“…Therefore, we use informal and heuristic manner to analyze the security of the proposed scheme. We note that such a manner is widely accepted and used in the literature of multifactor authentication scheme [15,20,24,33,36,38,39,51]. Specifically, we show that our scheme can resist various well-known attacks, including replay attack, impersonation attack, offline password guessing attack, and known-key attack.…”
Section: Security Analysismentioning
confidence: 74%
“…To enhance the security of password-based authentication scheme, Chang and Wu [18] introduced password and smart card based two-factor remote user authentication scheme. Since then, a number of such schemes [19][20][21][22][23][24][25][26][27] have been proposed to improve the security and efficiency of this kind of authentication scheme. In general, these schemes fall into two types, i.e., using static identity or dynamic identity.…”
The rapid development of information and network technologies motivates the emergence of various new computing paradigms, such as distributed computing, cloud computing, and edge computing. This also enables more and more network enterprises to provide multiple different services simultaneously. To ensure these services can only be accessed conveniently by authorized users, many password and smart card based authentication schemes for multiserver architecture have been proposed. Recently, Truong et al. introduced an identity based user authentication scheme on elliptic curve cryptography in multiserver environment and claimed that their scheme is secure against popular attacks. However, in this paper, we point out that their scheme suffers from offline password guessing and impersonation attack and fails to achieve security requirements of this kind of authentication scheme. Moreover, we put forward a new scheme to conquer security pitfalls in the above scheme. Security analysis indicates that the proposed scheme can be free from well-known attacks. Performance discussion demonstrates that our scheme has advantages in terms of both security property and computation efficiency and thus is more desirable for practical applications in multiserver environment.
“…Therefore, we use informal and heuristic manner to analyze the security of the proposed scheme. We note that such a manner is widely accepted and used in the literature of multifactor authentication scheme [15,20,24,33,36,38,39,51]. Specifically, we show that our scheme can resist various well-known attacks, including replay attack, impersonation attack, offline password guessing attack, and known-key attack.…”
Section: Security Analysismentioning
confidence: 74%
“…To enhance the security of password-based authentication scheme, Chang and Wu [18] introduced password and smart card based two-factor remote user authentication scheme. Since then, a number of such schemes [19][20][21][22][23][24][25][26][27] have been proposed to improve the security and efficiency of this kind of authentication scheme. In general, these schemes fall into two types, i.e., using static identity or dynamic identity.…”
The rapid development of information and network technologies motivates the emergence of various new computing paradigms, such as distributed computing, cloud computing, and edge computing. This also enables more and more network enterprises to provide multiple different services simultaneously. To ensure these services can only be accessed conveniently by authorized users, many password and smart card based authentication schemes for multiserver architecture have been proposed. Recently, Truong et al. introduced an identity based user authentication scheme on elliptic curve cryptography in multiserver environment and claimed that their scheme is secure against popular attacks. However, in this paper, we point out that their scheme suffers from offline password guessing and impersonation attack and fails to achieve security requirements of this kind of authentication scheme. Moreover, we put forward a new scheme to conquer security pitfalls in the above scheme. Security analysis indicates that the proposed scheme can be free from well-known attacks. Performance discussion demonstrates that our scheme has advantages in terms of both security property and computation efficiency and thus is more desirable for practical applications in multiserver environment.
“…Proverif is an automatic cryptographic protocol verifier, which is widely used to specify and analyze the security of authenticated key agreement protocols [19][20][21][22][23].…”
Section: Simulation Verification Using a Proverif Toolmentioning
Abstract:The advancement of Wireless Body Area Networks (WBAN) have led to significant progress in medical and health care systems. However, such networks still suffer from major security and privacy threats, especially for the data collected in medical or health care applications. Lack of security and existence of anonymous communication in WBAN brings about the operation failure of these networks. Recently, Li et al. proposed a lightweight protocol for wearable sensors in wireless body area networks. In their paper, the authors claimed that the protocol may provide anonymous mutual authentication and resist against various types of attacks. This study shows that such a protocol is still vulnerable to three types of attacks, i.e., the offline identity guessing attack, the sensor node impersonation attack and the hub node spoofing attack. We then present a secure scheme that addresses these problems, and retains similar efficiency in wireless sensors nodes and mobile phones.
“…It is also certain that there is a need for an authentication server to verify and keep a check on all the authentications. At the same time, there must exist other equally secure ways of authentication so that the network can function even if the authentication server is unreachable [26,27]. A similar approach that implements hybrid authentication is presented in [22] which, discusses a multi-level model for authentication.…”
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.