Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things

Maurya, Anup Kumar; Sastry, V. N.

doi:10.3390/info8040136

Cited by 30 publications

(20 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To implement and simulate the presented protocol on AVISPA, we focused on the main tool called Security Protocol Animator (SPAN) Version 1.6 on a computer system containing Windows 10 Enterprise operating system (64 bit), supported by Ubuntu 10.10 light on Virtual machine, Intel (R) Core (TM) i7-7500U CPU @ 2.70 GHz 2.90 GHz processor, and 8 GB RAM. We executed our proposal protocol considering a minimal number of components included in Server-Client/IoT (i.e., administrator, authentication server, and device) based on Dolev-Yao model with a restricted number of sessions, detected goal, On-the-Fly Model-Checker (OFMC) and Constraint-Logic based Attack Searcher (CL-AtSe) backend [40].…”

Section: Resultsmentioning

confidence: 99%

Efficient and Flexible Multi-Factor Authentication Protocol Based on Fuzzy Extractor of Administrator’s Fingerprint and Smart Mobile Device

Mohammed

Yassin

2019

Cryptography

View full text Add to dashboard Cite

In an era of tremendous development in information technology and the Internet of Things (IoT), security plays a key role in safety devices connected with the Internet. Authentication is vital in the security field, and to achieve a strong authentication scheme, there are several systems using a Multi-Factor Authentication (MFA) scheme based on a smart card, token, and biometric. However, these schemes have suffered from the extra cost; lost, stolen or broken factor, and malicious attacks. In this paper, we design an MFA protocol to be the authenticated administrator of IoT’s devices. The main components of our protocol are a smart mobile device and the fuzzy extractor of the administrator’s fingerprint. The information of the authenticated user is stored in an anomalous manner in mobile devices and servers to resist well-known attacks, and, as a result, the attacker fails to authenticate the system when they obtain a mobile device or password. Our work overcomes the above-mentioned issues and does not require extra cost for a fingerprint device. By using the AVISPA tool to analysis protocol security, the results are good and safe against known attacks.

show abstract

Section: Resultsmentioning

confidence: 99%

Efficient and Flexible Multi-Factor Authentication Protocol Based on Fuzzy Extractor of Administrator’s Fingerprint and Smart Mobile Device

Mohammed

Yassin

2019

Cryptography

View full text Add to dashboard Cite

show abstract

“…Park et al proposed a security-enhanced authentication and key agreement scheme to overcome the security weaknesses of Chang et al's scheme [6] by using biometric information and an elliptic curve cryptogrphy (ECC) [10]. However, Wang et al [17] and Maurya and Sastry [12] revealed that Park et al's scheme has security flaws. Moon et al showed how an adversary can impersonate a legitimate user or a sensor node, and proposed an improved authentication scheme [18].…”

Section: A Related Workmentioning

confidence: 99%

A Privacy-Preserving Authentication, Authorization, and Key Agreement Scheme for Wireless Sensor Networks in 5G-Integrated Internet of Things

Shin

Kwon

2020

IEEE Access

View full text Add to dashboard Cite

Wireless sensor networks (WSNs) have played an important role in the Internet of Things (IoT), and the 5G network is being considered as a major candidate for IoT's communication network with the advent of 5G commercialization. The potential of integrating WSNs and 5G in the IoT is expected to allow IoT to penetrate deeply into our daily lives and to provide various services that are convenient, but at the same time, it also brings new security threats. From this aspect, user authentication and key agreement are essential for secure end-to-end communication. As IoT devices, including sensors, collect and process more and more personal information, both anonymous authentication and authorization are also required to protect the privacy and to prevent anyone without privileges from accessing private data. Recently, Adavoudi-Jolfaei et al. proposed an anonymous three-factor authentication and access control scheme for real-time applications in WSNs. However, we found that this scheme does not provide sensor-node anonymity and suffers from user collusion and desynchronization attacks. In this paper, we introduce a system architecture by considering the integration of WSNs and 5G for IoT. Based on a cryptanalysis of Adavoudi-Jolfaei et al.'s scheme and the system architecture, we propose an elliptic curve cryptography (ECC)-based privacy-preserving authentication, authorization, and key agreement scheme for WSNs in 5G-integrated IoT. We conduct a formal and informal security analysis in order to demonstrate that the proposed scheme withstands various security attacks and guarantees all desired security features, overcoming the drawbacks of Adavoudi-Jolfaei et al.'s scheme. Finally, a performance and comparative analysis with the related schemes indicate that the proposed scheme is both efficient and more secure.

show abstract

“…They found numerous weaknesses in ISO/IEC 9798 standard protocols 66 . The Scyther tool has been used to analyze and verify the security claims of many new AKA protocols in order to formally verify secrecy claims and mutual authentication for the newly designed protocols 43, 53, 67–73 …”

Section: The Security Verification Via Scyther Toolmentioning

confidence: 99%

“…Because the proposed protocol is a two‐pass protocol and satisfies an entity authentication and key confirmation, we conclude that it is suitable for securing IoT devices in the sense that the improved YAK protocol reduces significantly the DoS attacks in IoT environment. In addition, the proposed protocol straightforwardly can be transformed into elliptic curve cryptography in order to enhance its efficiency in terms of communication bandwidth and computational complexity 42, 44–46, 71, 73 …”

Section: The Security Verification Via Scyther Toolmentioning

confidence: 99%

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Mohammad

2020

Int J Communication

View full text Add to dashboard Cite

Hao proposed the YAK as a robust key agreement based on public-key authentication, and the author claimed that the YAK protocol withstands all known attacks and therefore is secure against an extremely strong adversary. However, Toorani showed the security flaws in the YAK protocol. This paper shows that the YAK protocol cannot withstand the known key security attack, and its consequences lead us to introduce a new key compromise impersonation attack, where an adversary is allowed to reveal both the shared static secret key between two-party participation and the ephemeral private key of the initiator party in order to mount this attack. In addition, we present a new security model that covers these attacks against an extremely strong adversary. Moreover, we propose an improved YAK protocol to remedy these attacks and the previous attacks mentioned by Toorani on the YAK protocol, and the proposed protocol uses a verification mechanism in its block design that provides entity authentication and key confirmation. Meanwhile, we show that the proposed protocol is secure in the proposed formal security model under the gap Diffie-Hellman assumption and the random oracle assumption. Moreover, we verify the security of the proposed protocol and YAK protocol by using an automatic verification method such as the Scyther tool, and the verification result shows that the security claims of the proposed protocol are proven, in contrast to those of the YAK protocol, which are not proven. The security and performance comparisons show that the improved YAK protocol outperforms previous related protocols. K E Y W O R D Sauthenticated key agreement, cryptanalysis, eCK, formal security model, key compromise impersonation, known key security, Scyther tool | INTRODUCTIONAs a result of the rapid development in the Internet of Things (IoT)-related applications in daily life, which uses diverse communication devices, securing data has become a more challenging task. Due to a diverse powerful adversary for revealing secret information from a party's participation via the open communication model, many formal security models and automated verification tools have been developed for finding security flaws in proposed new protocols before implementing them in applications. Consequently, secret key distribution and user authentication became the most important security issues in IoT. Nowadays, the security proof and verification process of an Authenticated Key Agreement (AKA) protocol in the formal security model is important for successful IoT applications.Diffie-Hellman (DH) key exchange protocol is a fundamental building block to distribute a shared secret key over an insecure communication model, 1 which is based on the concept of asymmetric cryptography. The shared secret key is used to provide confidentiality, integrity, nonrepudiation, and authenticity for data during transmission over an untrusted communication model. An AKA protocol is based on a public key, wherein the two intended participating parties exchange static and ephemeral ...

show abstract

Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things

Cited by 30 publications

References 36 publications

Efficient and Flexible Multi-Factor Authentication Protocol Based on Fuzzy Extractor of Administrator’s Fingerprint and Smart Mobile Device

Efficient and Flexible Multi-Factor Authentication Protocol Based on Fuzzy Extractor of Administrator’s Fingerprint and Smart Mobile Device

A Privacy-Preserving Authentication, Authorization, and Key Agreement Scheme for Wireless Sensor Networks in 5G-Integrated Internet of Things

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Contact Info

Product

Resources

About