Beruflich Dokumente
Kultur Dokumente
i. Denial of Service: A Denial of Service (DoS) attack occurs when the attacker
makes a resource inaccessible to users, such as to suspend services of a host 4.1. Precomputation phase
connected to the internet. In this at- tack, attacker floods the network with traffic by
a private key. The pri- vate key is kept secret and public key is announced. The
The parameters are initialized by the server in offline mode. The server proposed scheme uses the lightweight cryptographic hash function and is defined
generates a prime U, an integer V such that U × V and“h: {0, 1} ∗ → {0, 1} l , where l i s the output length of h( • )” .
≡ 1(mod(p −1)(q − 1)) as:
computes V ≡ U − 1 (mod(p −1)(q − 1)). SR considers U a s the public key and V a s
98 G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106
{MV i , h( • )} in a smart card SC and is issued to the user U i via a secure Auth 2 = h(MID i || MV i || T 1 ) R 2 . The message {MID i , Auth 1 , Auth 2 , T 1
} is sent to the server.
channel. Step R3: Upon receiving the smart card SC, user U i com- putes X i =
h(username i || MPW i ),
Y i =
h(username i ||
PW i ),
Z i =
MV i X
i , A i =
h(username i MPW
i ),
B i =
R 1 Y
i . The computed parameter MV i is
deleted .4. Authentication phase
from the memory of the smart card by the user. U i stores {Z i , A i , B i , h( •
)} into the smart card SC. In this phase, the server and the user mutually authenticate each other.
After successful authentication, a shared secret ses- sion key is generated. The
4.3. Login phase workflow of the authentication phase is shown in Fig. 4 . The authentication
rocess consists of following steps:
In this phase, the user U i submits a login request to the server. Fig.
3 . summarizes the login phase. To initiate a session following steps are performed. Step A1: Upon receiving login message, the server SR gener- ates current
timestamp T 1 and
verifies if (T 1 –
T 1 ) ≤ △ T ?. This condition ensures it sends message {Auth 3 , Auth 4 , T 2 } to U i . Step A4: U
pon receiving the
resilience against replay attacks. If the condition doesn’t hold, the authenticationmessage < A
uth , Auth , T > , the SC firstly verifies the authenticity of
3 4 2
process is terminated. Else, if the condition holds SR computes MV i = h(MID timestamp.
i SC generates current timestamp T 2 . SC verifies if (T 2 – T 2 ) ≤ △
|| V) and extracts R 2 from Auth 2 , R 2 = Auth 2 h(MID i || MV i ||T 1 ). Step A2:T ?. If the condition fails, the session is terminated. Otherwise, SC computes R
3
Further, server computes Auth 1 = h(R 2 || MV i || T 1 ) and verifies if Auth 1 ? = = R 2 Auth 3 , S Key =
h(MID i ||
R 2 ||
R 3 ||
T 1 ||
T 2 ) and Auth 4 =
h(S Key ||
Auth 1 . If the verification holds, the remote server confirms that the user is a MV || R || T || R || T ). It checks if Auth ? = Auth . If verification holds
i 3 1 2 2 4 4
legitimate user and the process moves to the next phase. Otherwise, SR aborts
true, the user U i and the remote server SR is mutually authenticated and the
the authentication process. Step A3: SR generates a random R 3 at current process continues. Otherwise, the session is terminated.
timestamp T 2 and computes a secret session key S Key = h (MID i || R 2 || R 3 || T
1 ||
T 2 ),
Auth 3 =
R 2 R
3 , Auth 4 =
h(S Key ||
MV i ||
R 3 ||
T 1 ||
R 2 ||
T 2 ).
Then,
encrypted with the session key S Key . submits new password PW i ∗ to the SC. Step P4: Upon receiving the new
password, SC com- putes MPW i ∗ = h(R 1 || PW i ∗ ), X i ∗ =
h(username i ||
4.5. Password change phase
MPW i ∗ ), Y i ∗ = h(username i || PW i ∗ ), Z i ∗ = MV i X
i ∗ , A
i ∗ = h(username i
The proposed scheme permits authorized user to update his password.MPW i ∗ i ∗ . The smart card
), B i ∗ = R 1 Y
The smart card authenticates the user before initiating the password updating
process. The user can choose the password of his/her choice. This phase is essential replaces previously stored parameters {Z i , A i , B i } with {Z i ∗ , A
i ∗ , B i
as updating the password regularly helps in achieving high security. The steps
∗
required to change the password are: }.
Step P1: The user inserts his smart card SC and enters his iden- 4.6. Smart card revocation phase
Step S1: User U i requests the server SR for the revocation of a smart card. h(username i MPW
i ),
B i =
R 1 Y
i . The computed parameter MV i is
deleted
Before initiating the process, the server SR au- thenticates the credentials of stores {Z i , A i , B i
from the memory of the smart card. Now, smart card SC new
user such as verifies imprinted biometrics or secret values known to U i . Step , h( • )}.
S2: If the revocation request of the user is successfully ver- ified, U i chooses a
password PW i of
his/her choice and gen- erates a random number R 1 . U i
5. Security analysis based on threat model
computes a masked identity MID i = h(R 1 || username i ) and a masked
Rigorous analysis based on the threat model of the proposed scheme has
password MPW i = h(R 1 || PW i ). The user sends the message {MID i } to the
been performed. The analysis confirms that the pro- posed scheme is resistant
re- mote server SR via a secure channel. Step S3: The server receives the new
against all the major network attacks.
registration request mes- sage and computes MV i = V), where V is
h(MID i ||
G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106 9 9
100 G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106
Fig. 4. Authentication phase.
5.1. Resistant to the forgery attack The proposed scheme is resistant to the replay attack. An ad-
y J may record the transmitted messages from the previous session and
The proposed scheme is resistant to user forgery attack. An smits messages later to the server. The scheme employs timestamp which
eavesdropper may intercept the ongoing communication between the legitimate s replay attack by detecting the delay in transmission time. Assume an
entities and submits again to act as an authentic user. Assume an adversary J sary retransmits the
records the message {MID i , Auth 1 , Auth 2 , T 1 } sent by the user during the login ntercepted message. However, the proposed scheme resists the re- play attack as: J
phase. Adversary J can- not forge as an authentic user as to compute a valid login ecords the login request {MID i , Auth 1 , Auth 2 , T 1 }. J starts a new session by
request, J must have prior knowledge of parameters PW i and R 1 . These pa- ending Auth 1 = h(R 2 ||
MV i ||
T 1 ),
Auth 2 =
h(MID i ||
MV i ||
T 1 ) R 2 . Firstly,
rameters are never transmitted, so J c annot successfully generate a valid message. s the scheme employs timestamps, the requested will be aborted. J d ecrypting all
aram- eters using power analysis attack in real polynomial time is not possible,
5.2. Resistant to the replay attack hus causing delay in transmission which will be detected by the remote server.
Secondly, Auth 3 is
n adversary J records two messages: request message {MID i , Auth 1 , Auth 2 , T 1
encrypted using collision- resistant, secure one-way hash
function h( • ). It is not possible to obtain MV i without
and response message {Auth 3 , Auth 4 , T 2 } to guess the password PW i or
prior knowledge of the
private key V of the remote server SR. nique identity username i of the le- gitimate user. However, it is not possible for J
o generate valid
5.3. Resistant to the password guessing attack
5.4. Resistant to the session key disclosure attack 8. Resistant to the server spoofing attack
The proposed scheme is resistant to session key disclosure at- tack. The proposed scheme is resistant to server spoofing attack. In order to
Assume an adversary J l istens to the ongoing communication and records login
itate as an authentic server SR, adversary J tries to forge a valid response
message {MID i , Auth 1 , Auth 2 , T 1 }, authentica- tion request {Auth 3 , Auth 4 , Tssage {Auth 3 , Auth 4 , T 2 } transmitted by the server. To generate a valid
and response {AuthS Key , T 3 }.
2} Firstly, J c annot extract S Key from
AuthS Key as
ust have knowledge of the server’s private key V , identity of user
ssage, J m
AuthS Key is
secured by the collision-resistant one-way hash function h( • ername
). i , masked pas- soword MPW i to
successfully compute Auth 3 , Auth 4 as
and R 3 . The parameters username i and PW i are never transmit- ted and cannot be
, R 2 = Auth 2 h(MID i || MV i || T 1 ). These parameters are never transmitted. So
extracted by adversary as they are encrypted by one-way hash function h( • ). s impossible to generate a legal response mes- sage.
5.9. Resistant to the parallel session attack
The proposed scheme is resistant to insider attack. Assume an adversary J intercepts the login request message {MID i , Auth 1 , Auth 2 , T 1 }
transmitted in previous session and transmits it again. As the scheme employs
adversary J at server SR attains masked identity MID i . The unique identity of the
timestamps, the timestamp is dif- ferent in every session. The eavesdropped
U i is
hashed with a random nonce i.e. MID i = h(R 1 ||
username i ) in the message will surely be invalid in another session.
registration phase. However, J c annot success- fully derive identity username i and
R 1 as
the hash function are irreversible, no malicious user can decrypt information 5.10. User anonymity
from the hash value. Moreover, MID i is not used to generate any parameter in the
authentication process. Thus, J c annot retrieve any parame- ter using parameter The proposed scheme ensures user anonymity. The eavesdrop- per may
MID i . listen to the ongoing exchange of messages between the user and the remote server.
The identity of the user must be kept secret from the eavesdropper. The proposed
scheme employs the masked identity MID i which
is random. Firstly, the identity of
5.6. Resistant to the denial of service attack
the user username i is never communicated. Thus, no eavesdropper can acquire the
The proposed scheme is resistant to denial of service attack. In the unique identity. However, even if an eavesdropper ob- tains MID i but
he cannot
proposed scheme, the remote server verifies the authenticity of username i and decrypt further messages using it as no authentication parameter uses MID i .
password PW i of
the user. Furthermore, the pro- posed scheme uses timestamps Secondly, all parameters are protected using one-way hash function h( • ), thus, it
which mitigates any momentous request. is impossible to retrieve information. Moreover, the identity of the user is con-
catenated with a random nonce thus, making it unique in every session.
5.7. Resistant to the stolen smart card attack 5.11. Mutual authentication
The proposed scheme is resistant to stolen smart card attack. The The proposed scheme ensures mutual authentication. The au- thenticity of
smart card SC stores parameters {Z i , A i , B i , h( • )}. Assume an adversary J i s the user is verified by the server and similarly, au- thenticity of the remote server is
successful in stealing the smart card and attempts submit a valid login request verified by the user before grant- ing any access. The proposed scheme mutually
{MID i , Auth 1 , Auth 2 , T 1 }. For this, J has to successfully compute MV i = authenticates both the user U i and the server SR.
previous sessions using the known parameter.
5.12. Key freshness
5.14. Freely select password
The proposed scheme ensures freshness of key. In the proposed scheme,
after mutual authentication session key S Key = h(MID i ||
R 2 ||
R 3 ||
T 1 ||
T 2 ) is The proposed scheme allows the user to freely choose a pass- word of
generated. The generated session key in- cludes a fresh random number R 3 and his/her choice. Password is crucial from login and authen- tication perspective. The
password must be updated at regular in- tervals to ensure high security. In the
timestamps T 1 , T 2 . Thus, in every session a unique and fresh key is generated.
proposed scheme, the user can update his/her password freely.
Step1: Firstly, the scheme is written in HLPSL. Step2: The HLPSL code is
translated in Intermediate Format (IF)
automatically using HLPSL2IF translator. Step3: The IF
specification is given as input to the back-ends.
st. SR computes parameters and submits {Auth4’, Auth5’, T2’} to the user
After the execution of IF, the back-end shows the simulation re- SND operation and symmetric key SyKus. SR generates session key and
sults of the scheme by analysing to Output Format (OF), showing whether the es it.
scheme is safe or unsafe. The back-ends also confirm the security attributes of the The role of environment and session of the proposed scheme are
scheme such as resilience against re- play attacks, authentication, and secrecy of n in Fig. 7 and Fig. 8 respectively. The environment role consists of the global
keys. ants and a composition of sessions.
ig. 7. Role specification in HLSPL for the goal and environment of the proposed scheme.
Fig. 9. The result of the analysis using CL-AtSe and OFMC of proposed scheme.
Notation Description
T H Computational
complexity to execute hash function T E Computational complexity to execute exponential
Security attributes Song [20] Sood et al. [21] Chen et al. [23] Jiang et al. [26] Mishra et al. [27] Proposed scheme
T E 7T H Authentication phase 6T H + T S + T E 4T H + T M + 2T E 6T H + T M + T E 6T H + 2T E 6T H + 3T E 9T H Password change phase 8T H + 2T S + T E 4T H
+ 5T M + 7T E 6T H + 5T M + 5T E 6T H + 3T M + 7T E 11T H + 4T E 9T H
Security features Song [20] Sood et al. [21] Chen et al. [23] Jiang et al. [26] Mishra et al. [27] Proposed scheme
Provides mutual authentication Yes No Yes Yes Yes Yes Resists malicious user attack No No No No No Yes Provides forward secrecy No Yes Yes Yes Yes Yes Resists
user anonymity No No No No Yes Yes Resists replay attack Yes No No Yes Yes Yes Resists online password guessing attack No No No No No Yes Resists insider attack
No No No No Yes Yes Provides smart card revocation No No No No Yes Yes Resists hidden server attack No No No No No Yes Resists server spoofing attack No No
No No No Yes Resists offline password guessing attack No No No No No Yes
shows the notations used in the evaluation. Table 3 shows the comparative
alysis in terms of computational complexity of the schemes. It is evident from the
7. Performance evaluation mparison that the proposed scheme is very efficient. The scheme is lightweight
it uses only XOR
In this section, the performance of the proposed scheme is evaluated and one-way hash, whose computational cost is negligible. The related schemes
with other related schemes in terms of computation cost. The comparison confirms employ encryption/decryption operations, which are very expensive in terms of cost
that the proposed scheme is more efficient as compared with other schemes. Table as compared to hash op- eration. The proposed scheme takes the computational cost
of 6T H , 7T H and 9T H in schemes is shown in Table 4 . The proposed scheme satisfies all security
registration, login and authentication phase respectively.
requirements and resists security threats.
The comparative analysis of security features with other re- lated existing
G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106 1 05
106 G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106
012;27(February(2)):377–89 . [24] Kumari S , Khan M . Cryptanalysis and improvement of ‘a robust
mart– card-based remote user password authentication scheme’. Int J Commun Syst
8. Conclusion 013;27(12):3939–55 . [25] Li X , Niu J , Khan MK , Liao J . An enhanced smart card based remote
ser password authentication scheme. J Netw Comput Appl 2013;36(Septem- ber(5)):1365–71 . [26]
The convergence of cloud computing and IoT has led to the ad- ang Q , Ma J , Li G , Li X . Improvement of robust smart-card-based password
authentication scheme. Int J Commun Syst 2013;28(2):383–93 . [27] Mishra D , Das AK
vancement of numerous applications which permit users to access data anywhere at
Chaturvedi A , Mukhopadhyay S . A secure password-based authentication and key agreement scheme
any time. Thus, authenticating remote user is of paramount importance. This paper sing smart cards. J Inf Secur Appl 2015;23(August):28–43 . [28] Yang H , Zhang Y , Zhou Y , Fu X ,
proposes a lightweight multi- factor secure smart card based remote user iu H , Vasilakos AV . Provably secure three– party authenticated key agreement protocol using smart
authentication scheme. The rigorous security analysis confirms the security of the ards. Comput Netw 2014;58(January):29–38 . [29] Jing Q , Vasilakos AV , Wan J , Lu J , Qiu D .
pro- posed scheme against multiple security attacks. The simulation of the scheme ecurity of the Internet of Things:
perspectives and challenges. Wireless Netw 2014;20(November(8)):2481–501 . [30] Ali
in AVISPA shows its resilience to several attacks. A comprehensive evaluation of
M , Dhamotharan R , Khan E , Khan SU , Vasilakos AV , Li K , Zomaya AY .
performance confirms that the pro- posed scheme ensures better security as SeDaSC: secure data sharing in clouds. IEEE Syst J 2017;11(June(2)):395–404 . [31]
compared with other re- lated schemes proposed in the literature. hou J , Cao Z , Dong X , Xiong N , Vasilakos AV . 4S: A secure and privacy-pre- serving key
management scheme for cloud-assisted wireless body area net- work in m-healthcare social networks.
References nf Sci 2015;314(September):255–76 . [32] Zhou J , Dong X , Cao Z , Vasilakos AV . Secure and
rivacy preserving protocol for cloud-based vehicular DTNs. IEEE Trans Inf Forensics Secur
015;10(June(6)):1299–314 . [33] Kalra S , Sood SK . Secure authentication scheme for IoT and cloud
[1] Duan Q , Yan Y , Vasilakos AV . A survey on service-oriented network virtualiza- tion toward ervers. Per-
convergence of networking and cloud computing. IEEE Trans Netw Serv Manage
vasive Mobile Comput 2015;24(December):210–23 . [34] Sharma G , Kalra S . Identity
2012;9(December(4)):373–92 . [2] Armbrust M , Fox A , Griffith R , Joseph AD , Katz R , Konwinski
ased secure authentication scheme based on quantum key distribution for cloud computing.
A , Lee G , Pat- terson D , Rabkin A , Stoica I , Zaharia M . A view of cloud computing. Commun
eer-to-Peer Netw Appl 2016:1–15 Nov . [35] Yan Z , Zhang P , Vasilakos AV . A security and trust
ACM 2010;53(April(4)):50–8 . [3] Dou W , Zhang X , Liu J , Chen J . HireSome-II: towards
amework for vir- tualized networks and software-defined networking. Secur Commun Netw
privacy-aware cross-cloud service composition for big data applications. IEEE Trans Parallel Distrib
016;9(November(16)):3059–69 . [36] Wan J , Tang S , Shu Z , Li D , Wang S , Imran M , Vasilakos
Syst 2015;26(February(2)):455–66 . [4] Hao F , Min G , Chen J , Wang F , Lin M , Luo C , Yang LT .
AV . Software-de- fined industrial internet of things in the context of industry 4.0. IEEE Sens J
An optimized computa- tional model for multi-community-cloud social collaboration. IEEE Trans Serv
016;16(October(20)):7373–80 . [37] Fu Z , Huang F , Ren K , Weng J , Wang C . Privacy-preserving
Comput 2014;7(July(3)):346–58 . [5] Zhang X , Yang LT , Liu C , Chen J . A scalable two-phase
mart semantic search based on conceptual graphs over encrypted outsourced data. IEEE Trans Inf
top-down specializa- tion approach for data anonymization using mapreduce on cloud. IEEE Trans
orensics Secur 2017;12(August(8)):1874–84 . [38] Yan Z , Li X , Wang M , Vasilakos AV . Flexible
Parallel Distrib Syst 2014;25(February(2)):363–73 . [6] Zhang X , Liu C , Nepal S , Yang C , Dou W ,
ata access control based on trust and reputation in cloud computing. IEEE Trans Cloud Comput
Chen J . A hybrid approach for scalable sub-tree anonymization over big data using MapReduce on
017;5(July(3)):485–98 . [39] Zhou J , Cao Z , Dong X , Vasilakos AV . Security and privacy for
cloud. J Comput Syst Sci 2014;80(August(5)):1008–20 . [7] Meng S , Dou W , Zhang X , Chen J .
oud-based IoT:
Kasr: a keyword-aware service recommenda- tion method on mapreduce for big data applications.
IEEE Trans Parallel Distrib Syst 2014;25(December(12)):3221–31 . [8] Yan Z , Zhang P , Vasilakos challenges. IEEE Commun Mag 2017;55(January(1)):26–33 . [40] Wazid M , Das AK ,
AV . A survey on trust management for Internet of Khan MK , Al-Ghaiheb AA , Kumar N , Vasilakos AV . Secure authentication scheme for medicine
nti-counterfeiting system in IoT environ- ment. IEEE Internet Things J 2017;4(October(5)):1634–46 .
Things. J Netw Comput Appl 2014;42(June):120–34 . [9] Lee CC , Li LH , Hwang
41] Armando A , Basin D , Cuellar J , Rusinowitch M , Viganò L . Avispa: Auto- mated validation of
MS . A remote user authentication scheme using hash
nternet security protocols and applications. ERCIM News 2006;64(January) . [42] Dolev D , Yao A .
functions. ACM SIGOPS Operating Syst Rev 2002;36(October(4)):23–9 . [10] Tsai CS , Lee CC , n the security of public key protocols. IEEE Trans Inf Theory
Hwang MS . Password authentication schemes: current status
1983;29(March(2)):198–208 .
and key issues. IJ Netw Secur 2006;3(September(2)):101–15 . [11] Xu J , Zhu W-T
, Feng D-G . An improved smart card based password authentication scheme with provable security.
Comput Stand Interfaces 2009;31(4):723–8 . [12] Liao I-E , Lee C-C , Hwang M-S . A password
authentication scheme over insecure
networks. J Comput Syst Sci 2006;72(4):727–40 . [13] Yoon EJ , Yoo KY .
Drawbacks of Liao et al.’s Password Authentication Scheme. In: InInternational conference on next
generation web services practices. IEEE; 2006. p. 101–8. Sep 25 . [14] Wang XM , Zhang WF , Zhang
JS , Khan MK . Cryptanalysis and improvement on two efficient remote user authentication scheme
using smart cards. Comput Stand Interfaces 2007;29(July(5)):507–12 . [15] Ku W-C , Chen S-M .
Weaknesses and improvements of an efficient password based remote user authentication scheme using
smart cards. IEEE Trans Con- sum Electron 2004;50(1):204–7 . [16] Yoon E-J , Ryu E-K , Yoo K-Y .
Further improvement of an efficient password based remote user authentication scheme using smart
cards. IEEE Trans Con- sum Electron 2004;50(2):612–14 . [17] Chung HR , Ku WC , Tsaur MJ .
Weaknesses and improvement of Wang et al.’s re- mote user password authentication scheme for
resource-limited environments. Comput Stand Interfaces 2009;31(June(4)):863–8 .
[18] Lee SW , Kim HS , Yoo KY . Improvement of Chien et al.’s remote user au- thentication scheme
using smart cards. Comput Stand Interfaces 2005;27(Jan- uary(2)):181–3 . [19] Lee NY , Chiu YC .
Improved remote authentication scheme with smart card.
Comput Stand Interfaces 2005;27(January(2)):177–80 . [20] Song R . Advanced smart
card based password authentication protocol. Comput
Stand Interfaces 2010;32(October(5)):321–5 . [21] Sood SK , Sarje AK , Singh K . An
improvement of Xu et al.’s authentication scheme using smart cards. In: Proceedings of the third annual
ACM Bangalore conference. ACM; 2010. p. 15. Jan 22 . [22] Chen TH , Hsiang HC , Shih WK .
Security enhancement on an improvement on two remote user authentication schemes using smart cards.
Future Gener Comput Syst 2011;27(April(4)):377–80 . [23] Chen BL , Kuo WC , Wuu LC . Robust
smart-card-based remote user password authentication scheme. Int J Commun Syst