A secure and improved multi server authentication protocol using fuzzy commitment

dc.authoridhttps://orcid.org/0000-0001-7474-0405en_US
dc.authoridhttps://orcid.org/0000-0002-9321-6956en_US
dc.authoridhttps://orcid.org/0000-0001-8579-5444en_US
dc.contributor.authorRehman, Hafeez Ur
dc.contributor.authorGhani, Anwar
dc.contributor.authorChaudhry, Shehzad Ashraf
dc.contributor.authorAlsharif, Mohammed H.
dc.contributor.authorNabipour, Narjes
dc.date.accessioned2023-09-15T14:05:16Z
dc.date.available2023-09-15T14:05:16Z
dc.date.issued2021en_US
dc.departmentMühendislik ve Mimarlık Fakültesien_US
dc.description.abstractThe advancement in communication and computation technologies has paved a way for connecting large number of heterogeneous devices to offer specified services. Still, the advantages of this advancement are not realized completely due to inherent security issues. Most of the existing authentication mechanisms ensure the legitimacy of requesting user thorough single server leading towards multiple registrations and corresponding credentials storage on user side. Intelligent multimedia networks (IMN) may encompass wide range of networks and applications. However, the privacy and security of IMN cannot be apprehended through traditional multi sign on/single server authentication systems. The multi-server authentication systems can enable a user to acquire services from multiple servers using single registration and with single set of credentials (i.e.Password/smart card etc.) and can be accomplish IMN security and privacy needs. In 2018, Barman et al. proposed a multi-server authentication protocol using fuzzy commitment. The authors claimed that their protocol provides anonymity while resisting all known attacks. In this paper, we analyze that Barman et al.’s protocol is still vulnerable to anonymity violation attack and impersonation based on stolen smart card attack; moreover, it has incomplete login request and is prone to scalability issues. We then propose an enhanced protocol to overcome the security weaknesses of Barman et al.’s scheme. The security of the proposed protocol is verified using BAN logic and widely accepted automated AVISPA tool. The BAN logic and automated AVISPA along with the informal analysis ensure the robustness of the scheme against all known attacks.en_US
dc.identifier.doi10.1007/s11042-020-09078-zen_US
dc.identifier.endpage16931en_US
dc.identifier.issn1380-7501
dc.identifier.issn1573-7721
dc.identifier.issue11en_US
dc.identifier.scopus2-s2.0-85087397364en_US
dc.identifier.scopusqualityQ1en_US
dc.identifier.startpage16907en_US
dc.identifier.urihttps://hdl.handle.net/11363/5542
dc.identifier.urihttps://doi.org/
dc.identifier.volume80en_US
dc.identifier.wosWOS:000544843700003en_US
dc.identifier.wosqualityQ2en_US
dc.indekslendigikaynakWeb of Scienceen_US
dc.indekslendigikaynakScopusen_US
dc.institutionauthorChaudhry, Shehzad Ashraf
dc.language.isoenen_US
dc.publisherSPRINGER, VAN GODEWIJCKSTRAAT 30, 3311 GZ DORDRECHT, NETHERLANDSen_US
dc.relation.ispartofMultimedia Tools and Applicationsen_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanıen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.rightsAttribution-NonCommercial-NoDerivs 3.0 United States*
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/3.0/us/*
dc.subjectMulti-serveren_US
dc.subjectAuthenticationen_US
dc.subjectFuzzy commitmenten_US
dc.subjectSecurityen_US
dc.subjectBAN logicen_US
dc.subjectAVISPAen_US
dc.titleA secure and improved multi server authentication protocol using fuzzy commitmenten_US
dc.typeArticleen_US

Dosyalar

Orijinal paket
Listeleniyor 1 - 1 / 1
Yükleniyor...
Küçük Resim
İsim:
s11042-020-09078-z.pdf
Boyut:
1.98 MB
Biçim:
Adobe Portable Document Format
Açıklama:
Makale / Article
Lisans paketi
Listeleniyor 1 - 1 / 1
Küçük Resim Yok
İsim:
license.txt
Boyut:
1.56 KB
Biçim:
Item-specific license agreed upon to submission
Açıklama: