• Title/Summary/Keyword: Third Party Authentication

Search Result 60, Processing Time 0.025 seconds

An improved Multi-server Authentication Scheme for Distributed Mobile Cloud Computing Services

  • Irshad, Azeem;Sher, Muhammad;Ahmad, Hafiz Farooq;Alzahrani, Bander A.;Chaudhry, Shehzad Ashraf;Kumar, Rahul
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.12
    • /
    • pp.5529-5552
    • /
    • 2016
  • Mobile cloud computing (MCC) has revolutionized the way in which the services can be obtained from the cloud service providers. Manifold increase in the number of mobile devices and subscribers in MCC has further enhanced the need of an efficient and robust authentication solution. Earlier, the subscribers could get cloud-computing services from the cloud service providers only after having consulted the trusted third party. Recently, Tsai and Lo has proposed a multi-server authenticated key agreement solution for MCC based on bilinear pairing, to eliminate the trusted third party for mutual authentication. The scheme has been novel as far as the minimization of trusted party involvement in authenticating the user and service provider, is concerned. However, the Tsai and Lo scheme has been found vulnerable to server spoofing attack (misrepresentation attack), de-synchronization attack and denial-of-service attack, which renders the scheme unsuitable for practical deployment in different wireless mobile access networks. Therefore, we have proposed an improved model based on bilinear pairing, countering the identified threats posed to Tsai and Lo scheme. Besides, the proposed work also demonstrates performance evaluation and formal security analysis.

Trusted Third Party(TTP) Based Mono-directional Entity Authentication Scheme in Mobile Agent (이동 에이전트에 대한 신뢰 센터 기반 단방향 엔티티 인증 기법)

  • Lee, Gi-Hyeon;No, Hwan-Ju
    • The Transactions of the Korea Information Processing Society
    • /
    • v.6 no.11S
    • /
    • pp.3356-3366
    • /
    • 1999
  • Electric commerce system based on distributed mobile on object such as mobile agents need both precise identification and secure authentication scheme on remotemobile entities. In this paper, existing discrete logarithm based Schnorr like entity authentication schemes are improved by the analysis of performance and security on the bi-directional interactive proofs. And ElGamal like schemes are also proposed. Then, there are enhanced with oblivious transfer based mono-directional authentication schemes based on trusted third party for applying to the mobile agent based computing systems. Therefore, proposed schemes provide compatible performance and safety on mobile entity authentication process.

  • PDF

Study on the Improvement about User Authentication of Android Third Party Application Through the Vulnerability in Google Voice (구글 보이스 취약점을 통한 안드로이드 서드 파티 어플리케이션의 사용자 인증 개선방안 연구)

  • Lee, Seyeong;Park, Jaekyun;Hong, Sungdae;Choi, Hyoungki
    • Journal of KIISE
    • /
    • v.42 no.1
    • /
    • pp.23-32
    • /
    • 2015
  • In the Android market, a large portion of the market share consists of third party applications, but not much research has been performed in this respect. Of these applications, mobile Voice Over IP (VoIP) applications are one of the types of applications that are used the most. In this paper, we focus on user authentication methods for three representative applications of the Google Voice service, which is a famous mobile VoIP application. Then, with respect to the Android file system, we developed a method to store and to send user information for authentication. Finally, we demonstrate a vulnerability in the mechanism and propose an improved mechanism for user authentication by using hash chaining and an elliptic curve Diffie-Hellman key exchange.

Trust based Mutual Authentication Mechanism for Cloud Computing

  • Mandeeep Kaur;Prachi Garg
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.12
    • /
    • pp.81-90
    • /
    • 2023
  • Cloud computing is an emerging business model popularized during the last few years by the IT industry. Providing "Everything as a Service" has shifted many organizations to choose cloud-based services. However, some companies still fear shifting their data to the cloud due to issues related to the security and privacy. The paper suggests a novel Trust based Mutual Authentication Mechanism using Secret P-box based Mutual Authentication Mechanism (TbMAM-SPb) on the criticality of information. It uses a particular passcodes from one of the secret P-box to act as challenge to one party. The response is another passcode from other P-box. The mechanism is designed in a way that the response given by a party to a challenge is itself a new challenge for the other party. Access to data is provided after ensuring certain number of correct challenge-responses. The complexity can be dynamically updated on basis of criticality of the information and trust factor between the two parties. The communication is encrypted and time-stamped to avoid interceptions and reuse. Overall, it is good authentication mechanism without the use of expensive devices and participation of a trusted third party.

Extended 3-Party Mutual Authentication Protocols for the Virtual Home Environment in Next Generation Mobile Networks (차세대 이동통신 네트워크의 Virtual Home Environment 구조에 적용 가능한 3자간 상호 인증 프로토콜)

  • Jeong, Jong-Min;Lee, Goo-Yeon;Lee, Yong
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.40 no.4
    • /
    • pp.22-29
    • /
    • 2003
  • In the virtual home environment (VHE), which was proposed to offer global roaming and personal service environment portability, user's profiles and service logics are conveyed from home network to visited network to provide services at the visited network. Because user's profiles and service logics may contain confidential information, some procedures for mutual authentication among entities for offering confidence are needed. For these issues, we propose and analyze three 3-Party mutual authentication Protocols adaptable to the VHE in 3G ; password based mutual authentication protocol, mutual authentication protocol with CHAP and key exchange and mutual authentication protocol with trusted third party.

Efficient Mobile Node Authentication Scheme Based on the Trusted Local Third Party in Mobile Computing Environments (이동 컴퓨팅 환경에서의 로컬 신뢰 센터 기반 효율적 이동 노드 인증 기법)

  • 노환주;이기현
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.25 no.4A
    • /
    • pp.528-538
    • /
    • 2000
  • Mobile computing system requires both precise identification and secure authentication scheme on remote mobile entities, which is based on the distributed mobile node. In this paper, existing discrete logarithm based $Schnorr^{[7]}$ like entity authentication schemes are improved by the analysis of performance and security on the hi-directional interactive proofs. And $EIGamal^{[14]}$ like efficient authentication schemes are also proposed. Then, these are enhanced with oblivious transfer based mono directional authentication schemes based on trusted third party for applying to the mobile agent based computing systems. Therefore, proposed schemes provide compatible performance and safety on mobile entity authentication processes.

  • PDF

Improving The Security Of Quantum Key Distribution And Quantum Authentication By Using CHSH Inequality (CHSH 부등식을 이용하여 양자 키 분배와 양자 인증의 안전성을 개선한 프로토콜)

  • Heo, Jin-O;Hong, Chang-Ho;Lim, Jong-In;Yang, Hyoung-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.4
    • /
    • pp.69-78
    • /
    • 2008
  • We propose to analyze a weakness of quantum key distribution and quantum authentication which use entangled state were proposed by Bao-sen Shi(2001) and to improve the security of the protocol. The existing protocol had a weakness against an impersonation attack of an eavesdropper, because of a only process which authenticated a third party(Center) by users. In this paper, we propose improving the security of the protocol that authenticates users by a third party using check mode which applies CHSH inequality.

Authentication Protocol based on Credential for Implantable Medical Device (체내 삽입장치를 위한 위임장 기반의 인증 프로토콜)

  • Jeong, Yoon-Su
    • Journal of Digital Convergence
    • /
    • v.12 no.4
    • /
    • pp.259-264
    • /
    • 2014
  • Body insertion due to the recent development of sensor technology, the device is attached patients to receive medical services from anywhere, anytime environment is changing. Body insertion devices for the hospital, the patient's vital information attached personnel (doctors, nurses, pharmacists, etc.) to pass, however, when a problem occurs, a patient's information to a third party that can be exploited easily exposed. In this paper, we proposed signature authentication protocols mandate based on the patient's power of attorney from the center of the u-Healthcare services, hospital officials FormHelper third party disguised as a patient, the hospital patient information easily obtained from the officials to prevent. The proposed protocol, the patient's sensitive information to a third party, do not expose the patient's sensitive information to the random number generated by the u-Healthcare service centers and patients hash signature key to encrypt sensitive information of patients. From third parties to maintain synchronization between the patients and the hospital personnel in order to prevent patient information from being exploited illegally by the patient's vital information leakage can be prevented.

FIDO Universal Authentication System Based on Blockchain (블록체인 기반의 FIDO 범용 인증 시스템)

  • Kim, S.H.;Huh, S.Y.;Cho, Y.S.;Cho, S.R.;Kim, S.H.
    • Electronics and Telecommunications Trends
    • /
    • v.33 no.1
    • /
    • pp.34-44
    • /
    • 2018
  • In this paper, we describe a FIDO universal authentication system based on a Blockchain that can share the user's FIDO authentication information between the application services of multiple domains without the use of a server. In addition we provide a method to query the FIDO authentication information of the user recorded in the Blockchain using only the user's service ID. Therefore, even if the user executes the FIDO registration process only once, the user can use the FIDO authentication service of another application service without repeating an additional FIDO registration procedure, and the service provider can securely share and utilize the FIDO authentication information of the user without the use of a trusted third party, thereby lowering the deployment and maintenance costs of the FIDO server.

Privacy-Preserving NFC-Based Authentication Protocol for Mobile Payment System

  • Ali M. Allam
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.17 no.5
    • /
    • pp.1471-1483
    • /
    • 2023
  • One of the fastest-growing mobile services accessible today is mobile payments. For the safety of this service, the Near Field Communication (NFC) technology is used. However, NFC standard protocol has prioritized transmission rate over authentication feature due to the proximity of communicated devices. Unfortunately, an adversary can exploit this vulnerability with an antenna that can eavesdrop or alter the exchanged messages between NFC-enabled devices. Many researchers have proposed authentication methods for NFC connections to mitigate this challenge. However, the security and privacy of payment transactions remain insufficient. We offer a privacy-preserving, anonymity-based, safe, and efficient authentication protocol to protect users from tracking and replay attacks to guarantee secure transactions. To improve transaction security and, more importantly, to make our protocol lightweight while ensuring privacy, the proposed protocol employs a secure offline session key generation mechanism. Formal security verification is performed to assess the proposed protocol's security strength. When comparing the performance of current protocols, the suggested protocol outperforms the others.