A secure and improved multi server authentication protocol using fuzzy commitment
Yükleniyor...
Dosyalar
Tarih
2021
Dergi Başlığı
Dergi ISSN
Cilt Başlığı
Yayıncı
SPRINGER, VAN GODEWIJCKSTRAAT 30, 3311 GZ DORDRECHT, NETHERLANDS
Erişim Hakkı
info:eu-repo/semantics/openAccess
Attribution-NonCommercial-NoDerivs 3.0 United States
Attribution-NonCommercial-NoDerivs 3.0 United States
Özet
The advancement in communication and computation technologies has paved a way for connecting large number of heterogeneous devices to offer specified services. Still, the advantages of this advancement are not realized completely due to inherent security issues. Most of the existing authentication mechanisms ensure the legitimacy of requesting user thorough single server leading towards multiple registrations and corresponding credentials storage on user side. Intelligent multimedia networks (IMN) may encompass wide range of networks and applications. However, the privacy and security of IMN cannot be apprehended through traditional multi sign on/single server authentication systems. The multi-server authentication systems can enable a user to acquire services from multiple servers using single registration and with single set of credentials (i.e.Password/smart card etc.) and can be accomplish IMN security and privacy needs. In 2018, Barman et al. proposed a multi-server authentication protocol using fuzzy commitment. The authors claimed that their protocol provides anonymity while resisting all known attacks. In this paper, we analyze that Barman et al.’s protocol is still vulnerable to anonymity violation attack and impersonation based on stolen smart card attack; moreover, it has incomplete login request and is prone to scalability issues. We then propose an enhanced protocol to overcome the security weaknesses of Barman et al.’s scheme. The security of the proposed protocol is verified using BAN logic and widely accepted automated AVISPA tool. The BAN logic and automated AVISPA along with the informal analysis ensure the robustness of the scheme against all known attacks.
Açıklama
Anahtar Kelimeler
Multi-server, Authentication, Fuzzy commitment, Security, BAN logic, AVISPA
Kaynak
Multimedia Tools and Applications
WoS Q Değeri
Q2
Scopus Q Değeri
Q1
Cilt
80
Sayı
11
