An efficient and secure multi-server authentication scheme with key agreement

The uses of wireless sensor networks have increased to be applicable in many different areas, such as military applications, ecology, and health applications. These applications often include the management of confidential information, making the issue of security one of the most important aspects to consider. In this aspect, a user authentication mechanism that allows only legitimate users to access the network data becomes critical for maintaining the confidentiality and integrity of the network information. In this paper, we describe and cryptoanalyze previous works in user authentication to illustrate their vulnerabilities and security flaws. We then propose a robust user authentication scheme that solves the identified limitations. Additionally, we describe how the proposed protocol is more suitable for a secure sensor network implementation by analysis in terms of security and performance.

show abstract

“…BAN logic has been widely used in different works such as [18][19][20] to reason about their security validation.…”

Section: Formal Proof Based On Ban Logicmentioning

confidence: 99%

A Security-Performance-Balanced User Authentication Scheme for Wireless Sensor Networks

Yoo

Park

Kim

2012

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

show abstract

“…Focusing on the multi-server environment, in the last decade, some authors have introduced smart card based authentication schemes which migrate verification parameters to a personal device [2][3][4][5][6][7][8][9][10][11]. Lin et al [2] proposed an offline password changing scheme utilizing time stamps and the discrete logarithm problem.…”

Section: Introductionmentioning

confidence: 99%

An Untraceable Biometric-Based Multi-server Authenticated Key Agreement Protocol with Revocation

Chang

Nguyen

2016

Wireless Pers Commun

View full text Add to dashboard Cite

Online access has been widely adopted to distribute diversified services to customers. In this architecture, public channels are utilized to exchange information between end users and remote servers at anytime and anywhere. To achieve confidentiality and integrity for transferred data, the related parties have to authenticate each other and negotiate a secret session key to encrypt and decrypt exchanged messages. Since the Lamport's pioneering authentication work in 1981, numerous mechanisms have been proposed to enhance security as well as reduce computation and payload data. Recently, Chuang and Chen proposed a multi-server authenticated agreement protocol employing a smart card and biometric data to eliminate the weaknesses caused by parameters related to low-entropy human-memorable passwords that are stored in a physical location. However, Mishra et al. showed that Chuang and Chen's protocol is not only vulnerable to multiple attacks but also suffers from the drawback of variation of biometric data. To overcome these weaknesses, they proposed an enhanced three-factor authenticated key agreement protocol using the low-error rate Biohashing technique. Unfortunately, we found that Mishra et al.'s scheme is also vulnerable to the denial-of-service attack, the traceable user attack, the impersonation attack, and the pre-shared key attack. Furthermore, the protocol does not provide any user revocation mechanism to control user accesses. In this novel untraceable authenticated key agreement scheme, we adopt the Hamming distance to verify encrypted Biohash codes and a public-key technique to construct the revocation mechanism. Our scheme achieves not only zero errors of biometric verification but also secure against all known attacks.

show abstract

“…In 2012, Tsaur et al's scheme [11] proposed a mutual authentication and key agreement scheme in a multi-server environment and in 2013, Xu et al's [12] proposed a scheme that can dynamically change the user identifier of each session. However, when user using the services server, there is a problem that user must be re-registered again.…”

Section: Introductionmentioning

confidence: 99%