Mobile Agent Security Based on Mutual Authentication and Elliptic Curve Cryptography (original) (raw)
Related papers
A Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography
Mobile user authentication is an essential topic to consider in the current communications technology due to greater deployment of handheld devices and advanced technologies. Memon et al. recently proposed an efficient and secure two-factor authentication protocol for location-based services using asymmetric key cryptography. Unlike their claims, the vigilant analysis of this paper substantiates that Memon et al.'s protocol has quite a few limitations such as vulnerability to key compromised impersonation attack, insecure password changing phase, imperfect mutual authentication, and vulnerability to insider attack. Furthermore, this paper proposes an enhanced secure authentication protocol for roaming services on elliptic curve cryptography. The proposed protocol is also a two-factor authentication protocol and is suitable for practical applications due to the composition of lightweight operations. The proposed protocol's formal security is verified using Automated Validation of Internet Security Protocols and Applications tool to certify that the proposed protocol is free from security threats. The informal and formal security analyses along with the performance analysis sections determine that the proposed protocol performs better than Memon et al.'s protocol and other related protocols in terms of security and efficiency.
Elliptic Curve Cryptography Based Wireless Authentication Protocol
Recently, Aydos et al. proposed an ECC-based wireless authentication protocol. Because their protocol is based on ECC, the protocol has significant advantage including lower computational burden, lower communication bandwidth and storage requirements. However, Mangipudi et al showed that the protocol is vulnerable to the man-inthe-middle attack from the attacker within the system and proposed a user authentication protocol to prevent the attack. This paper further shows that Aydos et al.'s protocol is vulnerable to man-in-the-middle attack from any attacker not restricted on the inside attacker. Then, a forging certificate attack on Mangipudi et al's protocol is presented. Next, the reasons that Aydos et al's protocol and Mangipudi et al's protocol suffer the attacks are analyzed. Finally, we propose a novel ECC-based wireless authentication protocol and analyze the security of our protocol.
Elliptic curve Cryptosystem a b s t r a c t Recently, remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most remote user authentication schemes on ECC are based on public-key cryptosystem, in which the public key in the system requires the associated certificate to prove its validity. Thus, the user needs to perform additional computations to verify the certificate in these schemes. In addition, we find these schemes do not provide mutual authentication or a session key agreement between the user and the remote server. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. Based upon the ID-based concept, the proposed scheme does not require public keys for users such that the additional computations for certificates can be reduced. Moreover, the proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices.
V International Enformatika …, 2005
In this paper the authors propose a protocol, which uses Elliptic Curve Cryptography (ECC) based on the ElGamal's algorithm, for sending small amounts of data via an authentication server. The innovation of this approach is that there is no need for a symmetric algorithm or a safe communication channel such as SSL. The reason that ECC has been chosen instead of RSA is that it provides a methodology for obtaining high-speed implementations of authentication protocols and encrypted mail techniques while using fewer bits for the keys. This means that ECC systems require smaller chip size and less power consumption. The proposed protocol has been implemented in Java to analyse its features and vulnerabilities in the real world.
Secure protocol for Mobile Agents Using Proxy Signcryption Scheme Based on Hyper Elliptic Curve
Proxy signcryption are used in mobile commerce for the delegation of signing privileges these days. On the other hand hyper elliptic curve cryptography is attractive for low resource devices. The paper presents a new protocol for mobile agents using proxy signcryption based on hyper elliptic curve. The protocol is designed for resource constrained devices e.g. mobile phone and smart card. The proposed protocol enables the owner to give their signing privileges to proxy agent and the proxy agent sign the document on behalf of owner and inter-link with bank to perform financial services with merchant. It also provides the security properties like warrant integrity, message confidentiality, message integrity, warrant unforgeability, message unforgeability and proxy non repudiation.
AN EFFICIENT AND MORE SECURE IDBASED MUTUAL AUTHENTICATION SCHEME BASED ON ECC FOR MOBILE DEVICES
Mobile services are spread throughout the wireless network and are one of the crucial components needed for various applications and services. However, the security of mobile communication has topped the list of concerns for mobile phone users. Confidentiality, Authentication, Integrity and Non-repudiation are required security services for mobile communication. Currently available network security mechanisms are inadequate; hence there is a greater demand to provide a more flexible, reconfigurable, and scalable security mechanism. Traditionally, the security services have been provided by cryptography. Recently, techniques based on elliptic curve cryptography (ECC) have demonstrated the feasibility of providing computer security services efficiently on mobile platforms. Islam and Biswas have proposed a more efficient and secure ID-based system for mobile devices on ECC to enhance security for authentication with key agreement system. They claimed that their system truly is more secure than previous ones and it can resist various attacks. However, it is true because their system is vulnerable to known session-specific temporary information attack, and the other system is denial of service resulting from leaking server's database. Thus, the paper presents an improvement to their system in order to isolate such problems.
A Review on Distributed System Security using Elliptic Curve Cryptography
Most of the security architecture uses public key cryptosystems for authentication and to secure the communication that takes place on distributes sites. Now a day’s identity based cryptography and certificate-less public key cryptography are used for enhancing the security. Certificate-less based cryptography has reduced the certificate necessity for key distribution and reducing the problem of key escrow that arise in identity based cryptography. A review based on identity based and certificate-less based is carried out to show that how they are beneficial in future for enhancing distributed system security using Elliptic curve cryptography.
Constructing Secure Mobile-Agent-Based Consumer Electronic Applications
2015
Abstract:- This paper proposes two appropriate security schemes for protecting consumer electronic applications in mobile agent based networks. As far as mobile agent security is concerned, we develop a proxy signature scheme for protecting mobile agents against malicious agent hosts using the ECC-based self-certified public key cryptosystem. The proposed proxy signature scheme can protect users ’ private keys, and provide the fairness of contracts signed by agents. In addition, based on the proposed proxy signature scheme, we further design a proxy authenticated encryption scheme so that the signature of the contracts will satisfy users’ constraints, and the non-repudiation of servers can be achieved. Furthermore, we also implement the proposed security schemes to achieve security requirements of confidentiality, integrity, and non-repudiation for protecting Linux-based mobile agents in an electronic auction application. Hence, we affirm that the proposed security schemes are suita...
SECURITY AND PRIVACY, 2019
Session initiation protocol (SIP) is known as multimedia communication protocol based on IP, which is leveraged to provide signaling as well as instant messaging services. Since SIP services are widely used by Internet users, an important challenge is to supply mutual authentication between the SIP server and the user. Recently, Qui et al have presented an authentication and key agreement protocol for SIP and mentioned that their protocol is efficient and secure. In this article, we demonstrate that the protocol proposed by Qui et al is not able to provide mutual authentication and is prone to various attacks including Denning‐Sacco and denial of service attacks. We then propose a secure and efficient two‐factor authentication and key agreement protocol for SIP using elliptic curve cryptography (ECC). We analyze the security of the proposed scheme and show that it is able to satisfy various security features and resist different types of attacks. We also compare the computation and ...
Enhancing Security for Mobile Adhoc Networks by using Elliptic Curve Cryptography
Unlike conventional infrastructure based wireless networks such as, wireless cellular networks, Mobile Ad Hoc Networks (MANET) contains rapidly deployable, self organizing and self maintaining capability features. Moreover, they can be formed on the fly as needed. More concerns for MANET’s security arise due to its high popularity to its users. Now-a days, more interests are given in Public Key Cryptography (PKC) rather than Secret Key Cryptography because of its strong security. However, in the context of wireless communication, although PKC offers robust solutions for many security problems, the excessive amount of required computational resources remarkably limit the usage of PKC. Using Elliptic Curve Cryptography (ECC) offers higher strength per key bit in comparison with other PKCs. The computational power needed to break 1024 bit RSA is equal to the computational power needed to break 163 bit ECC. Unlike the ordinary Discrete Logarithm Problem (DLP) and the Integer Factorization Problem (IFP) for PKCs, no sub exponential-time algorithm is known for the Elliptic Curve Discrete Logarithm Problem (ECDLP). For this reason, the strength-per-key-bit is substantially greater in an algorithm that uses elliptic curves rather than existing RSA or El-Gamal PKC. This thesis paper gives an introduction to ECC, how it is used in the implementation of Digital Signature Algorithms (ECDSA) and provides a novel security framework based on ECC and ECDSA for MANET. In the proposed framework, namely Optimized Pretty Good Privacy (OPGP), a composition of ECC and ECDSA is introduced for enhancing security. In OPGP, the authentication, non repudiation, integrity of information is provided by ECDSA and confidentiality is provided by using ECC. The optimized ECC and ECDSA succeed to provide same security level of existing RSA, by performing relatively lower computations.