User authentication scheme preserving anonymity for ubiquitous devices

Djellali, Benchaa; Belarbi, Kheira; Chouarfia, Abdallah; Lorenz, Pascal

doi:10.1002/sec.1238

Cited by 14 publications

(17 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The security system is based on an infrastructure consisting of authority by domain. By modular composition, each authority is composed of entity of user authentication and entity of authorization for authenticated users to acces to the services provided by the pervasive network [4,8].…”

Section: Resultsmentioning

confidence: 99%

“…For that, it is difficult to definitely decide which mechanism is suitable for pervasive network. Despite all this, to allow only legitimate users in PCEs, securisation of interaction between mobile users and services can be performed by various methods namely ID-password-based authentication method, certificate-based authentication method, or biometric information-based authentication method [8].…”

mentioning

confidence: 99%

See 1 more Smart Citation

Design of Authentication Model Preserving Intimacy and Trust in Intelligent Environments

Djellali¹,

Chouarfia²,

Belarbi³

et al. 2015

NPA

Self Cite

View full text Add to dashboard Cite

With the recent advances in communication technologies for low-power devices, pervasive computing environments (PCE) spread as new domains beyond legacy enterprise and personal computing. The intelligent home network environment is thing which invisible device that is not shown linked mutually through network so that user may use device always is been pervasive. Smart devices are interconnected and collaborate as a global distributed system to infuse intelligence into systems and processes. This kind of environment provides various smart services and makes consequently an offer of convenient, pleasant, and blessed lives to people. However, the risk is high as long as the offer is pleasant and convenient. In such context, security is still very fragile and there is often a violation of user privacy and service interference. For this, a special interest in ubiquitous network security is going up. Safety lies primarily in the authentication of users accessing the network. It guarantees that only legitimate users can login and access to services indoor the network. In this paper, we propose an anonymous authentication and access control scheme to secure the interaction between mobile users handling smart devices and smart services in PCEs. In an environment based on public key infrastructure (PKI) and Authentication, Authorization, and Accounting (AAA), the proposed authentication protocol combines both network authentication technique based on symmetric keys and single sign-on mechanisms. The authentication protocol is simple and secure, protects the privacy of user and aims to satisfy the security requirements.

show abstract

Section: Resultsmentioning

confidence: 99%

mentioning

confidence: 99%

Design of Authentication Model Preserving Intimacy and Trust in Intelligent Environments

Djellali¹,

Chouarfia²,

Belarbi³

et al. 2015

NPA

Self Cite

View full text Add to dashboard Cite

show abstract

“…In this paper, user‐defined privacy is his identity and the number of his entrance to server. Forward security: When a user is out of the network (or it is revoked) and he is not a member of the network anymore, he should not retrieve the encrypted messages after leaving or revocation. In fact, this means that the set keys in the next meetings must be independent of the set keys in the previous ones Backward security: Regarding to backward security, a user is not able to decrypt the previous messages with current keys as soon as key updating …”

Section: Preliminariesmentioning

confidence: 99%

“…In fact, this means that the set keys in the next meetings must be independent of the set keys in the previous ones Backward security: Regarding to backward security, a user is not able to decrypt the previous messages with current keys as soon as key updating Unforgeability: No one including

scriptA

with stolen smart card or even server can forge messages sent by users or user's identities even by their smart card or server …”

Section: Preliminariesmentioning

confidence: 99%

Provable analysis and improvement of smart card–based anonymous authentication protocols

Far

Alagheband

2018

Int J Communication

View full text Add to dashboard Cite

Summary Nowadays, authentication protocols are essential for secure communications specially for roaming networks, distributed computer networks, and remote wireless communication. The numerous users in these networks rise vulnerabilities. Thus, privacy‐preserving methods have to be run to provide more reliable services and sustain privacy. Anonymous authentication is a method to remotely authenticate users with no revelation about their identity. In this paper, we analyze 2 smart card–based protocols that the user's identity is anonymous. However, we represent that they are vulnerable to privileged insider attack. It means that the servers can compromise the users' identity for breaking their privacy. Also, we highlight that the Wen et al protocol has flaws in both stolen smart card and stolen server attacks and the Odelu et al protocol is traceable. Then, we propose 2 modified anonymous authentication protocols. Finally, we analyze our improved protocols with both heuristic and formal methods.

show abstract

“…In 2016, Kang et al [44] showed that Djellali et al 's scheme [45] suffers from offline dictionary attack, impersonation attack, and replay attack and then developed an enhanced scheme that achieves user anonymity with a Markov chain; and Kaul et al [46] also designed an improved authentication scheme based on Kumari et al 's scheme [34]. These schemes all claim to be resistant to various attacks, such as offline dictionary attack and impersonation attack.…”

Section: Our Contributionsmentioning

confidence: 99%

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Wang¹,

Xu²

2017

Security and Communication Networks

View full text Add to dashboard Cite

Remote user authentication is the first step to guarantee the security of online services. Online services grow rapidly and numerous remote user authentication schemes were proposed with high capability and efficiency. Recently, there are three new improved remote user authentication schemes which claim to be resistant to various attacks. Unfortunately, according to our analysis, these schemes all fail to achieve some critical security goals. This paper demonstrates that they all suffer from offline dictionary attack or fail to achieve forward secrecy and user anonymity. It is worth mentioning that we divide offline dictionary attacks into two categories: (1) the ones using the verification from smart cards and (2) the ones using the verification from the open channel. The second is more complicated and intractable than the first type. Such distinction benefits the exploration of better design principles. We also discuss some practical solutions to the two kinds of attacks, respectively. Furthermore, we proposed a reference model to deal with the first kind of attack and proved its effectiveness by taking one of our cryptanalysis schemes as an example.

show abstract

User authentication scheme preserving anonymity for ubiquitous devices

Cited by 14 publications

References 36 publications

Design of Authentication Model Preserving Intimacy and Trust in Intelligent Environments

Design of Authentication Model Preserving Intimacy and Trust in Intelligent Environments

Provable analysis and improvement of smart card–based anonymous authentication protocols

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Contact Info

Product

Resources

About