No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Password authenticated with insecure communication
... To improve the speed of the protocol, we developed a technique that combines a stream cipher, based on keyed cryptographic hashing (HMAC) slightly similar to that of Lamport [50], with a TEE. This makes encryption, aggregation, and decryption faster since we do not need to use relatively more expensive elliptic curve operations as in our earlier work. ...
... Tree-Based Scheme: Since there was a significant amount of overhead and scalability issues from utilizing ECC on its own, we designed an improved protocol that utilizes keyed cryptographic hashing and secure pseudorandom number generators slightly similar to that of Lamport [50] combined with a TEE. We also minimize the overhead of fault recovery by utilizing a p-ary tree to store recovery information within the TEE. ...
... As the trusted setup was performed successfully and is exactly the same in both the ideal and real worlds, every user (adversary controlled or otherwise) has secret key s i or s ′ i they may use to generate a cryptographically secure stream of numbers denoted r i ∈ ℝ or r � i ∈ ℝ � during an offline phase. Note in either world, when the users run Enc , because the algorithm has access to an infinite stream (for practical purposes) of cryptographically secure random numbers via [50], the randomness used during the one-time pad encryption indistinguishable from a truly random sequence within the ciphertext range. In addition, we can continue computing the hash algorithm to generate numbers that are indistinguishable from a truly random sequence within the ciphertext range. ...
In many real-world applications, an untrusted aggregator (server) is required to collect privacy-sensitive data from the users (clients) to compute aggregate statistics on that data periodically. In Private Stream Aggregation (PSA), multiple data producers encrypt their data for a central party, which can then retrieve only the aggregate sum of the encrypted values, without access to any individual values. PSA enables untrusted aggregators to execute aggregation operations over privacy-critical data from multiple data sources. Traditionally, existing PSA schemes require the aggregator to interact with a trusted third party to achieve fault tolerance. However, this kind of interactive recovery poses many security and practical vulnerabilities to achieve fault tolerance in real-world applications. This paper introduces a new formal PSA framework that ensures rigorous privacy guarantees for individual user inputs and achieves fault tolerance with non-interactive recovery. Existing definitions for fault tolerance do not account for the impact of faults on security and cannot defend against residual function attacks. We define a new level of security for a non-interactive fault tolerance model with malicious adversaries that guarantees defense for such attacks during fault recovery. We present the first PSA protocol that provably achieves this new level of security. Our techniques are versatile and can be used to enhance any existing PSA scheme to safely recover from faults in a non-interactive manner. We employ our proposed framework and use trusted hardware, cryptographic hashing, and p-ary trees to develop a protocol that achieves significant improvements in scalability and communication efficiency. Our proposed protocol is about 3 faster than existing PSA protocols for cases when faults do not occur. During cases when faults occur, our protocol provides faster execution by about 1–2 orders of magnitude compared to existing works.
... Most of the authentication schemes proposed is based on symmetric or asymmetric cryptography using heavy weight computations [2,5,7,8], which hand held devices are not capable to adopt. Few researchers [9,12,28] have proposed authentication schemes using only hash functions which requires less energy compared to encryption, but these schemes fails to resist the major attacks and uses increased number of hash operations that results in augmented usage of processor power, memory, storage etc., which makes them not optimal to use in real life applications. The critical need of the hour is the authentication schemes that are highly secure and requires light weight cryptography operations, which reduce the energy requirements on terminals. ...
... In 1981, Lamport [12] proposed first of its kind of remote user authentication scheme over an insecure communication channel using password. In 2001, Li et al., [13] first proposed remote user authentication scheme for multi-server environment. ...
... In 2001, Li et al., [13] first proposed remote user authentication scheme for multi-server environment. Later many authentication protocols have been extensively proposed for multi-server architecture [13][14][15][16][17][18][19][20][21] with different security goals and properties based on dynamic identity, [19,20,21,25,27,34], password [12,13,[19][20][21][24][25][26][27][28][29][30][31][32], smart card [9][10][11][12][13][14][15][16][17][18][19][20][21][24][25][26][27][28][29][30][31][32], elliptic curve [26,31,32], biometric [29], and neural network [13,30]. However, most of these schemes have cryptanalyzed subsequently [8,11,12,20,23,27,33] In 2008, Lee et al., [14] proposed a password-based multi-server authentication scheme without using a smartcard based on the discrete logarithm problem (DLP), a symmetric cryptosystem, and a one-way hash function. ...
With the rapid development of wireless communication technologies, there is an exponential increase in usage of handheld devices to connect to remote servers. The advancement of communication technology also resulted in increasing number of security threats in public Internet. The resource (processing capacity, memory, battery) constraint nature of hand held devices is a serious bottle neck in implementing computing intensive cryptographic protocols. The current focus of research is to develop light weight authentication protocols. In 2014, Truong et al. proposed a Dynamic Id based remote user authentication scheme for multi-server environment. Truong et al. claimed that their scheme is secure against all major cryptographic attacks and satisfies all the multi-server environment security requirements. Unfortunately, their scheme is vulnerable to all major cryptographic attacks and requires high energy consumption as shown in this paper. As a part of our contribution, we propose a light weight and energy efficient authentication scheme for multi-server scenario that resists all major cryptographic attacks and reduces number of hash operations by 32% and energy consumption by 33%.
... However, it is impossible to determine the prior value, given a specific value. The Lamport [14] and S/KEY [15] OTP scheme is a pioneering work in proposing the idea of a hash chain for authentication. When using hash function h() on a seed s, N times, the resulting hash chain of length N is created. ...
... Some OTP schemes, such as Lamport [14], the S/KEY system [15], Goyal et al. [17], and Yeh et al. [18], use a hash chain backward. After a given number of authentications, these systems need to be reinitialized, and for initial authentications, a large number of hash operations are executed. ...
Static authentication methods are increasingly vulnerable to sophisticated attacks, necessitating more robust solutions. This paper introduces a novel one-time password (OTP) authentication system that combines quick response (QR) codes with a multidimensional hash chain to enhance security and usability. In our approach, the server generates a dynamic challenge encoded in a QR code. This challenge is a random path within an n-dimensional hypercube, where each dimension is associated with a distinct cryptographic hash function. The client then computes the OTP by sequentially applying the specified hash functions to an initial seed. Furthermore, based on hash computation, the hypercube moves along the x-axis of the coordinate system to create ample space for possible challenges. Security analysis and threat modeling show that the proposed authentication scheme effectively enhances a secure system’s security level. It does not require a system re-initialization and is more secure and computationally efficient than some of the other similar authentication schemes. Performance evaluations indicate that the challenge generation and OTP computation algorithms operate in the microsecond range on low-end devices.
... Draft D12 [13]) authentication. The first well-known hash-based password authentication scheme was proposed by Lamport [16]. Later, Shimizu et al. [25] overcome the weakness of Lamport [16] that was suffering from high hash overhead and password resetting problems and proposed a modified scheme. ...
... The first well-known hash-based password authentication scheme was proposed by Lamport [16]. Later, Shimizu et al. [25] overcome the weakness of Lamport [16] that was suffering from high hash overhead and password resetting problems and proposed a modified scheme. Thereafter, many schemes and improvements (Lee et al. [17], Peyravian and Zunic [21], Ku et al. [14], Ku [15]) on hash-based remote user authentication, have been proposed. ...
In 2006, Das et al. [6] proposed a novel remote user authentication scheme using bilinear pairings. In that scheme, the remote system receives user login request and allows login to the legitimate user. In this paper we present the cryptanalysis of the Das et al. scheme and propose an improved and more secure scheme that enables user to choose and change their password without the help of the remote server.
... The combination of smart card and password oriented authentication scheme (2-Factor Authentication) is one of the most ordinarily used verification technique in E-Commerce and M-Commerce applications such as flipkart, online money transfer, facebook etc. Password based verification coupled with smart cards is an competent two-factor verification technique to validate the legitimacy of a remote user. Many researchers had proposed schemes for remote user authentication [1][2][3][4][7][8][9][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25]. Soon after the proposal may schemes have been cryptanalyzed [9,[12][13][14][15][16][17][18][19][20][21]24,25] In most of the proposed schemes, many of them [11][12][13][14][15][16][17][18][19][20] take for granted that the smart card memory data is tamper or manipulate resilient i.e., (it is not computationally feasible to excerpt the critical data and software from smartcard processors). ...
... In 1981, Lamport al. [1] primarily proposed the notion of password-oriented remote user validation method. Later many researchers have proposed authentication schemes focussing on various parameters like pasword, smart card [23,25], biometric [22], Elliptic Curve Cryptography [24] etc. ...
The fast emerging of new technology called (IoT) i.e., Internet of Things technology, every network like WSN etc and every object like mobile phones, smart phones etc., can be interconnected via insecure public communication channel called Internet, to form scalable and inter operable networking system. IoT also brings numerous security challenges as it is working on top of Internet. Recently Liou et al. enhanced Das et al. protocol and asserted that the enhanced scheme assures strong mutual authentication and resistant to various attacks. Later Kuldip Singh et al. confirmed that Liou et al. scheme is susceptible to user impersonation attack, offline password guessing attack etc and projected an enhanced scheme. Unluckily, in this manuscript we will make clear that Kuldip et al. scheme cannot prevent any of the attacks they claimed that their scheme will prevent and as a part of our contribution we present our enhanced dynamic ID oriented remote user authentication design while preserving their merits.
... This cryptographic technique, originally introduced by Lamport in his work on password security [29], involves combining multiple sets of cryptographic keys to generate a single, final key. Every device selects the value of the seed r for a key pair generation in the hash chain. ...
... Verify R @ 2 using P UK b associated with ID ED b 28: if verification successful then 29: ...
The increasing number of edge layer devices connected to fog servers in fog computing environments has led to a rise in vulnerable and unauthorized actions. Implementing authorized access control with secure key management is essential to address this issue. As the traditional key management methods rely on third-party involvement, which suffers from drawbacks such as single points of failure and inconsistent key management in centralized architecture, so establishing efficient and secure key management between edge devices while ensuring effective access control is the main challenge in the digital environment. This study introduces a novel Blockchain-Based Access Control Protocol in IoT-Enabled Fog Computing (BACP-IeFC) environment for intra-network, inter-network, and mobile device communication models. The BACP-IeFC protocol eliminates the necessity for third-party intermediaries by leveraging Elliptic Curve Cryptography (ECC) for secure data sharing and hash chains for key pair generation. The BACP-IeFC protocol utilizes session keys generated by fog servers, which are securely recorded on a blockchain, ensuring robust authentication at edge devices. A Permissioned Blockchain is also used for secure key storage at the fog layer. The BACP-IeFC security has undergone comprehensive evaluation, including testing its session key (SK) security under the Real-or-Random (ROR) model, confirming its effectiveness in achieving SK security. An informal security analysis confirms the BACP-IeFC protocol resilience against known attacks. For the formal security verification, the BACP-IeFC protocol utilized the ProVerif security tool, and the results show that it is secure against major attacks. Additionally, the performance analysis of the proposed protocol using MIRACL shows a significant improvement in computation overhead, communication, storage cost, and energy consumption cost compared to existing protocols. The scalability and latency analysis of the BACP-IeFC protocol demonstrates that it supports high scalability with low latency costs. The BACP-IeFC protocol is implemented on Truffle Blockchain using Ethereum 2.0, and a lightweight Proof of Authority (PoA) consensus algorithm demonstrates that the BACP-IeFC protocol significantly outperformed existing protocols in terms of average response time for edge device registration time, authentication time, and block preparation time.
... In 1981, the Lamport [9] presented a pioneer passwordbased authentication protocol over a public channel. Nonetheless, the main drawback of this protocol was to consult a password table with lots of other attacks and overheads. ...
... Nonetheless, the main drawback of this protocol was to consult a password table with lots of other attacks and overheads. Then, there were a few improved protocols [10][11][12] to cover the drawbacks in [9]. In 2001, Chang and Wu [13] and Hwang et al. [14] presented authentication protocols based on smart cards. ...
The fifth-generation (5G) network is regarded as a key enabler technology for promoting the Internet of Things (IoT) and overcoming the corresponding challenges in the future, such as the support of low communication latency, high data rates, and managing numerous connections to devices in IoT-based ecosystem. To meet such requirements with the realization of 5G network technology as well as the qualification for cloud-based services, the resource deficient mobile end users must gain secure access to remote cloud computing servers. A robust multiserver authentication may ensure the stipulated computational efficiency for authenticated key agreements in 5G networks. Many Multi-Server Authentication (MSA) protocols have been presented so far for various applications. Yet, the compliance to perfect forward secrecy (PFS), untraceability, and privacy-based security features, along with the resilience to de-synchronization and other known attacks, is uncertain. Recently, Wu
et al
. presented another MSA scheme for a distributed cloud-based 5G environment. Although the scheme fulfills PFS; however, we identified that Wu
et al
. is prone to impersonation attack, password guessing attack, and man-in-the-middle attack. We have demonstrated an efficient and secure multiserver authentication protocol SEMS-5G ensuring PFS and all other significant security properties that previous schemes could not offer. The results of SEMS-5G are validated using automated ProVerif tool and formally analyzed using BAN logic analysis. The analysis and results prove that our scheme supports all security features at an economical cost.
... These programs use OTP algorithms for their implementation and are fundamental to guarantee the security of systems in applications of online banking, electronic commerce, medical care, IoT and other scopes [12] [13]. Lamport [14] proposed the first OTP known as the S/KEY authentication system [15], to authenticate untrusted computers in public use. ...
... The study of OTPs began with Lamport [14] in the early 1980s, with a protocol in which both the client and the server agreed to use an algorithm to generate OTPs, which expired once the authentication process was successfully carried out. Lamport's solution used a seed (S) agreed upon by both the client and the server, which passed through a hash function (h) n number of times. ...
Currently, user authentication only based on passwords can be inadequate due to different types of vulnerabilities and attacks. To solve this problem, two-factor authentication is commonly used, providing a higher level of security when the user logs into their accounts, and one popular example of two-factor authentication is the combination of password and One-Time Passwords (OTP). Due to the importance and popularity of OTPs, this study analyzed the most widely used OTP protocols and their applications to understand their state of the art. The scientific community can use the analysis carried out in this work to understand why OTP is so popular and to decide on the type of OTP, in case a custom implementation is needed for an authentication system. To achieve this, this work analyzed a large number of previous works methodically through a semi cyclic process based on research action combined with a systematic review process. The most important works were analyzed to identify their specific features and to classify the used technologies. Usage trends in terms of protocols, implementations, algorithms, and OTP generators were also analyzed. In addi-tion, this article has determined a complementary feature guide that must be considered when implementing an OTP authentication system.
... MUQAMI+ improves performance by distributing the key management responsibilities locally. Also, it makes use of key-chains [27], which are based on Lamport's one-time passwords [28]. However, both these schemes are designed keeping in mind large scale nature of WSN. ...
Wireless body area networks (WBAN) consist of resource constrained sensing devices just like other wireless sensor networks (WSN). However, they differ from WSN in topology, scale and security requirements. Due to these differences, key management schemes designed for WSN are inefficient and unnecessarily complex when applied to WBAN. Considering the key management issue, WBAN are also different from WPAN because WBAN can use random biometric measurements as keys. We highlight the differences between WSN and WBAN and propose an efficient key management scheme, which makes use of biometrics and is specifically designed for WBAN domain.
... The rapid growth and increasing sophistication of cybercrime have rendered traditional authentication mechanisms (username and password) ineffective in safeguarding users' private data. To address this situation, OTPs (One-Time Passwords) and single signon systems ha ve emerged as preferred solutions to counteract these fraudulent activities [26][27][28]. OTP represents a type of two-factor authentication mechanism. Simply put, an OTP is a time-based access token provided b y the bank or application, containing numerical or alphanumeric values. ...
... Another notable approach in PQC is hash-based cryptography, which relies on secure hash functions rather than integer factorization. Lamport's one-time signatures laid the groundwork for hash-based methods that are inherently quantum-resistant [3]. This area was further advanced by Buchmann et al., who developed the XMSS (eXtended Merkle Signature Scheme), providing a practical solution for quantum-safe signatures [4]. ...
The rise of quantum computing introduces substantial risks to traditional cryptographic protocols, which are vulnerable to quantum decryption methods such as Shor’s algorithm. To address these emerging threats, this paper proposes an innovative cryptographic framework that integrates machine learning (ML) techniques to enhance data security in the quantum computing era. Our approach leverages ML-driven anomaly detection, adaptive key management, and predictive analytics to create a flexible and resilient cryptographic defense. The system’s anomaly detection module utilizes neural networks to identify potential quantum-based decryption attempts, while reinforcement learning optimizes key generation and distribution in response to detected threats. Experimental results demonstrate that the proposed ML-augmented framework significantly improves anomaly detection accuracy and reduces vulnerability to quantum decryption attempts by dynamically adjusting cryptographic parameters. These findings underscore the potential of machine learning to strengthen cryptographic systems, making them adaptable to the advanced threats posed by quantum computing.
... In 1981, Lamport [4] proposed a remote user authentication system, in which, the server stores the hash value of the user's password for the later verification. However, in 2000, M.S.Hwang et al [5] presented that if the password table was compromised, the whole system could be invalid. ...
Cloud Computing, as an emerging, virtual, large-scale distributed computing model, has gained increasing attention these years. Meanwhile it also faces many secure challenges, one of which is authentication. Amlan Jyoti Choudhury et al proposed a user authentication framework to ensure user legitimacy before entering into the cloud. However, the scheme is found to suffer from some attacks through our analysis. In this paper, we firstly analyze few attacks and the make an improvement on the user authentication framework. Our new protocol ensures that only legitimate users can access the cloud service based on smartcard. Security analysis shows our proposed scheme is secure under standard cryptographic.
... As we have seen in the previous section 3. 1 Upon receiving the login request message from the adversary, server S will verify the login request. ...
In 2004, Das et al.[2] proposed a dynamic identity based remote user authentication scheme that allows the users to choose and change their passwords without the help of the server. They also claimed that their scheme is secure against stolen verifier attack, replay attack, forgery attack, dictionary attack, insider attack and identity theft. Unfortunately, many researchers demonstrated that Das et al.'s scheme is susceptible to various attacks. Furthermore, this scheme does not achieve mutual authentication and thus can not resist malicious server attack. In 2006, Liou et al.[6] improved Das et al.'s scheme and claimed that the improved scheme achieves mutual authentication and is secure against aforementioned attacks. Furthermore, in 2010, Sood et al.[11] found that Liou et al.'s scheme is susceptible to impersonation attack, malicious user attack, offline password guessing attack and man-in-the-middle attack and also presented a secure scheme using smart cards to resolve the aforementioned problems. However we found that Sood et al. scheme is susceptible to impersonation, malicious user attack and offline password guessing attack. This paper presents a strong dynamic identity based remote user authentication scheme using smart card.
... The concept of the "hash chain" was first proposed by Lamport [1]. This scheme uses the hash function iteratively, which offers good resistance to interference, and the server only needs to save the final hash value to verify all hash sequences. ...
Cryptographic accumulators are now fundamental for secure applications across blockchain, IoT, and big data, powering anonymous credentials, streamlining key management, and enabling efficient data filtering. However, existing accumulator methods, like RSA, bilinear pairing, and Merkle trees, are hampered by storage bloat, computational burdens, and reliance on trusted administrators. To solve these problems, we introduce a hash-chain-based ordered universal accumulator that eliminates these drawbacks. Our scheme uses collision-resistant hash functions to dynamically manage sets while providing strong, verifiable membership and non-membership proofs, all without a trusted administrator. The benefits include self-certification, batch verification, and consistent representation of accumulated sets. Testing shows our scheme cuts storage by roughly 50% compared to Merkle trees and significantly speeds up computation over RSA-based approaches. This lightweight and scalable solution is ideal for constrained environments like IoT and blockchain, unlocking wider decentralized application adoption.
... To prevent an attacker's malicious act, communicating parties establish a secret key for private communication after mutually authenticating each other using any authentication technique. After the introduction of the first authentication protocol for single-server architectures in 1981 [1], several protocols using smartcards and passwords have been proposed. However, passwords are of low entropy, and they can be easily inferred from stolen smartcards through offline guessing techniques. ...
Several multiserver authentication protocols have recently been proposed that require one-time user registration at a dedicated registration server to access multiple servers securely. However, due to centralized architecture, most of these protocols are susceptible to various attacks and do not address the threat of a single-point failure. This paper presents a novel authentication protocol based on blockchain technology, enabling secure access to distributed services in a multiserver environment. The proposed protocol ensures robust security and flexibility by integrating a multi-factor authentication mechanism and supporting additional features, such as realizing user impersonation attacks, enhancing server scalability, access control, service revocation, and re-registration. Furthermore, the protocol provides enhanced security by enabling the revocation of compromised credentials, resistance to single-point failure, and secure addition of new servers. The automated ProVerif tool and thorough security analysis demonstrate that our protocol defends against a variety of attacks, including replay, insider, impersonation, password guessing, server spoofing, and stolen smartcard attacks. The protocol is evaluated based on its computational cost, communication overhead, and security strength. Our comparative study reveals that the protocol significantly reduces communication overhead to 1728 bits compared to existing protocols, while maintaining an optimal balance between security and efficiency. Although the computational cost is higher at 112.06 ms, this is justified by the enhanced security features and flexibility offered. Overall, our protocol addresses critical security concerns and boosts user trust in distributed services by guaranteeing secure and effective user authentication in a decentralized environment.
... Hash chains provide a secure, scalable, and efficient means of authentication, originally proposed by Lamport [32]. Over the last 40+ years, they have been used in numerous settings where one party (signer/sender) needs inexpensive (though limited or metered) authentication to a multitude of receivers. ...
Internet-of-Things (IoT) devices are increasingly common in both consumer and industrial settings, often performing safety-critical functions. Although securing these devices is vital, manufacturers typically neglect security issues or address them as an afterthought. This is of particular importance in IoT networks, e.g., in the industrial automation settings. To this end, network attestation -- verifying the software state of all devices in a network -- is a promising mitigation approach. However, current network attestation schemes have certain shortcomings: (1) lengthy TOCTOU (Time-Of-Check-Time-Of-Use) vulnerability windows, (2) high latency and resource overhead, and (3) susceptibility to interference from compromised devices. To address these limitations, we construct TRAIN (TOCTOU-Resilient Attestation for IoT Networks), an efficient technique that minimizes TOCTOU windows, ensures constant-time per-device attestation, and maintains resilience even with multiple compromised devices. We demonstrate TRAIN's viability and evaluate its performance via a fully functional and publicly available prototype.
... LHAP employs a packet authentication technique based on the use of one-way hash chains (Lamport, 1981). Moreover, it uses TESLA (Perrig et al., 2001) protocol to reduce the number of public key operations for bootstrapping and maintaining trust among the nodes. ...
Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation wireless networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to service providers. As WMNs become an increasingly popular replacement technology for last-mile connectivity to the home networking, community and neighborhood networking, it is imperative to design efficient and secure communication protocols for these networks. However, several vulnerabilities exist in currently existing protocols for WMNs. These security loopholes can be exploited by potential attackers to launch attack on WMNs. The absence of a central point of administration makes securing WMNs even more challenging. The broadcast nature of transmission and the dependency on the intermediate nodes for multi-hop communications lead to several security vulnerabilities in WMNs. The attacks can be external as well as internal in nature. External attacks are launched by intruders who are not authorized users of the network. For example, an intruding node may eavesdrop on the packets and replay those packets at a later point of time to gain access to the network resources. On the other hand, the internal attacks are launched by the nodes that are part of the WMN. On example of such attack is an intermediate node dropping packets which it was supposed to forward. This chapter presents a comprehensive discussion on the current authentication and privacy protection schemes for WMN. In addition, it proposes a novel security protocol for node authentication and message confidentiality and an anonymization scheme for privacy protection of users in WMNs.
... Perrig, Szewczyk, Tygar, Wen, and Culler adapted delayed key disclosure based TESLA protocols [33,34] to sensor networks for sensor broadcast authentication (the new adapted protocol is called µTESLA). One-way key chains used in these protocols are analogous to the one-way key chains introduced by Lamport [31] and the S/KEY authentication scheme [28]. ...
Distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems were developed to reduce labour costs, and to allow system-wide monitoring and remote control from a central location. Control systems are widely used in critical infrastructures such as electric grid, natural gas, water and wastewater industries. While control systems can be vulnerable to a variety of types of cyber attacks that could have devastating consequences, little research has been done to secure the control systems. American Gas Association (AGA), IEC TC57 WG15, IEEE, NIST and National SCADA Test Bed Program have been actively designing cryptographic standard to protect SCADA systems. American Gas Association (AGA) had originally been designing cryptographic standard to protect SCADA communication links and finished the report AGA 12 part 1. The AGA 12 part 2 has been transferred to IEEE P1711. This paper presents an attack on the protocols in the first draft of AGA standard (Wright et al., 2004). This attack shows that the security mechanisms in the first version of the AGA standard protocol could be easily defeated. We then propose a suite of security protocols optimised for SCADA/DCS systems which include: point-to-point secure channels, authenticated broadcast channels, authenticated emergency channels, and revised authenticated emergency channels. These protocols are designed to address the specific challenges that SCADA systems have.
... Also, users can forget or lose these types of passwords. To solve this issue, a one-time password (OTP) was developed by Leslie Lamport [2]. OTP can be used to enhance the security of user authentications [3]. ...
Most of the user login accounts used on web sites and mobile apps are authenticated by using a static password. Static password-based authentication systems are not very secure; they are easy to guess, and users also have to remember them. To avoid this problem, an OTP (one time password)-based password generation system for validating user login accounts is developed in this paper. Three types of 13-bit linear feedback shift register (LFSR) circuits are developed using XNOR gates, and they are synthesized and simulated using the Xilinx Vivado 2015.2 tool. Proposed LFSR circuits do not use any initial seed value, and they generate random numbers at a frequency of 200 MHz Random numbers generated by LFSR circuits are written to text files, and four characters of decimal digits are used to generate an OTP In this work, two forms are developed by the Anvil tool, where the user has to enter his email address, date of birth, and OTP to login to the system. The Anvil tool randomly selects the four-character OTP from the text file, and it is sent to the user's email address for validating their login accounts. Developed LFSR circuits consume area (LUTs) in the range of 1-2, and they consume 0.192W–0.193W of power.
... В найпростішому варіанті в якості незворотного перетворення використовується хеш-перетворення [5]. Користувач на етапі авторизації в системі генерує увесь список із m сеансових паролів: Pm, Pm-1,…,P1, P0 . ...
Теоретично обґрунтовано та розроблено метод криптографічно строгої ідентифікації віддалених користувачів з комбінованим використанням незворотних перетворень модулярної алгебри та функціонально пов’язаних сеансових паролів, за рахунок чого виключається можливість їх повторного використання зловмисником. Крім того, для прискорення процесу ідентифікації на боці системи, запропоновано використання асиметричних за обсягом обчислень незворотних перетвореннях модулярної алгебри. Наведено математичне обґрунтування запропонованого методу та числові приклади, які ілюструють його роботу. Теоретично та експериментально доведено, що запропонований метод дозволяє блокувати повторне використання паролів користувача, в також на 2-3 порядки прискорити процес його ідентифікації на боці системи.
... Ця концепція передбачає створення користувачем в ході реєстрації в системі послідовності паролів, в якій кожен наступний пароль є результатом незворотного перетворення над попереднім. В якості незворотних перетворень застосовуються стандартизовані хешперетворення [10] або стандартизовані шифроблоки типу DES чи AES [11]. ...
... However, due to the sequential nature of the protocol, there is a more efficient solution. By initially committing with a long enough chain of (hash) commitments, similar to Lamport's one-time passwords [35], this can even be achieved with (i) one constant sized commit value in the commit round and (ii) one constant sized opening in each opening round. This way each opening is implicitly also a commitment for the next round. ...
We propose Tyche, a family of protocols for performing practically (as well as asymptotically) efficient multiparty lotteries, resistant against aborts and majority coalitions. Our protocols are based on a commit-and-reveal approach, requiring only a collision-resistant hash function. All our protocols use a blockchain as a public bulletin board and for buy-in collection and payout settlement. Importantly though, they do not rely on it or any other third party for providing randomness. Also, participants are not required to post any collateral beyond their buy-in. Any honest participant can eventually settle the lottery, and dishonest behavior never reduces the winning probability of any honest participant. Further, we adapt all three protocols into anonymous lotteries, where (under certain conditions) the winner is unlinkable to any particular participant. We show that our protocols are secure, fair, and some preserve the participants' privacy. Finally, we evaluate the performance of our protocols, particularly in terms of transaction fees, by implementing them on the Sui blockchain. There we see that per user transaction fees are reasonably low and our protocols could potentially support millions of participants.
... One-way hash chains are cryptographic hashing techniques used to generate a set of keys from a single seed [33]. Lamport introduced it in 1981 for securing passwords from intruders [34]. This technique uses a seed and a cryptographic hash function. ...
As a new paradigm, the Internet of drones (IoD) is making the future easy with its flexibility and wide range of applications. However, these drones are prone to security attacks during communication because of this flexibility. The traditional authentication mechanism uses a centralized server which is a single point of failure to its network and a performance bottleneck. Also, privacy-preserving mechanisms involving a single authority are vulnerable to identity attacks if compromised. Moreover, cross-domain authentication schemes are getting more costly as the security requirements increase. So, this work proposes a blockchain-based cross-domain authentication scheme to make drone communication more secure and efficient. In this work, an elliptic curve digital signature algorithm (ECDSA) based message authentication scheme and a session key generation scheme are modeled. A two-phase pseudonym generation procedure is used to secure the identity of the drones. Hyperledger Fabric is used to implement the blockchain network, and the analysis is done using Hyperledger Caliper. Blockchain analysis through caliper shows the blockchain’s performance for various loads of transactions. Security analysis of the proposed scheme shows that the scheme is secure from various security attacks. The performance analysis shows that the proposed scheme is more lightweight and efficient than most similar authentication schemes.
... Back in the years, Leslie Lamport, in his paper from 1981, proposed a method for password authentication, based on sequential hash calculations starting from a given initial value [9]. This study departs from the method carried out by the hash chain. ...
Digital signatures have been widely used by both private and government agencies. However, the use of chain digital signatures is still not widely used, especially in the military world. This results in a lack of ability to ensure data integrity, where it will be difficult to find out who has made changes to the document and to find out the original source of the document. This paper proposes a digital signature chain as a solution to guarantee data authenticity and prevent tampering during transmission. This technique involves creating a chain of digital signatures that are attached to data before it is sent over the network. The proposed method is expected to provide a more secure and efficient way to ensure data integrity, compared to traditional methods such as encryption and checksums. This paper evaluates the effectiveness of the proposed method through a series of experiments and shows that digital signature chains are an effective and reliable way to secure and maintain data transmission over networks. The proposed research aims to evaluate the effectiveness of digital signature chain technology in ensuring data security and integrity and to provide recommendations for its implementation.
... Відповідно, задля досягнення високої швидкодії використовуються нелінійних булеві перетворення. Історично перша схема [12] криптографічно строгої ідентифікації на основі "ланцюжка" сеансових паролів, використовувала в стандартизовані хеш-перетворення. Згодом були запропоновані схеми криптографічно строгої автентифікації подібного типу на базі стандартизованих щифроблоків [13]. ...
У статті пропонується метод криптографічно строгої ідентифікації віддалених користувачів, який ґрунтується на властивостях незворотності криптографічних генераторів псевдовипадкових послідовностей. Це дозволило інтегрувати в рамках єдиного технологічного рішення криптографічно строгу ідентифікацію користувача перед сеансом, постійну взаємну автентифікацію під час сеансу, а також забезпечити можливість потокового шифрування обміну даними між користувачем та системою. Показано, що використання запропонованого методу дозволяє зменшити час ідентифікації та підвищити захищеність до атак на віддалену взаємодію між системою і користувачем шляхом його відтискання.
... RELATED WORK Lamport (1981) pioneered a lightweight password-based authentication scheme that, unfortunately, lacked sufficient security. Subsequently, other researchers proposed various authentication schemes. ...
Authentication ensures the privacy of patients by enabling access control within wireless medical sensor networks. However, many schemes do not consider the resource-constrained environments, making those protocols unusable. Meanwhile, sensitive patient information continues to be stored and accessed in a central location, increasing the risk of “single points of failure.” To solve this problem, the researchers designed a lightweight anonymous authentication protocol based on blockchain technology and fuzzy extraction. First, they created a multiround session key negotiation mechanism. Then, they utilized the fuzzy extraction function to extract and recover multimodal biometric features. Decentralization was achieved through blockchain and smart contracts. Simultaneously, the researchers also provided a formal security proof by Burrows-Abadi-Needham logic. Finally, experiments using the Java Pairing-Based Cryptography Library show that this scheme outperforms the comparison schemes in terms of computational overhead and communication overhead.
... Many researchers have recently proposed identity authentication schemes in fog computing environments. Lampot first proposed a remote authentication scheme in an insecure environment in 1981 [4] . Then, many twofactor authentication schemes based on Hashes, smart cards, and temporary certificates were proposed [5][6][7][8][9][10] , but most of them have security issues. ...
Fog computing utilizes devices in the edge network to transmit data with very low latency and supports high mobility. However, fog computing inherits security and privacy problems from cloud computing. Therefore, various privacy schemes for fog computing have been proposed to prevent different types of attacks. Recently, Weng et al proposed a fog computing authentication scheme; after analyzing, we found that Weng et al's scheme cannot resist user tracking attack and user impersonation attack. Then, we propose an improved scheme through adding a password, modifying the calculation method of Ei, and adding timestamps. In addition, we also compare the improved scheme with existing authentication schemes in terms of security and computational efficiency. The results show that the improved scheme is more secure and has less computation.
... Its usage is highly recommended since it is comfortable for users and is inexpensive. Hash value of passwords, used as a authentication factor introduced by Lamport [4] paved a new pathway for security experts to design protocols. Anyway smart card, identity or password authentication scheme being used should assure to be free from security attacks, namely man-in-the-middle attacks, stolen verifier attacks, guessing attacks, server spoofing attacks, denial of service (DoS) attacks, smart card stolen attacks, insider attacks and so on [5] . ...
The incredible progress in technologies has drastically increased the usage of Web applications. Users share their credentials like userid and password or use their smart cards to get authenticated by the application servers. Smart cards are handy to use, but they are susceptible to stolen smart card attacks and few other notable security attacks. Users prefer to use Web applications that guarantee for security against several security attacks, especially insider attacks, which is crucial. Cryptanalysis of several existing schemes prove the security pitfalls of the protocols from preventing security attacks, specifically insider attacks. This paper introduces LAPUP: a novel lightweight authentication protocol using physically unclonable function (PUF) to prevent security attacks, principally insider attacks. The PUFs are used to generate the security keys, challenge-response pair (CRP) and hardware signature for designing the LAPUP. The transmitted messages are shared as hash values and encrypted by the keys generated by PUF. These messages are devoid of all possible attacks executed by any attacker, including insider attacks. LAPUP is also free from stolen verifier attacks, as the databases are secured by using the hardware signature generated by PUFs. Security analysis of the protocol exhibits the strength of LAPUP in preventing insider attacks and its resistance against several other security attacks. The evaluation results of the communication and computation costs of LAPUP clearly shows that it achieves better performance than existing protocols, despite providing enhanced security.
... Hash function applied on x n times 1) Setup phase: The setup phase initializes the system, where the administrator employs a hardware random number generator [33] to produce a random seed. The generated seed undergoes iterative hashing to form a hash chain [34]. The resulting tip, h n (seed), is stored in CS memory as a Trust Anchor (T A) for subsequent operations. ...
The recent rise of CubeSat has revolutionized global space explorations, as it offers cost-effective solutions for low-orbit space applications (including climate monitoring, weather measurements, communications, and earth observation). A salient feature of CubeSat is that applications currently on-boarded can either be updated or entirely replaced by new applications via software updates, which allows reusing in-orbit hardware, reduces space debris, and saves cost as well as time. Securing software updates employing traditional methods (e.g., encryption) remains impractical mainly due to the low-resource capabilities of CubeSat. Therefore, the security of software updates for CubeSats remains a critical issue. In this paper, we propose CubeSat Update Mechanism (CSUM), a lightweight scheme to provide integrity, authentication, and data freshness guarantees for software update broadcasts to CubeSats using a hash chain. We empirically evaluate our proof of concept implementation to demonstrate the feasibility and effectiveness of our approach. CSUM can validate 50,000 consecutive updates successfully in less than a second. We also perform a comparative analysis of different cryptographic primitives. Our empirical evaluations show that the hash-based approach is at least 61 faster than the conventional mechanisms, even in resource-constrained environments. Finally, we discuss the limitations, challenges, and potential future research directions for CubeSat software update procedures.
... Аналогічним чином здійснюється ідентифікація на інших (n-2)-х сеансах. В якості незворотного перетворення використовуються стандартизовані хеш-перетворення [3] або шифроблоки [4], які швидко реалізуються програмно або з застосуванням криптопроцесорів. Основна перевага використання ланцюжкової ідентифікації полягає в високій швидкості. ...
Об'єктом досліджень є процеси криптографічно строгої ідентифікації віддалених користувачів розподілених систем з використанням незворотних перетворень алгебри скінчених полів Галуа. В статті здійснено огляд існуючих методів криптографічно строгої ідентифікації учасників віддаленої інформаційної взаємодії. Показано, що в сучаснихумовах їх суттєвий недолік полягає в низькій швидкодії, зумовленій складністю обчислювальної реалізації експоненціювання над числами великої розрядності. Метою роботи є підвищенні ефективності криптографічно строгої ідентифікації віддалених абонентів за рахунок прискорення її обчислювальної реалізації. Для досягнення поставленої мети запропоновано метод, я якому прискорення криптографічно строгої ідентифікації досягається за рахунок використання для перевірки правильності сеансових паролі експоненціювання на полях Галуа з показником, що являє собою ступінь двійки. Для реалізації цієї операції розроблена таблична технологія, що базується на використання передобчислень і не потребує знання утворюючого поліному поля Галуа. Бібл. 10, табл. 1
... The idea of a secured chain of blocks was proposed by Stuart Haber et al. in 1991 to protect against tampering by digitally timestamping electronic documents [1][2][3]. Blockchain establishes trust among distributed components of a system through auto-enforced digital contracts like smart contracts [4][5][6]. Blockchain grabbed the attention due to its concept of transparency and decentralisation. ...
Blockchain is a progressive technology in many applications, such as supply chain management. Blockchain technology is gaining attention due to its transparency, decentralisation, and high-level security features. In the beginning, blockchain technology was developed for cryptocurrencies like Bitcoin, Ethereum, etc.; later, it was used in various applications like supply chain management and healthcare. Blockchain plays a central role in the re-engineering process by optimising workflow operations. Traceability plays a crucial role in supply chain management. Traditionally, these solutions were based on a centralised architecture, which does not provide tamper-proof data sharing. The primary issue faced in this approach is that different supply chain users use systems containing distinct features and complexities. To overcome these challenges, a decentralised process was initiated. In this work, we develop a supply chain management system using blockchain technology and Radio Frequency Identification (RFID) technology. This system has the potential to realise traceability with trusted information across the entire supply chain, thereby effectively guaranteeing safety by gathering, transferring, and sharing the relevant data in the production, processing, warehousing, distribution, and selling stages. It also provides transparency for better management of products by providing access to information about the supply chain by trading partners, shareholders, consumers, and regulatory bodies. The proposed system provides data management, and the lurking algorithm guarantees data security. This approach can simplify the traceability of products and can be scaled for industrial use.
... The use of passwords for remote authentication was initially proposed by authors in [10]. This technique relies on oneway hash functions and authentication through session keys and signatures. ...
... Remote user authentication (RUA) is introduced in the research arena with the proposal of Lamport [1]. Here a one way function is used to authenticate the ID and password of a remote user in a network with the presence of intruder and has the capacity to resist replay attack. ...
In order to authenticate remote users for a distributed network-operated system, remote user authentication is crucial. A huge number of enterprise apps run on several servers and a remote user accessing services from several servers needs authentication for most of the cases. In this current research communication a smart card-based remote user authentication in a multi-server environment using user biometrics and a Chebyshev chaotic map is introduced. The server details are hidden from the user, and the user is only given the option of picking his or her service based on its requirements. The server is chosen by the registration center based on the service requested by the user, and a handshaking session is established between the user and the server. Both user and server have to authenticate to the registration center by message passing. Finally, a session key is obtained using this procedure, which is used to accomplish further communication. The proposed solution facilitates modifying passwords and enabling additional services easier. The proposed approach is authenticated using formal security analysis utilizing BAN logic. Security analysis and comparison with some state of the art schemes proves its suitability for multi-server environment.
... A hash chain (proposed also by Lamport [6]) is a useful cryptographic primitive where a single shared (public) value is sufficient to verify securely the authenticity of a finite (but potentially large) number of different values. Besides a number of other applications, elements of hash chains could simply be used as one-time passwords (OTPs) for user authentication. ...
White-box cryptography challenges the assumption that the endpoints are trusted and aims at providing protection against an adversary more powerful than the one in the traditional black-box cryptographic model. Motivating by the fact that most existing white-box implementations focus on symmetric encryption, we present implementations for hash-based signatures so that the security against white-box attackers (who has read-only access to data with a size bounded by a space-hardness parameter M) depends on the availability of a white-box secure cipher (in addition to a general one-way function). We also introduce parameters and key-generation complexity results for white-box secure instantiation of stateless hash-based signature scheme SPHINCS+, one of the NIST selection for quantum-resistant digital signature algorithms, and its older version SPHINCS. We also present a hash tree based solution for one-time passwords secure in a white-box attacker context. We implement the proposed solutions and share our performance results.
... In order to improve the security of various network environments, scholars at home and abroad have carried out many related researches [10] . In 1981, Lamport [11] first proposed a remote user authentication scheme using a password table and claimed that the scheme was secure. In 2000, Hwang and Li [12] discovered that Lamport s scheme was vulnerable to a password table modification attack. ...
With the rapid development of Internet of Things (IoT) technology, smart home users can access and control smart devices remotely to enjoy convenient and efficient services. However, sensitive data collected by smart devices is vulnerable to attacks such as eavesdropping and simulation when transmitted through public channels. At the same time, the security of resource-constrained smart devices is low, and attackers may use the controlled devices to carry out malicious operations further. To address the aforementioned existing security issues, this paper proposes a lightweight user anonymous authentication scheme for resource-constrained smart home environments. At the same time, the security analysis is carried out to further prove the proposed scheme's security. Finally, the performance analysis between the proposed scheme and the existing similar schemes proves that the proposed scheme has advantages in calculation cost and safety characteristics.
... Authentication of participating entities is first and most important step towards implementing security for cloud integrated IoT systems. The concept of password based authentication was first introduced by Lamport [17] in 1981. The protocol applies series of hash operations and stores encrypted password table on the server. ...
Rapid evolution of IoT technologies has virtually made connectivity of all the real world objects to the internet possible with the help of tiny embedded devices also known as IoT devices. The IoT devices are equipped with some type of sensors which enables it to integrate with real world objects and gather different information from its surrounding environment and communicate to the user through internet (Perera et al. in IEEE Trans Emerg Top Comput 3(4):585–598, 2015). But constrained resources like compute, memory and power limits its application areas. Integration of IoT devices with cloud server overcomes these limitations and makes it suitable for practical applications (Nikooghadam and Amintoosi in Int J Commun Syst 36(1):e4332, 2020; Guntuku and Pasupuleti in 2018 3rd International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU), 2018). Often these IoT devices are positioned at network edge and communicates using wireless insecure channel which leaves all messages exposed to adversary and creates a severe security concern. Authentication between IoT device and cloud server is the first and important step to achieve secure communication. Due to limited power and demand of long life for deployed IoT device, the authentication protocols must be highly secure and lightweight. In this paper, we propose a mutual authentication scheme which is more secure and performance optimized and accomplish authentication with minimum message exchange. We prove its security with informal analysis, formal BAN logic based verification and RoR model. We have also simulated this protocol using AVISPA tool and shows protocol as attack safe.
... Utilizing the security of the technique reliant on the hash function, Lamport was the first to propose work employing only a one-way hash function. 11 When the work proceeded, Tukanovic et al. 12 offered an AKA scheme that was proven safe against many attacks. Later, this scheme was shown to be subject to threats by Farash et al. 13 ; therefore, they provided a new and secure AKA system. ...
The Internet of Drones (IoD) is one of the world's most recent and innovative technology. Drones are most prominent IoT (Internet of Things) gadgets and their applications span from commercial to domestic. The sensitive data stored in drones has increased the demand for the security of communication in the IoD. As a result, numerous authentication and key agreement techniques have been developed to proffers secure communication among the entities of the IoD network. However, after scrutinizing the security of these protocols, many IoD protocols were observed to be susceptible to different cryptographic attacks. This has enhanced the necessity for an improved and efficient authentication scheme in IoD. In this article, we first investigate Zhang et al.'s approach and demonstrate that although it offers security verification, it has certain design problems. It is, furthermore, shown to be vulnerable to privileged insider, offline password guessing, and stolen smart device attacks. Second, we propose a novel biometric‐based scheme that includes countermeasures to protect against these flaws. The security of the mechanism is examined under real or random oracle model, informal security analysis and scyther simulation for numerous cryptographic assaults. Also, the performance analysis substantiates the competency of the proposed scheme corresponding to computation and communication cost with existing schemes.
... The need of Vulnerability Assessment and Penetration Testing is usually underestimated till now. It is just consider as a formality activity and use by very less people [38][39][40][41][42][43][44][45][46][47][48][49][50][51][52]. By using regular and efficient Vulnerability Assessment, we can reduce substantial amount of risk to be attacked and have more secured systems [53][54][55][56][57][58][59][60][61]. ...
Complexity of systems are increasing day by day. This leads to more and more vulnerabilities in Systems. Attackers use these vulnerabilities to exploit the victim's system. It is better to find out these vulnerabilities in advance before attacker do. The power of Vulnerability assessment is usually underestimated. While Vulnerability Assessment and Penetration Testing can be used as a Cyber Attack Prevention technology to provide proactive Cyber Attack Prevention. In this paper we proved Vulnerability Assessment and Penetration Testing (VAPT) as a Cyber Attack Prevention technology, how we can provide active Cyber Attack Prevention using Vulnerability Assessment and Penetration Testing. We described complete life cycle of Vulnerability Assessment and Penetration Testing on systems or networks and proactive action taken to resolve that vulnerability and stop possible attack. In this paper we have described prevalent Vulnerability assessment techniques and some famous premium/open source VAPT tools. We have described complete process of how to use Vulnerability Assessment and Penetration Testing as a powerful Cyber Attack Prevention Technology.
... Biometrics offers a potentially secure solution for deploying authentication systems [2], [3]. Simple authentication systems use just username and password which are easily hackable [4]. On the other hand, biometric systems use distinct characteristics of a person like fingerprint, face, or iris. ...
Despite significant attention given to face spoofing, there is still a need for more generalizable face anti-spoofing methods that would perform robustly in practical face recognition systems. Face spoofing attacks can be done by presenting a photo, video or a mask of the target person to the camera. This paper introduces a feature level fusion method, called HDLHC, that concatenates features extracted automatically by deep learning with hand-crafted image quality features derived from original images. Extensive experiments demonstrate that HDLHC outperforms the state-of-the-art methods on the Oulu-NPU and SiW datasets. It demonstrates its generalization ability under different face spoof attack conditions.
Increasing number of network applications require authentication of the user's identity which is the first step to ensure security. This paper analyzes the security performance of one proposed remote two-factor user authentication scheme and discusses the attacks it suffers. Then we propose an improved scheme based on the RSA cryptography and one-way secure hash function to avoid the attacks it suffers. After that we prove the proposed scheme is autonomous and effective for both sides in the authentication process.
Authentication forms the gateway to any secure system. Together with integrity, confidentiality and authorization it helps in preventing any sort of intrusions into the system. Up until a few years back password based authentication was the most common form of authentication to any secure network. But with the advent of more sophisticated technologies this form of authentication although still widely used has become insecure. Furthermore, with the rise of 'Internet of Things' where the number of devices would grow manifold it would be infeasible for user to remember innumerable passwords. Therefore, it's important to address this concern by devising ways in which multiple forms of authentication would be required to gain access to any smart devices and at the same time its usability would be high. In this paper, a methodology is discussed as to what kind of authentication mechanisms could be deployed in internet of things (IOT).
Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.
The multipath-rich wireless environment associated with typical wireless usage scenarios is characterized by a fading channel response that is time-varying, location-sensitive, and uniquely shared by a given transmitter-receiver pair. The complexity associated with a richly scattering environment implies that the short-term fading process is inherently hard to predict and best modeled stochastically, with rapid decorrelation properties in space, time and frequency. In this paper, we demonstrate how the channel state between a wireless transmitter and receiver can be used as the basis for building practical secret key generation protocols between two entities. We begin by presenting a scheme based on level crossings of the fading process, which is well-suited for the Rayleigh and Rician fading models associated with a richly scattering environment. Our level crossing algorithm is simple, and incorporates a self-authenticating mechanism to prevent adversarial manipulation of message exchanges during the protocol. Since the level crossing algorithm is best suited for fading processes that exhibit symmetry in their underlying distribution, we present a second and more powerful approach that is suited for more general channel state distributions. This second approach is motivated by observations from quantizing jointly Gaussian processes, but exploits empirical measurements to set quantization boundaries and a heuristic log likelihood ratio estimate to achieve an improved secret key generation rate. We validate both proposed protocols through experimentations using a customized 802.11a platform, and show for the typical WiFi channel that reliable secret key establishment can be accomplished at rates on the order of 10 bits/second.
Multi-factor authentication (MFA) is crucial for Wireless Sensor Networks (WSNs) to ensure secure communication in security-critical applications such as smart homes, industrial control, and military defense due to the open nature of WSNs. Considerable efforts have been made to propose various MFA schemes with varied security goals and desirable properties. However, little attention has been given to the property of dynamic password recovery, and it still remains a question of
how to construct a robust MFA scheme with the desirable property of dynamic password recovery for WSNs
. In this paper, we first review two representative multi-factor authentication schemes proposed by Li-Tian (at IEEE Syst J’22) and Fatima et al. (at ACM TOSN’23) as case studies, and reveal that these two schemes fail to resist some known attacks and pay little attention to password forgetting and leakage issues. Accordingly, we employ the techniques of the honeywords method, fuzzy-verifier technique, and public key cryptosystem to construct a novel MFA scheme. Particularly, we propose the first dynamic password recovery method for MFA to address password forgetting and leakage issues. Key rotation is implemented to ensure the security of the long-term secret key. Our scheme is provably secure under the Random Oracle Model. Comparison results show the superiority of our new scheme.
Passwords have served as our security over the years by preventing unauthorized access to one's data. Technology has advanced to the point where we are utilizing passwords in ways that are both considerably more secure and user-friendly than they ever have been. The industry and researchers have been compelled, therefore, by the flaws found and noted in this conventional system to look for alternatives where there is no risk of identity theft, hacking, or password cracking. The main developed password-less authentication methods are covered in detail in this chapter. Additionally, it makes an attempt to clarify each technique's finer points and operation by using a use-case graphic. The poor trying to would greatly benefit from and contribute to the callow attempting to investigate research prospects in this field. This work has illustrated biometrics' current place in the security field. In this study, we have also discussed the pros and cons of various approaches, as well as comments regarding the usability of biometric authentication systems.
Many businesses and organizations use smartcard-based user authentication for remote access. In the meantime, through various studies, dynamic ID-based remote user authentication protocols for distributed multi-server environments have been proposed to protect the connection between users and servers. Among them, Qiu et al. proposed an efficient smart card-based remote user authentication system that provides mutual authentication and key agreement, user anonymity , and resistance to various types of attacks. Later, Andola et al. found various vulnerabilities in the authentication scheme proposed by Qiu et al., and overcame the flaws in their authentication scheme, and whenever the user wants to log in to the server, the user ID is dynamically changed before logging in. An improved authentication protocol is proposed. In this paper, by analyzing the operation process and vulnerabilities of the protocol proposed by Andola et al., it was revealed that the protocol proposed by Andola et al. was vulnerable to offline smart card attack, dos attack, lack of perfect forward secrecy, and session key attack.
ResearchGate has not been able to resolve any references for this publication.