In order to meet people’s demand for various types of network services,researchers have conducted extensive research on authentication schemes for multi-server architecture.Although various schemes have been proposed...In order to meet people’s demand for various types of network services,researchers have conducted extensive research on authentication schemes for multi-server architecture.Although various schemes have been proposed,most of them still have safety defects and fail to meet safety requirements.Recently,Haq et al presented an efficient Hash-based authenticated key agreement scheme for multi-server scheme and claimed that their scheme can withstand all well-known attacks.However,we find that their scheme is vulnerable to replay attack,tracking attack and malicious server impersonation user attack.Then we propose an improved scheme.We also analyze the security of the improved scheme and compare with Haq et al’s scheme in security and computational efficiency.Furthermore,we use the AVISPA(Automated Validation of Internet Security Protocols and Applications)tool to verify the security of the improved scheme.展开更多
During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure ...During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.展开更多
Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment ar...Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.展开更多
Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trad...Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trade and so on. Recently, Li et al. analyzed Lee et al.'s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication and the session key agreement against several kinds of attacks. In this paper, a cryptanalysis on Lee et al.'s scheme shows that Lee et al's protocol is also vulnerable to malicious server attack, stolen smart card attack and leak-of-verifier attack. Moreover, Li e/ al.'s improved protocol is also vulnerable to all these attacks. Further cryptanalysis reveals that Li et al.'s improved protocol is susceptible to collusion attack.展开更多
With the development of communication technologies,various mobile devices and different types of mobile services became available.The emergence of these services has brought great convenience to our lives.The multi-se...With the development of communication technologies,various mobile devices and different types of mobile services became available.The emergence of these services has brought great convenience to our lives.The multi-server architecture authentication protocols for mobile cloud computing were proposed to ensure the security and availability between mobile devices and mobile services.However,most of the protocols did not consider the case of hierarchical authentication.In the existing protocol,when a mobile user once registered at the registration center,he/she can successfully authenticate with all mobile service providers that are registered at the registration center,but real application scenarios are not like this.For some specific scenarios,some mobile service providers want to provide service only for particular users.For this reason,we propose a new hierarchical multi-server authentication protocol for mobile cloud computing.The proposed protocol ensures only particular types of users can successfully authenticate with certain types of mobile service providers.The proposed protocol reduces computing and communication costs by up to 42.6%and 54.2%compared to two superior protocols.The proposed protocol can also resist the attacks known so far.展开更多
Currently, smart card based remote user authentication schemes have been widely adopted due to their low cost and convenient portability. With the purpose of using various different internet services with single regis...Currently, smart card based remote user authentication schemes have been widely adopted due to their low cost and convenient portability. With the purpose of using various different internet services with single registration and to protect the users from being tracked, various dynamic ID based multi-server authentication protocols have been proposed. Recently, Li et al. proposed an efficient and secure dynamic ID based authentication protocol using smart cards. They claimed that their protocol provides strong security. In this paper, we have demonstrated that Li et al.’s protocol is vulnerable to replay attack, denial of service attack, smart card lost attack, eavesdropping attack and server spoofing attacks.展开更多
基金Supported by the Applied Basic and Advanced Technology Research Programs of Tianjin(15JCYBJC15900)。
文摘In order to meet people’s demand for various types of network services,researchers have conducted extensive research on authentication schemes for multi-server architecture.Although various schemes have been proposed,most of them still have safety defects and fail to meet safety requirements.Recently,Haq et al presented an efficient Hash-based authenticated key agreement scheme for multi-server scheme and claimed that their scheme can withstand all well-known attacks.However,we find that their scheme is vulnerable to replay attack,tracking attack and malicious server impersonation user attack.Then we propose an improved scheme.We also analyze the security of the improved scheme and compare with Haq et al’s scheme in security and computational efficiency.Furthermore,we use the AVISPA(Automated Validation of Internet Security Protocols and Applications)tool to verify the security of the improved scheme.
文摘During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.
基金This work is supported by the Sichuan education department research project(No.16226483)Sichuan Science and Technology Program(No.2018GZDZX0008)+1 种基金Chengdu Science and Technology Program(No.2018-YF08-00007-GX)the National Natural Science Foundation of China(No.61872087).
文摘Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.
基金supported by the Key Program of NSFC-Guangdong Union Foundation under Grant No.U1135002Young Foundation of Humanities and Social Sciences of MOE (Ministry of Education in China) of under Grant No.11YJCZH160Foundation for Young Scientists of Jiangxi Province of China under Grant No.20133BCB23016
文摘Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trade and so on. Recently, Li et al. analyzed Lee et al.'s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication and the session key agreement against several kinds of attacks. In this paper, a cryptanalysis on Lee et al.'s scheme shows that Lee et al's protocol is also vulnerable to malicious server attack, stolen smart card attack and leak-of-verifier attack. Moreover, Li e/ al.'s improved protocol is also vulnerable to all these attacks. Further cryptanalysis reveals that Li et al.'s improved protocol is susceptible to collusion attack.
基金This work is funded by the Chengdu Science and Technology Bureau No.2016-XT00-00015-GXthe Civil Aviation Administration of China No.PSDSA201802.
文摘With the development of communication technologies,various mobile devices and different types of mobile services became available.The emergence of these services has brought great convenience to our lives.The multi-server architecture authentication protocols for mobile cloud computing were proposed to ensure the security and availability between mobile devices and mobile services.However,most of the protocols did not consider the case of hierarchical authentication.In the existing protocol,when a mobile user once registered at the registration center,he/she can successfully authenticate with all mobile service providers that are registered at the registration center,but real application scenarios are not like this.For some specific scenarios,some mobile service providers want to provide service only for particular users.For this reason,we propose a new hierarchical multi-server authentication protocol for mobile cloud computing.The proposed protocol ensures only particular types of users can successfully authenticate with certain types of mobile service providers.The proposed protocol reduces computing and communication costs by up to 42.6%and 54.2%compared to two superior protocols.The proposed protocol can also resist the attacks known so far.
文摘Currently, smart card based remote user authentication schemes have been widely adopted due to their low cost and convenient portability. With the purpose of using various different internet services with single registration and to protect the users from being tracked, various dynamic ID based multi-server authentication protocols have been proposed. Recently, Li et al. proposed an efficient and secure dynamic ID based authentication protocol using smart cards. They claimed that their protocol provides strong security. In this paper, we have demonstrated that Li et al.’s protocol is vulnerable to replay attack, denial of service attack, smart card lost attack, eavesdropping attack and server spoofing attacks.
