SUAA: A Secure User Authentication Scheme with Anonymity for the Single &amp; Multi-server Environments

Lwamo, Nassoro M.R.; Zhu, Liehuang; Xu, Chang; Sharif, Kashif; Liu, Ximeng; Zhang, Chuan

doi:10.1016/j.ins.2018.10.037

Cited by 46 publications

(62 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is very cumbersome for a user to register with the server, which not only wastes user time but also wastes server resources. Many researchers have proposed various multi-server authentication schemes based on the shortcomings of the single-server authentication scheme [1], [2], [5]- [7].…”

Section: A Related Workmentioning

confidence: 99%

“…between the user (client) and the remote server. For example, only authorized private users can access resources stored in the cloud server [1], [2], [5], [6]. In order to deal with security, confidentiality and access rights, many documents have user authentication schemes for single-server environments [3], [4], [6].…”

Section: Introductionmentioning

confidence: 99%

“…In this case, single-server authentication scheme is more difficult, above all, for these users who need to register with each server separately. Besides, in order to overcome the multiregistration problem of numerous different servers, a multiserver user authentication scheme [1], [2], [5] is proposed.…”

Section: Introductionmentioning

confidence: 99%

“…There exist dozens of different general-purpose servers, such as accounting server, drug server, patient data server, and Web services server. Therefore, in recent two decades, the multi-server authentication scheme has been increasing becoming a research hotspot [1], [2], [5]- [7].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Secure Biometrics and PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments

Zhao

Bian

et al. 2020

IEEE Access

View full text Add to dashboard Cite

The emergence of multi-server authentication key protocol schemes provides a viable environment for users to easily access the services of multiple legitimate servers through a single registration. Biometric identification technology has the characteristics of forgery difficulty, duplication difficulty and guess difficulty, etc. Therefore, it is an indispensable authentication technology in smart card-based user authentication protocol. There are many shortcomings in the existing schemes based on biometrics, including leakages of biometrics information, smart card theft attack, lack of user anonymity, user impersonation attack, server impersonation, and so on. To overcome these shortcomings, we propose a new user authentication and key agreement scheme in the multi-server environment. To some extent, we not only are able to guarantee the communication security between the user and the servers, but also ensure the physical security of the smart card and biometrics information. In this respect, we use lightweight cryptographic primitives, such as Physically Unclonable Functions (PUFs), Fuzzy extractor and One-way hash functions, and so on. The proposed scheme can effectively protect user's anonymity without the use of password and provide mutual authentication and key agreement in the multi-server environment. Subsequently, we used informal analysis, Burrows-Abadi-Needham Logic (BAN-Logic) proof, and a widely accepted Real-Or-Random model to prove the security and robustness of proposed scheme. Finally, our authentication protocol can protect the security of communication.

show abstract

Section: A Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Secure Biometrics and PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments

Zhao

Bian

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Numerous schemes were proposed based on different cryptography technologies. Generally, the scheme using symmetric key cryptography [5][6][7][8][9][10][11][12][13][14] has better performance while it cannot achieve forward security. For the scheme using asymmetric cryptography [15][16][17][18][19][20][21][22][23], the balance between security and performance is a crucial problem.…”

Section: Introductionmentioning

confidence: 99%

A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment

Liang

Chu

2020

Symmetry

View full text Add to dashboard Cite

The integration of Internet of things (IoT) and cloud computing technology has made our life more convenient in recent years. Cooperating with cloud computing, Internet of things can provide more efficient and practical services. People can accept IoT services via cloud servers anytime and anywhere in the IoT-based cloud computing environment. However, plenty of possible network attacks threaten the security of users and cloud servers. To implement effective access control and secure communication in the IoT-based cloud computing environment, identity authentication is essential. In 2016, He et al. put forward an anonymous authentication scheme, which is based on asymmetric cryptography. It is claimed that their scheme is capable of withstanding all kinds of known attacks and has good performance. However, their scheme has serious security weaknesses according to our cryptanalysis. The scheme is vulnerable to insider attack and DoS attack. For overcoming these weaknesses, we present an improved authentication and key agreement scheme for IoT-based cloud computing environment. The automated security verification (ProVerif), BAN-logic verification, and informal security analysis were performed. The results show that our proposed scheme is secure and can effectively resist all kinds of known attacks. Furthermore, compared with the original scheme in terms of security features and performance, our proposed scheme is feasible.

show abstract

MACP: Multifactor Authentication using Physical Unclonable Function and Fuzzy Extractor based Chebyshev Polynomial for Industrial Internet of Things devices

Das

Afroz

Chandra

et al. 2022

Trans Emerging Tel Tech

View full text Add to dashboard Cite

The Internet of Things adapted by the industries, known as Industrial Internet of Things (IIoT), increases the production rate by reducing the risk factor. The wireless devices deployed in the open places are always susceptible to various attacks including cloning and physical attacks. Thus security of IIoT devices becomes the primary concern of these days. The resource constraint IIoT devices demand light weight security schemes to authenticate communicating devices and protect the privacy of industrial data. In this article, an authentication scheme with low computation and communication cost has been proposed using multiple factors, namely smart card, password, physical unclonable function (PUF), and fuzzy extractor. PUF helps in preventing the cloning of smart card and generates unique challenge‐response pairs to authenticate the smart devices. The environmental noise, produced by the operation of PUF, is extracted by the use of fuzzy extractor. Real‐or‐Random (ROR) model and Burrows‐Abadi‐Needham (BAN) logic has been used for formal security analysis of the proposed scheme, which is resilience against replay attack, man‐in‐the‐middle attack, masquerading, forgery and impersonation attacks, camouflage attack and offline password guessing attack. The performance evaluation has been done using Raspberry Pi, lunchbox, and a laptop. The simulation results show that the proposed scheme outperforms the existing methodologies in terms of end‐to‐end delay, throughput, packet loss, computation cost, and communication cost.

show abstract

SUAA: A Secure User Authentication Scheme with Anonymity for the Single & Multi-server Environments

Cited by 46 publications

References 38 publications

A Secure Biometrics and PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments

A Secure Biometrics and PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments

A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment

MACP: Multifactor Authentication using Physical Unclonable Function and Fuzzy Extractor based Chebyshev Polynomial for Industrial Internet of Things devices

Contact Info

Product

Resources

About