Your search keyword '"COMPUTER network protocols"' showing total 11 results

1. Preventing delegation-based mobile authentications from man-in-the-middle attacks

Author

Lu, Jian-Zhu and Zhou, Jipeng

Subjects

*CELL phones, *COMMUNICATION, *AUTHENTICATION (Law), *TEXT messages, *COMPUTER network protocols, *COMPARATIVE studies, *COMPUTER science

Abstract

Abstract: In this paper, an approach of mutual authentication and key exchange for mobile access, based on the trust delegation and message authentication code, is developed, and a novel nonce-based authentication approach is presented. The proposed protocols can effectively defend all known attacks to mobile networks including the denial-of-service attacks and man-in-the-middle attacks. In particular, in contrast to some previous work, our design gives users a chance to set a session key according to users'' will, and does not require a mobile user to compute useless hash key chains in the face of HLR-online authentication failures or run the initial authentication protocol before HLR-offline authentication. Moreover, our design enjoys both computation efficiency and communication efficiency as compared to known mobile authentication schemes. [Copyright &y& Elsevier]

Published

2012

2. Providing EAP-based Kerberos pre-authentication and advanced authorization for network federations

Author

Marín-López, Rafael, Pereñíguez, Fernando, López, Gabriel, and Pérez-Méndez, Alejandro

Subjects

*COMPUTER network protocols, *COMPUTER interfaces, *COMPUTER architecture, *COMPUTER service industry, *AUTOMATION, *COMPUTER operating systems, *COMPUTER integrated manufacturing systems, *APPLICATION service providers, *AUTHENTICATION (Law)

Abstract

Abstract: Kerberos is a well-known standard protocol which is becoming one of the most widely deployed for authentication and key distribution in application services. However, whereas service providers use the protocol to control their own subscribers, they do not widely deploy Kerberos infrastructures to handle subscribers coming from foreign domains, as happens in network federations. Instead, the deployment of Authentication, Authorization and Accounting (AAA) infrastructures has been preferred for that operation. Thus, the lack of a correct integration between these infrastructures and Kerberos limits the service access only to service provider''s subscribers. To avoid this limitation, we design an architecture which integrates a Kerberos pre-authentication mechanism, based on the use of the Extensible Authentication Protocol (EAP), and advanced authorization, based on the standards SAML and XACML, to link the end user authentication and authorization performed through an AAA infrastructure with the delivery of Kerberos tickets in the service provider''s domain. We detail the interfaces, protocols, operation and extensions required for our solution. Moreover, we discuss important aspects such as the implications on existing standards. [Copyright &y& Elsevier]

Published

2011

3. Advanced smart card based password authentication protocol

Author

Song, Ronggong

Subjects

*COMPUTER network security, *COMPUTER network protocols, *SMART cards, *COMPUTER passwords, *AUTHENTICATION (Law), *REMOTE access networks, *COMPUTER security, *INFORMATION technology

Abstract

Abstract: Password-based authentication is widely used for systems that control remote access to computer networks. In order to address some of the security and management problems that occur in traditional password authentication protocols, research in recent decades has focused on smart card based password authentication. In this paper, we show that the improved smart card authentication scheme proposed by Xu-Zhu-Feng is vulnerable to internal and impersonation attacks. We propose an improvement of their solution, present a new efficient strong smart card authentication protocol, and demonstrate that the new protocol satisfies the requirements of strong smart card authentication and is more efficient. [Copyright &y& Elsevier]

Published

2010

4. Two improved two-party identity-based authenticated key agreement protocols

Author

Hölbl, Marko and Welzer, Tatjana

Subjects

*COMPUTER network protocols, *AUTHENTICATION (Law), *DATA security, *IDENTITY theft, *IMPERSONATION, *COMPUTER network security

Abstract

Abstract: Many authenticated key agreement protocols based on identity information were published in recent years. Hsieh et al. presented their protocol in 2002. However, Tseng et al. found a flaw in the protocol which resulted in a key compromise impersonation attack. Later, Tseng proposed his protocol conforming which conforms to all desirable security properties and is efficient. In this paper we propose two new two-party identity-based authenticated key agreement protocols. The first is based on Hsieh et al.''s protocol and makes it immune against Tseng et al.''s attack, while the second is an efficiently improved protocol based on Tseng''s protocol. [Copyright &y& Elsevier]

Published

2009

5. Efficient and provably secure password-based group key agreement protocol

Author

Zheng, Ming-Hui, Zhou, Hui-Hua, Li, Jun, and Cui, Guo-Hua

Subjects

*SYSTEMS design, *COMPUTER security, *COMPUTER network protocols, *AUTHENTICATION (Law)

Abstract

Abstract: This paper considers the issue on authenticated group key agreement protocol among n users broadcasting communication over an insecure public network. Many authenticated group Diffie-Hellman key agreement protocols have been proposed to meet the challenges. However, existing protocols are either limited by the use of public key infrastructure or by their scalability, requiring O(n) rounds. To overcome these disadvantages, we propose an efficient password-based group key agreement protocol resistant to the dictionary attacks by adding password-authentication services to a non-authenticated multi-party key agreement protocol proposed by Horng. The proposed protocol is very efficient since it only requires constant rounds to agree upon a session key, and each user broadcasts a constant number of messages and only requires four exponentiations. Under the Decisional Diffie-Hellman assumption, we will show the proposed protocol is provably secure in both the ideal-cipher model and the random-oracle model. [Copyright &y& Elsevier]

Published

2009

6. Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards

Author

Han, Daewan and Kwon, Daesung

Subjects

*COMPUTER network protocols, *RADIO frequency identification systems, *COMPUTER security standards, *CODING theory, *CYBERTERRORISM, *AUTHENTICATION (Law), *EAVESDROPPING, *COMPUTATIONAL complexity

Abstract

Abstract: Recently, Chien et al. proposed an RFID authentication protocol, which consists of only the cyclic redundancy code (CRC) and the pseudo-random number generator (PRNG) [H. Chien, C. Chen, Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards, Computer Standards & Interfaces, vol. 29, Elsevier, 2007, pp. 254–259]. They claimed that the protocol conforms to current EPC tags, and would be secure against all attacks on RFID systems. However, in this paper, we show that the protocol is not secure; firstly an attacker can impersonate a valid tag temporarily by a single eavesdropping. Secondly the attacker can forge a tag permanently by eavesdropping two consecutive sessions. Finally he can make a valid tag useless (DoS attack) by modifying the second attack slightly. The computational complexities of the attacks are so practicable that Chien et al.''s protocol cannot enhance the RFID security any more than the original EPC standard. [Copyright &y& Elsevier]

Published

2009

7. USIM-based EAP-TLS authentication protocol for wireless local area networks

Author

Tseng, Yuh-Min

Subjects

*WIRELESS LANs, *AUTHENTICATION (Law), *COMPUTER network protocols, *WIRELESS LAN standards, *WIRELESS communications, *DISTRIBUTED computing, *MOBILE agent systems, *COMPUTER systems

Abstract

Abstract: Due to the rapid growth in popularity of Wireless Local Area Network (WLAN), wireless security has become one of many important research issues. For the WLAN security, the IEEE 802.1X standard provides an authentication framework that is based on the Extensible Authentication Protocols (EAP). In the EAP framework, there are many authentication protocols that have been proposed, in which each authentication protocol has some strengths and weaknesses, respectively. Most EAP authentication protocols lack two features: identity protection and withstanding man-in-the-middle attacks. In this paper, we first propose a novel symmetric-key based certificate distribution scheme based on Universal Subscriber Identity Module (USIM) cards in a cellular network. The symmetric-key based certificate distribution scheme allows mobile subscribers to obtain temporary certificates from the corresponding cellular network. Combining the proposed certificate distribution scheme with the EAP-TLS (Transport Layer Security) protocol, we present a new EAP authentication protocol called USIM-based EAP authentication protocol. The new EAP authentication protocol combining with USIM cards is an extension of the EAP-TLS protocol and also follows the EAP framework in the IEEE 802.1X standard. Compared to other EAP authentication protocols, the proposed protocol provides mutual authentication, strong identity protection and roaming capability between the cellular network and the WLAN networks. [Copyright &y& Elsevier]

Published

2009

8. A secure dynamic ID based remote user authentication scheme for multi-server environment

Author

Liao, Yi-Pin and Wang, Shuenn-Shyang

Subjects

*AUTHENTICATION (Law), *CLIENT/SERVER computing, *COMPUTER users, *COMPUTER passwords, *ELECTRONIC commerce security measures, *COMPUTER network protocols, *ANONYMITY, *HASHING, *SCHEME programming language

Abstract

Abstract: Since the number of server providing the facilities for the user is usually more than one, the authentication protocols for multi-server environment are required for practical applications. Most of password authentication schemes for multi-server environment are based on static ID, so the adversary can use this information to trace and identify the user''s requests. It is unfavorable to be applied to special applications, such as e-commerce. In this paper, we develop a secure dynamic ID based remote user authentication scheme to achieve user''s anonymity. The proposed scheme only uses hashing functions to implement a robust authentication scheme for the multi-server environment. It provides a secure method to update password without the help of third trusted party. The proposed scheme does not only satisfy all requirements for multi-server environment but also achieve efficient computation. Besides, our scheme provides complete functionality to suit with the real applications. [Copyright &y& Elsevier]

Published

2009

9. Potential weaknesses of AuthA password-authenticated key agreement protocols

Author

Shim, Kyung-Ah

Subjects

*COMPUTER interface standards, *COMPUTER passwords, *COMPUTER network protocols, *AUTHENTICATION (Law), *COMPUTER security, *COMPUTER science research

Abstract

In this paper we point out potential weaknesses of AuthA protocols which are in the process of being standardized by IEEE; IEEE P1363-Password-based authentication and key agreement protocols. More precisely, we present chosen protocol attacks on AuthA password-authenticated key agreement protocols. We make suggestions for improvement. [Copyright &y& Elsevier]

Published

2007

10. Secure SAS-like password authentication schemes

Author

Chen, Tzung-Her, Lee, Wei-Bin, and Horng, Gwoboa

Subjects

*AUTHENTICATION (Law), *COMPUTER security, *COMPUTER network protocols, *COMPUTER passwords

Abstract

Recently, there are several articles proposed for the so-called SAS password authentication scheme with lower storage, processing, and transmission overheads. For benefiting from these advantages, there are a series of researches on the SAS-like schemes. However, as knowledge of cryptanalysis has involved, a series of modification have been made. Unfortunately, those enhancements have still security flaws. In this paper, a security issue is found in the latest modification and removed to form a new one. The proposed schemes not only keep the original advantages but also highlight a feature, mutual authentication between a user and a remote server, found in many authentication protocols but not found in the SAS-like schemes. [Copyright &y& Elsevier]

Published

2004

11. Efficient deniable authentication protocol based on generalized ElGamal signature scheme

Author

Shao, Zuhua

Subjects

*COMPUTER network protocols, *DIGITAL signatures, *AUTHENTICATION (Law), *COMPUTER networks

Abstract

An efficient and non-interactive deniable authentication protocol is presented to enable a receiver to identify the source of a given message, but not prove the identity of the sender to a third party. The proposed protocol is based on the generalized ElGamal signature scheme and is more efficient than the previous protocols. We show that if an adversary could forge signatures of this protocol, he would forge signatures of the generalized ElGamal signature scheme. Moreover, the new protocol is more secure than the previous deniable authentication protocols, since anyone can not impersonate the intended receiver. [Copyright &y& Elsevier]

Published

2004