Abstract: The authentication scheme is an important cryptographic mechanism, through which two communication parties could authenticate each other in the open network environment To satisfy the requirement of practical applications, many authentication schemes using passwords and smart cards have been proposed However, passwords might be divulged or forgotten, and smart cards might be shared, lost, or stolen In contrast, biometric methods, such as fingerprints or iris scans, have no such drawbacks Therefore, biometrics-based authentication schemes gain wide attention In this paper, we propose a biometrics-based authentication scheme for multiserver environment using elliptic curve cryptography To the best of our knowledge, the proposed scheme is the first truly three-factor authenticated scheme for multiserver environment We also demonstrate the completeness of the proposed scheme using the Burrows–Abadi–Needham logic

Abstract: With the fast development of wireless communication technologies and semiconductor technologies, the wireless sensor network (WSN) has been widely used in many applications As an application of the WSN, the wireless medical sensor network (WMSN) could improve health-care quality and has become important in the modern medical system In the WMSN, physiological data are collected by sensors deployed in the patient's body and sent to health professionals' mobile devices through wireless communication Then health professionals could get the status of the patient anywhere and anytime The data collected by sensors are very sensitive and important The leakage of them could compromise the patient's privacy and their malicious modification could harm the patient's health Therefore, both security and privacy are two important issues in WMSNs Recently, Kumar et al proposed an efficient authentication protocol for health-care applications using WMSNs and claimed that it could withstand various attacks However, we find that their protocol is vulnerable to the off-line password guessing attack and the privileged insider attack We also point out that their protocol cannot provide user anonymity In this paper, we will propose a robust anonymous authentication protocol for health-care applications using WMSNs Compared with Kumar et al's protocol, the proposed protocol has strong security and computational efficiency Therefore, it is more suitable for health-care applications using WMSNs

Abstract: In modern societies, the number of mobile users has dramatically risen in recent years. In this paper, an efficient authentication scheme for distributed mobile cloud computing services is proposed. The proposed scheme provides security and convenience for mobile users to access multiple mobile cloud computing services from multiple service providers using only a single private key. The security strength of the proposed scheme is based on bilinear pairing cryptosystem and dynamic nonce generation. In addition, the scheme supports mutual authentication, key exchange, user anonymity, and user untraceability. From system implementation point of view, verification tables are not required for the trusted smart card generator (SCG) service and cloud computing service providers when adopting the proposed scheme. In consequence, this scheme reduces the usage of memory spaces on these corresponding service providers. In one mobile user authentication session, only the targeted cloud service provider needs to interact with the service requestor (user). The trusted SCG serves as the secure key distributor for distributed cloud service providers and mobile clients. In the proposed scheme, the trusted SCG service is not involved in individual user authentication process. With this design, our scheme reduces authentication processing time required by communication and computation between cloud service providers and traditional trusted third party service. Formal security proof and performance analyses are conducted to show that the scheme is both secure and efficient.

Abstract: Two-factor authentication protects online accounts even if passwords are leaked. Most users, however, prefer password-only authentication. One reason why two-factor authentication is so unpopular is the extra steps that the user must complete in order to log in. Currently deployed two-factor authentication mechanisms require the user to interact with his phone to, for example, copy a verification code to the browser. Two-factor authentication schemes that eliminate user-phone interaction exist, but require additional software to be deployed. In this paper we propose Sound-Proof, a usable and deployable two-factor authentication mechanism. Sound-Proof does not require interaction between the user and his phone. In Sound-Proof the second authentication factor is the proximity of the user's phone to the device being used to log in. The proximity of the two devices is verified by comparing the ambient noise recorded by their microphones. Audio recording and comparison are transparent to the user, so that the user experience is similar to the one of password-only authentication. Sound-Proof can be easily deployed as it works with current phones and major browsers without plugins. We build a prototype for both Android and iOS. We provide empirical evidence that ambient noise is a robust discriminant to determine the proximity of two devices both indoors and outdoors, and even if the phone is in a pocket or purse. We conduct a user study designed to compare the perceived usability of Sound-Proof with Google 2-Step Verification. Participants ranked Sound-Proof as more usable and the majority would be willing to use Sound-Proof even for scenarios in which two-factor authentication is optional.

Abstract: To ensure the security and privacy of the patient’s health status in the wireless body area networks (WBANs), it is critical to secure the extra-body communication between the smart portable device held by the WBAN client and the application providers, such as the hospital, physician or medical staff. Based on certificateless cryptography, this paper proposes a remote authentication protocol featured with nonrepudiation, client anonymity, key escrow resistance, and revocability for extra-body communication in the WBANs. First, we present a certificateless encryption scheme and a certificateless signature scheme with efficient revocation against short-term key exposure, which we believe are of independent interest. Then, a certificateless anonymous remote authentication with revocation is constructed by incorporating the proposed encryption scheme and signature scheme. Our revocation mechanism is highly scalable, which is especially suitable for the large-scale WBANs, in the sense that the key-update overhead on the side of trusted party increased logarithmically in the number of users. As far as we know, this is the first time considering the revocation functionality of anonymous remote authentication for the WBANs. Both theoretic analysis and experimental simulations show that the proposed authentication protocol is provably secure in the random oracle model and highly practical.

Abstract: A method of handling wireless charging authentication for an electronic device of a wireless charging system includes sending a first message to a controller of the wireless charging system to notify the controller that an authentication is required by a wireless charger of the wireless charging system; receiving a second message including authentication information from the controller; and sending a third message including the authentication information to the wireless charger, in order to satisfy the authentication.

Abstract: Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

Abstract: The Internet of Things (IoT) is becoming an attractive system paradigm to realize interconnections through the physical, cyber, and social spaces. During the interactions among the ubiquitous things, security issues become noteworthy, and it is significant to establish enhanced solutions for security protection. In this work, we focus on an existing U2IoT architecture (i.e., unit IoT and ubiquitous IoT), to design an aggregated-proof based hierarchical authentication scheme (APHA) for the layered networks. Concretely, 1) the aggregated-proofs are established for multiple targets to achieve backward and forward anonymous data transmission; 2) the directed path descriptors, homomorphism functions, and Chebyshev chaotic maps are jointly applied for mutual authentication; 3) different access authorities are assigned to achieve hierarchical access control. Meanwhile, the BAN logic formal analysis is performed to prove that the proposed APHA has no obvious security defects, and it is potentially available for the U2IoT architecture and other IoT applications.

Abstract: Aspects of the subject disclosure may include, for example, receiving, from a second waveguide system, electromagnetic waves at a physical interface of a transmission medium that propagate without utilizing an electrical return path where the electromagnetic waves are guided by the transmission medium and where the electromagnetic waves have a non-optical frequency range, and authenticating the second waveguide system according to an authentication protocol based on authentication information contained in the electromagnetic waves. Other embodiments are disclosed.

Abstract: Telecare Medical Information System (TMIS) makes an efficient and convenient connection between patient(s)/user(s) at home and doctor(s) at a clinical center. To ensure secure connection between the two entities (patient(s)/user(s), doctor(s)), user authentication is enormously important for the medical server. In this regard, many authentication protocols have been proposed in the literature only for accessing single medical server. In order to fix the drawbacks of the single medical server, we have primarily developed a novel architecture for accessing several medical services of the multi-medical server, where a user can directly communicate with the doctor of the medical server securely. Thereafter, we have developed a smart card based user authentication and key agreement security protocol usable for TMIS system using cryptographic one-way hash function. We have analyzed the security of our proposed authentication scheme through both formal and informal security analysis. Furthermore, we have simulated the proposed scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and showed that the scheme is secure against the replay and man-in-the-middle attacks. The informal security analysis is also presented which confirms that the protocol has well security protection on the relevant security attacks. The security and performance comparison analysis confirm that the proposed protocol not only provides security protection on the above mentioned attacks, but it also achieves better complexities along with efficient login and password change phase.

Abstract: Cloud computing is an emerging data interactive paradigm to realize users' data remotely stored in an online cloud server. Cloud services provide great conveniences for the users to enjoy the on-demand cloud applications without considering the local infrastructure limitations. During the data accessing, different users may be in a collaborative relationship, and thus data sharing becomes significant to achieve productive benefits. The existing security solutions mainly focus on the authentication to realize that a user's privative data cannot be illegally accessed, but neglect a subtle privacy issue during a user challenging the cloud server to request other users for data sharing. The challenged access request itself may reveal the user's privacy no matter whether or not it can obtain the data access permissions. In this paper, we propose a shared authority based privacy-preserving authentication protocol (SAPA) to address above privacy issue for cloud storage. In the SAPA, 1) shared access authority is achieved by anonymous access request matching mechanism with security and privacy considerations (e.g., authentication, data anonymity, user privacy, and forward security); 2) attribute based access control is adopted to realize that the user can only access its own data fields; 3) proxy re-encryption is applied to provide data sharing among the multiple users. Meanwhile, universal composability (UC) model is established to prove that the SAPA theoretically has the design correctness. It indicates that the proposed protocol is attractive for multi-user collaborative cloud applications.

Abstract: In some embodiments, encrypted biometric data are stored in advance in a device that is possessed or carried by a user (for example, a smartcard, a communication terminal, or the like) based on a public key certificate, and a user authentication (first user authentication) is performed by a biometric matching in the device. A public key certificate matching the encrypted biometric data is used to perform a user authentication (second user authentication) for a transaction authorization in a service providing server. According to some embodiments, one time password, keystroke, dynamic signature, location information, and the like are employed as additional authentication factors to tighten the security of the first and second user authentications. According to some embodiments, an authentication mechanism including the first user authentication and the second user authentication is applied to control an access to the IoT device.

Abstract: This paper proposes a Key Management Protocol for mobile and industrial Internet of Things systems, targeting, at the same time, robust key negotiation, lightweight node authentication, fast re-keying, and efficient protection against replay attacks. The proposed approach pragmatically leverages widely accepted Elliptic Curve Cryptography constructions, specifically the (Elliptic Curve) "Fixed" Diffie Hellman key exchange and the (Elliptic Curve) Qu-Vanstone implicit certificates. Our value added is their suitable integration into a security protocol exchange, designed at layer 2, in the 802.15.4 protocol stack, which permits to i) avoid Elliptic Point multiplications upon rekeying of previously paired devices, and ii) support mutual authentication while securing the protocol exchange. To prove its viability, the proposed Key Management Protocol has been implemented and assessed on severely constrained devices. As expected, but made explicit and quantified by our experimental performance evaluation, the usage of implicit certificates in conjunction with an optimized message exchange yields impressive gains in terms of airtime consumption with respect to state of the art schemes.

Abstract: A mobile device may perform continuous authentication with an authenticating entity. The mobile device may include a set of biometric and non-biometric sensors and a processor. The processor may be configured to receive sensor data from the set of sensors, form authentication information from the received sensor data, and continuously update the authentication information.

Abstract: The session initiation protocol (SIP) is the most widely used signaling protocol for controlling communication on the Internet, establishing, maintaining, and terminating the sessions. To get secure communication, many authentication protocols for SIP have been proposed. Very recently, Zhang et al. proposed a new authenticated key agreement protocol for SIP using smart card. They also show their protocol could withstand various attacks. However, in this paper, we point out that their protocol is vulnerable to the impersonation attack. We also propose an improved protocol to overcome the weakness. Security analysis shows that our protocol could overcome the weaknesses in Zhang et al.’s protocol. Performance analysis shows that the computational cost in the authentication phase of our protocol is about 75 % of Zhang et al.’s protocol.

Abstract: A personal/client identification and verification process, pseudonymous system and transaction network for monitoring and restricting transactions of cryptography-based electronic money. The present invention—“legal identity-linked credential authentication protocol” is a protocol providing a practical solution for the issues related to cryptocurrency theft, KYC and AML, while maintaining user privacy.

Abstract: Recently, Giri et al.'s proposed a RSA cryptosystem based remote user authentication scheme for telecare medical information system and claimed that the protocol is secure against all the relevant security attacks. However, we have scrutinized the Giri et al.'s protocol and pointed out that the protocol is not secure against off-line password guessing attack, privileged insider attack and also suffers from anonymity problem. Moreover, the extension of password guessing attack leads to more security weaknesses. Therefore, this protocol needs improvement in terms of security before implementing in real-life application. To fix the mentioned security pitfalls, this paper proposes an improved scheme over Giri et al.'s scheme, which preserves user anonymity property. We have then simulated the proposed protocol using widely-accepted AVISPA tool which ensures that the protocol is SAFE under OFMC and CL-AtSe models, that means the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The informal cryptanalysis has been also presented, which confirmed that the proposed protocol provides well security protection on the relevant security attacks. The performance analysis section compares the proposed protocol with other existing protocols in terms of security and it has been observed that the protocol provides more security and achieves additional functionalities such as user anonymity and session key verification.

Abstract: The Session Initiation Protocol (SIP) has revolutionized the way of controlling Voice over Internet Protocol (VoIP) based communication sessions over an open channel. The SIP protocol is insecure for being an open text-based protocol inherently. Different solutions have been presented in the last decade to secure the protocol. Recently, Zhang et al. authentication protocol has been proposed with a sound feature that authenticates the users without any password-verifier database using smart card. However, the scheme has a few limitations and can be made more secure and optimized regarding cost of exchanged messages, with a few modifications. Our proposed key-agreement protocol makes a use of two server secrets for robustness and is also capable of authenticating the involved parties in a single round-trip of exchanged messages. The server can now authenticate the user on the request message received, rather than the response received upon sending the challenge message, saving another round-trip of exchanged messages and hence escapes a possible denial of service attack.

Abstract: In the context of hardware systems, authentication refers to the process of confirming the identity and authenticity of chip, board and system components such as RFID tags, smart cards and remote sensors. The ability of physical unclonable functions (PUF) to provide bitstrings unique to each component can be leveraged as an authentication mechanism to detect tamper, impersonation and substitution of such components. However, authentication requires a strong PUF, i.e., one capable of producing a large, unique set of bits per device, and, unlike secret key generation for encryption, has additional challenges that relate to machine learning attacks, protocol attacks and constraints on device resources. In this paper, we describe the requirements for PUF-based authentication, and present a PUF primitive and protocol designed for authentication in resource constrained devices. Our experimental results are derived from a 28 nm Xilinx FPGA.1

Abstract: With the increasing popularity and demand for various applications, the internet user accesses remote server by performing remote user authentication protocol using smart card over the insecure channel. In order to resist insider attack, most of the users remember a set of identity and password for accessing different application servers. Therefore, remembering set of identity and password is an extra overhead to the user. To avoid the mentioned shortcoming, many remote user authentication and key agreement protocols for multi-server architecture have been proposed in the literature. Recently, Hsieh---Leu proposed an improve protocol of Liao et al. scheme and claimed that the improve protocol is applicable for practical implementation. However, through careful analysis, we found that Hsieh---Leu scheme is still vulnerable to user anonymity, password guessing attack, server masquerading attack and the password change phase is inefficient. Therefore, the main aim of this paper was to design a bilinear pairing based three factors remote user authentication scheme using smart card for providing security weaknesses free protocol. In order to validate security proof of the proposed protocol, this paper uses BAN logic which ensures that the same protocol achieves mutual authentication and session key agreement property securely. Furthermore, this paper also informally illustrates that the proposed protocol is well protected against all the relevant security attacks. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed protocol achieves complete security requirements with comparatively lesser complexities.

Abstract: The smart grid (SG) is a promising platform for providing more reliable, efficient, and cost effective electricity to the consumers in a secure manner. Numerous initiatives across the globe are taken by both industry and academia in order to compile various security issues in the smart grid network. Unfortunately, there is no impactful survey paper available in the literature on authentications in the smart grid network. Therefore, this paper addresses the required objectives of an authentication protocol in the smart grid network along with the focus on mutual authentication, access control, and secure integration among different SG components. We review the existing authentication protocols, and analyze mutual authentication, privacy, trust, integrity, and confidentiality of communicating information in the smart grid network. We review authentications between the communicated entities in the smart grid, such as smart appliance, smart meter, energy provider, control center (CC), and home/building/neighborhood area network gateways (GW). We also review the existing authentication schemes for the vehicle-to-grid (V2G) communication network along with various available secure integration and access control schemes. We also discuss the importance of the mutual authentication among SG entities while providing confidentiality and privacy preservation, seamless integration, and required access control with lower overhead, cost, and delay. This paper will help to provide a better understanding of current authentication, authorization, and secure integration issues in the smart grid network and directions to create interest among researchers to further explore these promising areas.

Abstract: The strong development of the Internet of Things (IoT) is changing traditional perceptions of the current Internet towards a vision of smart objects interacting with each other. In this vision e-health applications are one of the most promising applications in IoT. However, security issues are the major obstacle for their deployment. Among these issues, authentication of the different interconnected entities and exchanged data confidentiality constitutes the main concerns for users that need to be addressed. In this paper, we propose a new lightweight authentication scheme for an e-health application. This scheme allows both of sensors and the Base Station (BS) to authenticate each other in order to secure the collection of health-related data. Our scheme uses nonces and Keyed-Hash message authentication (HMAC) to check the integrity of authentication exchanges. In addition, it provides authentication with less energy consumption, and it terminates with a session key agreement between each sensor and the Base Station. To assess our scheme, we carry out a performance and security analysis. The obtained results show that our scheme saves energy. In addition, it is resistant against different types of attacks.

Abstract: As a signaling protocol for controlling communication on the internet, establishing, maintaining, and terminating the sessions, the Session Initiation Protocol (SIP) is widely used in the world of multimedia communication. To ensure communication security, many authentication schemes for the SIP have been proposed. However, those schemes cannot ensure user privacy since they cannot provide user anonymity. To overcome weaknesses in those authentication schemes with anonymity for SIP, we propose an authentication scheme with anonymity using elliptic curve cryptograph. By a sophisticated analysis of the security of the proposed protocol, we show that the proposed scheme not only overcomes weaknesses in previous schemes but also is very efficient. Therefore, it is suitable for applications with higher security requirements.

Abstract: Techniques are disclosed for providing and/or implementing utilizing declarative techniques for transaction-specific authentication. Certain techniques are disclosed herein that enable transaction signing using modular authentication via declarative requests from applications. An application can declaratively specify one or more transaction factor values to be used in an authentication, and the authentication, using a transaction-signed one-time password, can be directed by an access manager module without further involvement of the application. Upon a successful or non-successful authentication, the access manager module can provide the result back to the application. Accordingly, an authentication process specific to (and valid only for) a particular transaction can be performed without direct involvement of the application and without application-centric knowledge required by the access manager module.