• ETRI Journal
• /
• v.35 no.5
• /
• pp.889-899
• /
• 2013

Wireless sensor networks (WSNs) are used for many real-time applications. User authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security-performance-balanced user authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new strong authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end-party mutual authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real-world WSNs applications.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.43-53
• /
• 2015

Password-based authentication schemes for server-client system are convenient to use, but vulnerable to dictionary attack or brute-force attack. To solve this vulnerability, Cryptographic secret key is used for security, but difficult to memorize. So, for the first time, Das proposed a biometric-based authentication scheme to solve various problems but it has various vulnerabilities. Afterwards, Jiping et al. improved Das's scheme, but some vulnerabilities remain. In this paper, we analyze the cryptanalysis of Jiping et al.'s authentication scheme and then propose improved biometric based user authentication scheme to resolve the analyzed problem. Moreover, we conduct a security analysis for the proposed scheme and make a comparison between the proposed scheme and other biometric based user authentications.

• The Journal of Society for e-Business Studies
• /
• v.18 no.2
• /
• pp.81-93
• /
• 2013

Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an common communication channel. Currently, smart card based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the mutual authentication. 2009 years, Wang et al.'s proposed a dynamic ID-based remote user authentication schemes using smart cards. They presented that their scheme preserves anonymity of user, has the feature of storing password chosen by the server, and protected from several attacks. However, in this paper, I point out that Wang et al.'s scheme has practical vulnerability. I found that their scheme does not provide anonymity of a user during authentication. In addition, the user does not have the right to choose a password. And his scheme is vulnerable to limited replay attacks. In particular, the parameter y to be delivered to the user is ambiguous. To overcome these security faults, I propose an enhanced authentication scheme, which covers all the identified weakness of Wang et al.'s scheme and an efficient user authentication scheme that preserve perfect anonymity to both the outsider and remote server.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.159-166
• /
• 2012

Many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2010, Chang et al. proposed an improved biometrics-based user authentication scheme without concurrency system which can withstand forgery attack, off-line password guessing attack, replay attack, etc. In this paper, we analyze the security weaknesses of Chang et al.'s scheme and we have shown that Chang et al.'s scheme is still insecure against man-in-the-middle attack, off-line biometrics guessing attack, and does not provide mutual authentication between the user and the server. And we proposed the improved scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result, the proposed scheme is secure for the user authentication attack, the server masquerading attack, the man-in-the-middle attack, and the off-line biometrics guessing attack, does provide the mutual authentication between the user and the remote server. And, in terms of computational complexities, the proposed scheme is more effective than Chang et al.'s scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.97-107
• /
• 2008

This paper proposes a mutual authentication scheme for mobile router in MANEMO. The NEMO used AAA server in order to authenticate mobile router in nested mobile network. So, this scheme has some problem that increases authentication message overhead and authentication time. The proposed scheme uses temporary certificate that signed by an access router's private key. The temporary certificate authenticates a mobile router when the mobile router entered a MANET domain. The proposed scheme reduces authentication message overhead and authentication time than the scheme to use AAA server when authenticating the mobile router.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.11 no.5
• /
• pp.58-70
• /
• 2008

Earlier researches on Sensor Networks preferred symmetric key-based authentication schemes in consideration of limitations in network resources. However, recent advancements in cryptographic algorithms and sensor-node manufacturing techniques have opened suggestion to public key-based solutions such as Merkle tree-based schemes. These previous schemes, however, must perform the authentication process one-by-one in hierarchical manner and thus are not fit to be used as primary authentication methods in sensor networks which require mass of multiple authentications at any given time. This paper proposes a new concept of public key-based authentication that can be effectively applied to sensor networks. This scheme is based on exponential distributed data concept, a derivative from Shamir's (t, n) threshold scheme, in which the authentication of neighbouring nodes are done simultaneously while minimising resources of sensor nodes and providing network scalability. The performance advantages of this scheme on memory usage, communication overload and scalability compared to Merkle tree-based authentication are clearly demonstrated using performance analysis.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37C no.11
• /
• pp.1011-1019
• /
• 2012

This paper presents a novel hybrid authentication scheme in the next-generation Tactical Mobile Communication Systems(TMCS) with wireless MSAP mesh networks. The existing centralized and distributed authentication methods for security between MSAPs may have their pros and cons. The centralized authentication method induces overhead from frequent MSAP association which leads to long authentication delay. On the other hand, the distributed authentication method requires initial sharing of the authentication information. Therefore, a more efficient authentication scheme is needed to protect the network from malicious MSAPs and also maximize efficiency of the network security. The proposed scheme provides a hybrid method of efficiently managing the authentication keys in the wireless MSAP mesh network to reduce the induced authentication message exchange overhead. Also, as the authentication method between MSAP and TMFT is different, a method of utilizing the ACR for handling the EAP packets is proposed. In overall, the proposed scheme provides efficient mutual authentication between MSAPs especially for tactical environments and is analyzed through performance evaluation to prove its superiority.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.959-964
• /
• 2005

Recently, Kim et al. proposed ID-based authentication schemes using smartcards and fingerprints. However, Scott showed that they were vulnerable to the passive eavesdropping attack. Thereby, this paper proposes an enhanced ID-based authentication scheme to solve the problems in Kin et al. scheme. Especially, the proposed scheme solves the ID repairability problem commonly shared in the previous ID based Cryptosystems. The proposed ID-based authentication scheme supports the advantages in the previous ID-based authentication scheme and solves the problems in them effectively.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.12
• /
• pp.6169-6187
• /
• 2017

With the fast growth of mobile services, Mobile Cloud Computing(MCC) has gained a great deal of attention from researchers in the academic and industrial field. User authentication and privacy are significant issues in MCC environment. Recently, Tsai and Lo proposed a privacy-aware authentication scheme for distributed MCC services, which claimed to support mutual authentication and user anonymity. However, Irshad et.al. pointed out this scheme cannot achieve desired security goals and improved it. Unfortunately, this paper shall show that security features of Irshad et.al.'s scheme are achieved at the price of multiple time-consuming operations, such as three bilinear pairing operations, one map-to-point hash function operation, etc. Besides, it still suffers from two minor design flaws, including incapability of achieving three-factor security and no user revocation and re-registration. To address these issues, an enhanced and provably secure authentication scheme for distributed MCC services will be designed in this work. The proposed scheme can meet all desirable security requirements and is able to resist against various kinds of attacks. Moreover, compared with previously proposed schemes, the proposed scheme provides more security features while achieving lower computation and communication costs.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.7
• /
• pp.67-75
• /
• 2023

In this paper, we analyze the problem of the user authentication scheme that provides dynamic ID in a multi-server environment proposed by Andola et al. and propose an improved authentication one to solve this problem. As a result of analyzing the authentication scheme of Andrea et al. in this paper, it is not safe for smart card loss attack, and this attack allows users to guess passwords, and eventually, the attacker was able to generate session key. This paper proposed an improved authentication scheme to solve these problems, and as a result of safety analysis, it was safe from various attacks such as smart card loss attack, password guess attack, and user impersonation attack. Also the improved authentication scheme not only provides a secure dynamic ID, but is also effective in terms of the computational complexity of the hash function. In addition, the improved authentication scheme does not significantly increase the amount of transmission, so it can be said to be an efficient authentication scheme in terms of transmission cost.