PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD


PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD

Beaton Kapito1 , Patrick Ali1 , Levis Eneya1 and Hyunsung Kim1,2

 1Mathematical Sciences Department, University of Malawi, Chancellor College, Zomba, Malawi 

2Department of Cyber Security, Kyungil University, Kyungbuk, Korea

ABSTRACT

One of the most commonly used user authentication mechanisms is two factor authentication based on smart card and password. The core feature of the scheme is to enforce that the user must have the smart card and know the password in order to gain access to server. Recently, Liu et al. proposed a smart card based password authentication scheme and argued that it is secure against insider attack, replay attack and man in the middle attack and provides perfect forward secrecy. In this paper, we show security weaknesses in Liu et al.’s scheme focused on off-line password guessing attack and masquerading attack and it does not provide perfect forward secrecy and anonymity. Accordingly, we propose a privacy preserving user authentication scheme based on smart card, denoted as PUAS, to remedy these security weaknesses and to provide anonymity and perfect forward secrecy. PUAS is more secure with a bit of computational overhead to support several positive properties in security and privacy.

KEYWORDS

User Authentication, Password Authentication, Smart Card, Bilinear Pairing, Privacy

SOURCE URL : https://wireilla.com/papers/ijcis/V8N3/8318ijcis02.pdf

https://wireilla.com/ijcis/index.html



Comments

Post a Comment

Popular posts from this blog

Image
 # communication protocol # bandwidth #wirelessnetworks #mobilenetworks #cryptography #wirelesscomputing #mobilecomputing #adhocsensornetworks # telecommunications # network service Submit Your Research Articles ...!!! 15th International Conference on Wireless & Mobile Networks (WiMoNe 2023) June 17 ~ 18, 2023, Sydney, Australia Webpage URL - https://cseit2023.org/wimone/index Submission Deadline    :    April 08,2023 Submission  URL - https://cseit2023.org/submission/index.php Contact Us : wimone@cseit2023.org
Read more

A DEFENSE MECHANISM FOR CREDIT CARD FRAUD DETECTION

Image
A DEFENSE MECHANISM FOR CREDIT CARD FRAUD DETECTION   M.Sasirekha , Sumaiya Thaseen   and Saira Banu School of Computing Science and Engineering, VIT University, Tamil Nadu, India. ABSTRACT Computer security is one of the key areas where lot of research is being done. Many intrusion detection techniques are proposed to ensure the network security, protect network resources and network infrastructures. Intrusion detection systems (IDS) attempt to detect attacks by gathering network data and analyze the information from various areas to identify the possible intrusions. This paper proposes a defense mechanism combining three approaches such as anomaly, misuse and decision making model to produce better detection accuracy and a decreased false positive rate. The defense mechanism can be built to detect the attacks in credit card system using Hidden Markov approach in the anomaly detection module. The credit card holder’s behaviours are taken as attributes and t...
Read more

DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT

Image
DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT  Alexander Beck, Jens Graupmann, Frank Ortmeier Computer Systems in Engineering, Otto-von-Guericke-University, Magdeburg, Germany  ABSTRACT  The paper proposes a method based on different security-related factors to dynamically calculate the validity period of digital certificates. Currently validity periods are most often defined statically without scientific justification. This approach is not sufficient to objectively consider the actual need for security. Therefore the approach proposed in this paper considers relevant security criteria in order to calculate a meaningful validity period for digital certificates. This kind of security assessment can be executed periodically in order to dynamically respond to changing conditions. Especially in the context of complex systems and infrastructures that have an increased need for security, privacy and availab...
Read more