Please wait a minute...
FITEE
Front. Inform. Technol. Electron. Eng.  2015, Vol. 16 Issue (4): 259-271    DOI: 10.1631/FITEE.1400232
    
A lightweight authentication scheme with user untraceability
Kuo-Hui Yeh
Department of Information Management, National Dong Hwa University, Taiwan 974, Hualien
Download:   PDF(0KB)
Export: BibTeX | EndNote (RIS)      

Abstract  With the rapid growth of electronic commerce and associated demands on variants of Internet based applications, application systems providing network resources and business services are in high demand around the world. To guarantee robust security and computational efficiency for service retrieval, a variety of authentication schemes have been proposed. However, most of these schemes have been found to be lacking when subject to a formal security analysis. Recently, Chang et al. (2014) introduced a formally provable secure authentication protocol with the property of user-untraceability. Unfortunately, based on our analysis, the proposed scheme fails to provide the property of user-untraceability as claimed, and is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this paper, we demonstrate the details of these malicious attacks. A security enhanced authentication scheme is proposed to eliminate all identified weaknesses.

Key wordsAuthentication      Privacy      Security      Smart card      Untraceability     
Received: 03 July 2014      Published: 03 April 2015
CLC:  TP309  
Service
E-mail this article
Add to my bookshelf
Add to citation manager
E-mail Alert
RSS
Articles by authors
Kuo-Hui Yeh
Cite this article:

Kuo-Hui Yeh. A lightweight authentication scheme with user untraceability. Front. Inform. Technol. Electron. Eng., 2015, 16(4): 259-271.

URL:

http://www.zjujournals.com/xueshu/fitee/10.1631/FITEE.1400232     OR     http://www.zjujournals.com/xueshu/fitee/Y2015/V16/I4/259


一套具备使用者不可追踪性的轻量化身分鉴别机制

目的:随着电子商务应用的蓬勃发展,如何安全且有效率地提供足够的网路资源或线上服务给远端使用者逐渐成为一门研究显学。鉴于此,本论文主要针对目前商务网路环境设计使用者身分鉴别机制。
创新点:本研究所提出的鉴别机制主要利用杂凑函数(Hash function)作为机制内的资讯保护技术,并以一套新设计的讯息传递逻辑成功完成多个体间的相互身分鉴别,如此将可同时达到计算安全与轻量化效能两大效益。
方法:藉由使用者注册(Registration)、登入与鉴别(Login and authentication)、密码变更(Password change)等三大阶段来完成并良好管理使用者身分鉴别与讯息传输安全。
结论:本论文主要针对现有网路环境下的商务架构,进行使用者身分鉴别机制设计。在协定安全度方面,根据传输逻辑分析与安全正式化分析结果,所提方法的安全可行性已被成功证实。在效能方面,本研究比近期所提出的几份相关机制(Tsai et al., 2013;Chang et al., 2014;Kumari and Khan, 2014)皆更为有效率(表2、3)。

关键词: 身分鉴别,  隐私,  安全,  智慧卡,  不可追踪性 
[1] Hui-fang YU , Bo YANG. Low-computation certificateless hybrid signcryption scheme[J]. Front. Inform. Technol. Electron. Eng., 2017, 18(7): 928-940.
[2] Zhen-hua YUAN , Chen CHEN, Xiang CHENG , Guo-cheng LV, Liu-qing YANG , Ye JIN. Correlated channel model-based secure communications in dual-hop wireless communication networks[J]. Front. Inform. Technol. Electron. Eng., 2017, 18(6): 796-807.
[3] He-hao NIU, Bang-ning ZHANG, Dao-xing GUO, Yu-zhen HUANG, Ming-yue LU. Joint cooperative beamforming and artificial noise design for secure AF relay networks with energy-harvesting eavesdroppers[J]. Front. Inform. Technol. Electron. Eng., 2017, 18(6): 850-862.
[4] Yue-bin LUO, Bao-sheng WANG, Xiao-feng WANG, Bo-feng ZHANG. A keyed-hashing based self-synchronization mechanism for port address hopping communication[J]. Front. Inform. Technol. Electron. Eng., 2017, 18(5): 719-728.
[5] Hui Zhao, You-yu Tan, Gao-feng Pan, Yun-fei Chen. Ergodic secrecy capacity of MRC/SC in single-input multiple-output wiretap systems with imperfect channel state information[J]. Front. Inform. Technol. Electron. Eng., 2017, 18(4): 578-590.
[6] Gaurav Bansod, Narayan Pisharoty, Abhijit Patil. BORON: an ultra-lightweight and low power encryption design for pervasive computing[J]. Front. Inform. Technol. Electron. Eng., 2017, 18(3): 332-345.
[7] Huan-zhao Wang, Peng Zhang, Lei Xiong, Xin Liu, Cheng-chen Hu. A secure and high-performance multi-controller architecture for software-defined networking[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(7): 634-646.
[8] Gui-lin CAI, Bao-sheng WANG, Wei HU, Tian-zuo WANG. Moving target defense: state of the art and characteristics[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(11): 1122-1153.
[9] Hong-jiang Lei, Imran Shafique Ansari, Chao Gao, Yong-cai Guo, Gao-feng Pan, Khalid A. Qaraqe. Secrecy performance analysis of single-input multiple-output generalized-K fading channels[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(10): 1074-1084.
[10] Guang-jia Song, Zhen-zhou Ji. Anonymous-address-resolution model[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(10): 1044-1055.
[11] Kok-Seng Wong, Myung Ho Kim. Towards a respondent-preferred ki-anonymity model[J]. Front. Inform. Technol. Electron. Eng., 2015, 16(9): 720-731.
[12] Osama A. Khashan, Abdullah M. Zin, Elankovan A. Sundararajan. ImgFS: a transparent cryptography for stored images using a filesystem in userspace[J]. Front. Inform. Technol. Electron. Eng., 2015, 16(1): 28-42.
[13] Ahmad Karim, Rosli Bin Salleh, Muhammad Shiraz, Syed Adeel Ali Shah, Irfan Awan, Nor Badrul Anuar. Botnet detection techniques: review, future trends, and issues[J]. Front. Inform. Technol. Electron. Eng., 2014, 15(11): 943-983.
[14] Yun Niu, Li-ji Wu, Yang Liu, Xiang-min Zhang, Hong-yi Chen. A 10 Gbps in-line network security processor based on configurable hetero-multi-cores[J]. Front. Inform. Technol. Electron. Eng., 2013, 14(8): 642-651.
[15] Chih-ho Chou, Kuo-yu Tsai, Tzong-chen Wu, Kuo-hui Yeh. Efficient and secure three-party authenticated key exchange protocol for mobile environments[J]. Front. Inform. Technol. Electron. Eng., 2013, 14(5): 347-355.