Secure ECC-Based Three-Factor Mutual Authentication Protocol for Telecare Medical Information System

Ryu, JongSeok; Oh, Jihyeon; Kwon, Deokkyu; Son, Seunghwan; Lee, Joonyoung; Park, YoHan

doi:10.1109/access.2022.3145959

Cited by 63 publications

(23 citation statements)

References 44 publications

(56 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ECC, which employs an elliptic curve over a large finite field, provides better security performance with smaller key sizes than existing public-key cryptography techniques [30], [31]. Assume that p is a large prime, F p represents prime fields, u, r ∈ F p , and 4u 3 + 27r 2 ̸ = 0 (mod p).…”

Section: B Elliptic Curve Cryptographymentioning

confidence: 99%

Design of Secure Mutual Authentication Scheme for Metaverse Environments Using Blockchain

et al. 2022

Self Cite

View full text Add to dashboard Cite

During the COVID-19 pandemic, engagement in various remote activities such as online education and meetings has increased. However, since the conventional online environments typically provide simple streaming services using cameras and microphones, there have limitations in terms of physical expression and experiencing real-world activities such as cultural and economic activities. Recently, metaverse environments, three-dimensional virtual reality that use avatars, have attracted increasing attention as a means to solve these problems. Thus, many metaverse platforms such as Roblox, Minecraft, and Fortnite have been emerging to provide various services to users. However, such metaverse environments are potentially vulnerable to various security threats because the users and platform servers communicate through public channels. In addition, sensitive user data such as identity, password, and biometric information are managed by each platform server. In this paper, we design a system model that can guarantee secure communication and transparently manage user identification data in metaverse environments using blockchain technology. We also propose a mutual authentication scheme using biometric information and Elliptic Curve Cryptography (ECC) to provide secure communication between users and platform servers and secure avatar interactions between avatars and avatars. To demonstrate the security of the proposed mutual authentication scheme, we perform informal security analysis, Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Applications (AVISPA). In addition, we compare the computation costs, communication costs, and security features of the proposed scheme with existing schemes in similar environments. The results demonstrate that the proposed scheme has lower computation and communication costs and can provide a wider range of security features than existing schemes. Thus, our proposed scheme can be used to provide secure metaverse environments.

show abstract

Section: B Elliptic Curve Cryptographymentioning

confidence: 99%

Design of Secure Mutual Authentication Scheme for Metaverse Environments Using Blockchain

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…• A has a dictionary of the identity and password, and can attempt to guess a legitimate user's identity and password simultaneously. • An attacker can attempt security attacks such as session key disclosure, MITM, and impersonation attacks [28], [29].…”

Section: B Threat Modelmentioning

confidence: 99%

On the Design of a Privacy-Preserving Communication Scheme for Cloud-Based Digital Twin Environments Using Blockchain

et al. 2022

Self Cite

View full text Add to dashboard Cite

Digital twin technology is recently in the spotlight because of its potential applicability in business and industry. In digital twin environments, data generated from physical assets are transmitted to a remote server, which performs simulations through digital twins in a virtual space. Then, the simulation results can be shared with the data owner or other users. However, several challenges exist in the application of digital twin technology in the real world. One of the main challenges involves determining how to share real-time data for the simulation and how to share the simulation data securely. The data generated from physical assets may include sensitive information from data owners, and the leakage of data to an adversary can cause serious privacy problems. Moreover, the sharing of data with other data users should also be considered to maximize the availability of digital twin data. To resolve these issues, we propose a system model for the secure sharing of digital twin data. The proposed system model uses cloud computing for efficient data sharing and blockchain for data verifiability. We also propose communication schemes for the proposed model to guarantee privacy preservation and data security in wireless channels. We analyze the security of the proposed protocol using informal methods and formal methods such as BAN logic and the AVISPA simulation tool. Furthermore, we compare the proposed protocol with related protocols and demonstrate that the proposed scheme is applicable to digital twin environments.

show abstract

“…• The adversary can obtain session-specific temporary information, such as a random nonce generated in each session [31]. • The adversary can extract the sensitive information stored in the user smart card or the home device using a power analysis attack [32]. • The adversary can register as a legitimate user of the smart home.…”

Section: E Threat Modelmentioning

confidence: 99%

A Secure and Anonymous User Authentication Scheme for IoT-Enabled Smart Home Environments Using PUF

Cho

Kwon

et al. 2022

IEEE Access

Self Cite

View full text Add to dashboard Cite

With the continuous development of Internet of Things (IoT) technology, research on smart home environments is being conducted by many researchers. In smart home environments, home users can remotely access and control a variety of home devices such as smart curtains, lights, and speakers placed throughout the house. Despite providing convenient services, including home monitoring, temperature management, and daily work assistance, smart homes can be vulnerable to malicious attacks because all messages are transmitted over insecure channels. Moreover, home devices can be a target for device capture attacks since they are placed in physically accessible locations. Therefore, a secure authentication and key agreement scheme is required to prevent such security problems. In 2021, Zou et al. proposed a two-factor-based authentication and key agreement scheme using elliptic curve cryptography (ECC) in smart home environments. They claimed that their scheme provides user anonymity and forward secrecy. However, we prove that their scheme suffers from forgery, ephemeral secret leakage, and session key disclosure attacks. To overcome the security vulnerabilities of Zou et al.'s scheme and provide home users with secure communication in smart home environments, we propose a secure user authentication scheme using physical unclonable functions (PUF). We utilize Real-or-Random (ROR) model and Burrows-Abadi-Needham (BAN) logic to verify the session key security and mutual authentication of the proposed scheme, respectively. Furthermore, we use the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to simulate the resistance of our scheme to security attacks. After that, we analyze and compare the communication costs, computational consumption, and security functionalities along with related schemes.

show abstract

Secure ECC-Based Three-Factor Mutual Authentication Protocol for Telecare Medical Information System

Cited by 63 publications

References 44 publications

Design of Secure Mutual Authentication Scheme for Metaverse Environments Using Blockchain

Design of Secure Mutual Authentication Scheme for Metaverse Environments Using Blockchain

On the Design of a Privacy-Preserving Communication Scheme for Cloud-Based Digital Twin Environments Using Blockchain

A Secure and Anonymous User Authentication Scheme for IoT-Enabled Smart Home Environments Using PUF

Contact Info

Product

Resources

About