A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks

Security and Communication Networks

Volumn 8, Issue 9, 2015, Pages 1732-1751

  Odelu, Vanga ^a   Das, Ashok Kumar ^b   Goswami, Adrijit ^a  

^a INDIAN INSTITUTE OF TECHNOLOGY   (India)

^b INTERNATIONAL INSTITUTE OF INFORMATION TECHNOLOGY   (India)

Author keywords

AVISPA; Distributed computer networks; ECC; Key establishment; Mutual authentication; Security; SSO; Uniqueness; User anonymity

Indexed keywords

AUTHENTICATION; CRYPTOGRAPHY; DISTRIBUTED COMPUTER SYSTEMS; ELECTRIC BATTERIES; GEOMETRY; SMART CARDS;

AVISPA; DISTRIBUTED COMPUTER NETWORKS; KEY ESTABLISHMENTS; MUTUAL AUTHENTICATION; SECURITY; UNIQUENESS; USER ANONYMITY;

NETWORK SECURITY;

EID: 84928801756     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.1139     Document Type: Article

References (53)

1. Ratha NK, Connell JH, Bolle RM. Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 2001; 40(3):614-634.
2. Stone-Gross B, Cova M, Cavallaro L. Your botnet is my botnet: Analysis of a botnet takeover, Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA, 2009; 635-647.
3. Security at risk as one third of surfers admit they use the same password for all websites, March 2009. Available at http://www.sophos.com/pressoffice/news/articles/2009/03/password-security.html. Accessed on January 2014.
4. Chen YC, Liu CL, Horng G. Cryptanalysis of some user identification schemes for distributed computer networks. 2013).
5. Security forum on single sign-on, TheOpenGroup. Online available at http://www.opengroup.org/security/l2-sso.htm. Accessed on January 2014.
6. Wang G, Yu J, Xie Q. Security analysis of a single sign-on mechanism for distributed computer networks. IEEE Transactions on Industrial Electronics 2013; 1:9.
7. Chang C-C, Lee C-Y. A secure single sign-on mechanism for distributed computer networks. IEEE Transactions on Industrial Electronics 2012; 59(1):629-637.
8. Wu S, Chen K. An efficient key-management scheme for hierarchical access control in E-medicine system. Journal of Medical Systems 2012; 36(4):2325-2337.
9. Odelu V, Das AK, Goswami A. A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Information Sciences 2014; 269(C):270-285.
10. Sun DZ, Huai JP, Sun JZ, Li JX, Zhang JW, Feng ZY. Improvements of Juang's password-authenticated key agreement scheme using smart cards. IEEE Transactions on Industrial Electronics 2009; 56(6):2284-2291.
11. Li X, Qiu W, Zheng D, Chen K, Li J. Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics 2010; 57(2):793-800.
12. Huang YJ, Yuan CC, Chen MK, Lin WC, Teng HC. Hardware implementation of RFID mutual authentication protocol. IEEE Transactions on Industrial Electronics 2010; 57(5):1573-1582.
13. Wang D, Ma CG. Cryptanalysis of a remote user authentication scheme for mobile clientserver environment based on ECC. Information Fusion 2013; 14(4):498-503.
14. Lee WB, Chang CC. User identification and key distribution maintaining anonymity for distributed computer networks. Computer Systems Science and Engineering 2000; 15(4):113-116.
15. Wu TS, Hsu CL. Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks. Computer Security 2004; 23(2):120-125.
16. Yang Y, Wang S, Bao F, Wang J, Deng RH. New efficient user identification and key distribution scheme providing enhanced security. Computer Security 2004; 23(8):697-704.
17. Lee CC. Two attacks on the Wu-Hsu user identification scheme. International Journal of Network Security 2005; 1(3):147-148.
18. Mangipudi KV, Katti RS. A secure identification and key agreement protocol with user anonymity (SIKA). Computer Security 2006; 25(6):420-425.
19. Hsu C-L, Chuang Y-H. A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks. Information Science 2009; 179(4):422-429.
20. Tsai JL. Weaknesses and improvement of HsuChuang's user identification scheme. Information Technology and Control 2010; 39(1):48-50.
21. Yu J, Wang G, Mu Y. Provably secure single sign-on scheme in distributed systems and networks, Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TRUSTCOM 2012), Liverpool, UK, 2012; 271-278.
22. Harn L, Ren J. Generalized digital certificate for user authentication and key establishment for secure communications. IEEE Transactions on Wireless Communications 2011; 10(7):2372-2379.
23. Lauter K. The advantages of elliptic curve cryptography for wireless security. IEEE Wireless Communications 2004; 11(1):62-67.
24. Jain A, Hong L, Pankanti S. Biometric identification. Communications of the ACM 2000; 43(2):90-98.
25. Nickalls RWD. A new approach to solving the cubic: Cardan's solution revealed. The Mathematical Gazette 1993; 77(480):354-359.
26. Stallings W. Cryptography and Network Security: Principles and Practices (3rd edn). Pearson Education: India, 2003.
27. Das AK, Paul NR, Tripathy L. Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Information Sciences 2012; 209(C):80-92.
28. Dutta R, Barua R. Provably secure constant round contributory group key agreement. IEEE Transactions on Information Theory 2008; 54(5):2007-2025.
29. Jina ATB, Linga DNC, Goh A. BioHashing: two factor authentication featuring fingerprint data and tokenized random number. Pattern Recognition 2004; 37(11):2245-2255.
30. Lumini A, Nanni L. An improved BioHashing for human authentication. Pattern Recognition 2007; 40(3):1057-1065.
31. Sarkar P. A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security 2010; 4:1-16.
32. Stinson DR. Some observations on the theory of cryptographic hash functions. Designed Codes Cryptography 2006; 38(2):259-277.
33. Kocher P, Jaffe J, Jun B. Differential power analysis. Proceedings of Advances in Cryptology - CRYPTO'99, LNCS, 1999; 388-397.
34. Messerges TS, Dabbish EA, Sloan RH. Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 2002; 51(5):541-552.
35. Dolev D, Yao A. On the security of public key protocols. IEEE Transactions on Information Theory 1983; 29(2):198-208.
36. ElGamal TA. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 1985; 31(4):469-472.
37. Harn L, Xu Y. Design of generalized ElGamal type digital signature schemes based on discret logarithm. Electronics Letters 1994; 30(24):2025-2026.
38. Perceptual hashing. Available at http://www.amsqr.com/2013/01/perceptual-hashing.html. Accessed on November 2013.
39. Burnett A, Byrne F, Dowling T, Duffy A. A biometric identity based signature scheme. International Journal of Network Security 2007; 5(3):317-326.
40. Dodis Y, Reyzin L, Smith A. Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. Proceedings of the Advances in Cryptology (Eurocrypt'04), LNCS 3027, Interlaken, Switzerland, 2004; 523-540.
41. Advanced Encryption Standard. FIPS PUB 197. National Institute of Standards and Technology (NIST), U.S. Department of Commerce, November 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. Accessed on November 2010.
42. Li X, Niu J-W, Ma J, Wang W-D, Liu C-L. Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 2011; 34(1):73-79.
43. Das AK, Bruhadeshwar B. An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. Journal of Medical Systems 2013; 37(5):1-17.
44. Automated validation of Internet security protocols and applications. Available at http://www.avispa-project.org/. Accessed on January 2014.
45. Das AK, Chatterjee S, Sing JK. A novel efficient access control scheme for large-scale distributed wireless sensor networks. International Journal of Foundations of Computer Science 2013; 24(5):625-653.
46. Das AK, Chatterjee S, Formal security verification of a dynamic password-based user authentication scheme for hierarchical wireless sensor networks, Proceedings of International Symposium on Security in Computing and Communications (SSCC 2013), Communications in Computer and Information Science Series (CCIS), Springer-Verlag, Berlin-Heidelberg; 243-254.
47. Chatterjee S, Das AK, Sing JK. An enhanced access control scheme in wireless sensor networks. Ad Hoc & Sensor Wireless Networks 2014; 21(1-2):121-149.
48. Armando A et al. The AVISPA tool for the automated validation of internet security protocols and applications, Proceedings of 17th International Conference on Computer Aided Verification (CAV'05), LNCS, Springer-Verlag, Berlin-Heidelberg, 2005; 281-285.
49. von Oheimb D. The high-level protocol specification language HLPSL developed in the EU project AVISPA, Proceedings of APPSEM Workshop, Tallinn, 2005.
50. Basin D, Modersheim S, Vigano L. OFMC: a symbolic model checker for security protocols. International Journal of Information Security 2005; 4(3):181-208.
51. AVISPA Web tool. Available at http://www.avispa-project.org/web-interface/expert.php/. Accessed on January 2014.
52. Secure hash standard, NIST Standard FIPS PUB 180-3, 2008.
53. Chien HY. Practical anonymous user authentication scheme with security proof. Computer Security 2008; 27(5-6):216-223.