous Device to Device Authentication Protocol Using ECC and Self Certified Public Keys Usable in Internet of Things Based Autonomous Devices

Cited by 21 publications

References 37 publications

A Secure Anonymous D2D Mutual Authentication and Key Agreement Protocol for IoT Environments

A Secure Anonymous D2D Mutual Authentication and Key Agreement Protocol for IoT Environments

A Provably Secure Three-Factor Authentication Protocol for Wireless Sensor Networks

ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments

Contact Info

Product

Resources

About