A New Enhanced Authentication Mechanism Using Session Key Agreement Protocol

Usha, S.; Kuppuswami, S.; Karthik, M.

doi:10.2478/cait-2018-0048

Abstract

Cryptographic protocols are the backbone of information security. Unfortunately the security of several important components of these protocols can be neglected. This causes violation of personal privacy and threats to democracy. Integration of biometrics with cryptography can overcome this problem. In this paper an enhanced session key agreement protocol which uses the data derived from iris signature is suggested to improve the security of biometric based applications like e-Passport, e-Driving license, etc. The authenticity and security properties of the proposed protocol are analyzed using ProVerif tool and demonstrate it satisfies the intended properties.

References

1. Juels, A., D. Molnar, D. Wagner. Security and Privacy Issues in E-Passports. – IEEE Secure Communication, 2005, pp. 74-88.
Search in Google Scholar Back to article
2. Justice and Home Affairs. EU Standard Specifications or Security Features and Biometrics in Passports and Travel Documents. Technical Report, European Union, 2006.
Search in Google Scholar Back to article
3. Pasupathinathan, V., J. Pieprzyk, H. Wang. Security Analysis of Australian and E.U. e-Passport Implementation. – Journal of Research and Practice in Information Technology, Vol. 40, 2008, No 3, pp. 187-206.
Search in Google Scholar Back to article
4. Abid, M., H. Afifi. Secure e-Passport Protocol Using Elliptic Curve Diffie-Hellman Key Agreement Protocol. – In: Proc. of IEEE 4th International Conference on Information Assurance and Security, Italy, 2008, pp. 99-102.10.1109/IAS.2008.22
Search in Google Scholar Back to article
5. Yoon, E. J., K. Y. Yoo. Robust Biometrics-Based Multi-Server Authentication with Key Agreement Scheme for Smart Cards on Elliptic Curve Cryptosystem. – The Journal of Supercomputing, Vol. 63, No 1, pp. 235-255.10.1007/s11227-010-0512-1
Search in Google Scholar Back to article
6. Dalal, N., J. Shah, K. Hisaria, D. Jinwala. A Comparative Analysis of Tools for Verification of Security Protocols. – International Journal of Communications, Network and System Sciences, Vol. 3, 2010, pp. 779-787.10.4236/ijcns.2010.310104
Search in Google Scholar Back to article
7. Al-Hamadi, H., C. Y. Yeun, M. J. Zemerly, M. Al-Qutayri, A. Gawanmeh. Verifying Mutual Authentication for the DLK Protocol Using ProVerif Tool. – International Journal for Information Security Research, Vol. 2, 2012, No 1, pp. 256-265.10.20533/ijisr.2042.4639.2013.0031
Search in Google Scholar Back to article
8. Blanchet, B. Automatic Proof of Strong Secrecy for Security Protocols. – In: Proc. of IEEE Symposium on Security and Privacy, 2004, pp. 86-100.
Search in Google Scholar Back to article
9. Blanchet, B. Proverif: Automatic Cryptographic Protocol Verifier User Manual, 2005.
Search in Google Scholar Back to article
10. Stallings, W. Cryptography and Network Security. 4th Edition. Prentice-Hall of India Pvt. Ltd, 2007.
Search in Google Scholar Back to article
11. Yongliang, L., W. Gao, H. Yao, X. Yu. Elliptic Curve Cryptography Based Wireless Authentication Protocol. – International Journal of Network Security, Vol. 5, 2007, No 3, pp. 327-337.
Search in Google Scholar Back to article
12. Sui, A., C. Lukas, K. Hui, Y. Yixian, K. P. Chow. Elliptic Curve Cryptography Based Authentication Key Agreement with Pre-Shared Password. – Journal of Electronics (China), Vol. 22, 2005, No 3, pp. 268-272.10.1007/BF02687982
Search in Google Scholar Back to article
13. Xi, K., T. Ahmad, F. Han, J. Hu. A Fingerprint Based Bio-Cryptographic Security Protocol Designed for Client/Server Authentication in Mobile Computing Environment. – Security and Communication Networks, Vol. 4, 2011, No 5, pp. 487-499.10.1002/sec.225
Search in Google Scholar Back to article
14. Kande, S. Generating and Sharing Biometrics Based Session Keys for Secure Cryptographic Applications. – In: International IEEE Conference on Biometrics: Theory, Applications and Systems, USA, 2010, pp. 1-7.10.1109/BTAS.2010.5634545
Search in Google Scholar Back to article
15. Li, C. T., M. S. Hwang. An Online Biometrics-Based Secret Sharing Scheme for Multiparty Cryptosystem Using Smart Cards. – International Journal of Innovative Computing, Information and Control, Vol. 6, 2010, No 5, pp. 2181-2188.
Search in Google Scholar Back to article
16. Daugman, J. Biometric Personal Identification System Based on Iris Analysis. U.S. Patent 5291, 560, 1994.
Search in Google Scholar Back to article
17. Usha, S., S. Kuppuswami. Secured Session Key Agreement Protocol for Iris Cryptosystem Using Customized Elliptic Curve Cryptography. – International Journal of Security and Its Applications, Vol. 8, 2014, No 1, pp.147-158.10.14257/ijsia.2014.8.1.14
Search in Google Scholar Back to article
18. Abid, M., S. Kanade, D. Petrovska-Delecretaz, M. Dorizzi. Iris Based Authentication Mechanism for e-Passports. – In: International Workshop on Security and Communication Networks, Karlstad, 2010, pp. 1-5.10.1109/IWSCN.2010.5497990
Search in Google Scholar Back to article
19. Qi Xie, Q., N. Dong, X. Tan, D. S. Wong, G. Wang. Improvement of a Three-Party-Based Key Exchange Protocol with Formal Verification. – Information Technology and Control, Vol. 42, 2013, No 3, pp. 231-237.10.5755/j01.itc.42.3.1905
Search in Google Scholar Back to article
20. Salaiwarakul, A. Verification of Secure Biometric Authentication Protocols. PhD Thesis, University of Birmingham, United Kingdom, 2010.
Search in Google Scholar Back to article
21. Hau, Y. W., M. Khalil-hani, M. N. Marsono. System-Based Hardware/Software Co-Design of Elliptic Curve Cryptography System for Network Mutual Authentication. – Malaysian Journal of Computer Science, Vol. 24, 2011, No 2, pp. 111-130.
Search in Google Scholar Back to article
22. Tian, X., D. S. Wong, R. W. Zhu. Analysis and Improvement of Authenticated Key Exchange Protocol for Sensor Networks. – IEEE Communications Letters, Vol. 9, 2005, No 11, pp. 970-972.10.1109/LCOMM.2005.11006
Search in Google Scholar Back to article
23. Wu, S. T., J. H. Chiu, B. C. Chieu. ID-Based Remote Authentication with Smart Cards on Open Distributed System from Elliptic Curve Cryptography. – In: Proc. of IEEE International Conference on Electro Information Technology, 2005.
Search in Google Scholar Back to article
24. Jia, Z., Y. Zhang, H. Shao, Y. Lin, J. Wang. A Remote User Authentication Scheme Using Bilinear Pairings and ECC. – In: Proc. of 6th International Conference on Intelligent System Design and Applications, 2006, pp. 1091-1094.10.1109/ISDA.2006.253764
Search in Google Scholar Back to article
25. Abichar, P. E., A. Mhamed, B. Elhassan. A Fast and Secure Elliptic Curve Based Authenticated Key Agreement Protocol for Low Power Mobile Communications. – In: Proc. of International Conference on Next Generation Mobile Applications, Services and Technologies, 2007, pp. 235-240.10.1109/NGMAST.2007.4343427
Search in Google Scholar Back to article
26. Yang, J. H., C. C. Chang. An ID-Based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on Elliptic Curve Cryptosystem. – Computers and Security, Vol. 28, 2009, No 3, pp. 138-143.10.1016/j.cose.2008.11.008
Search in Google Scholar Back to article
27. Farouk, A., M. M. Fouad, A. A. Abdelhafez. Analysis and Improvement of Pairing-Free Certificate-Less Two-Party Autheticated Key Agreement Protocol for Grid Computing. – International Journal of Security, Privacy and Trust Management, Vol. 3, 2014, No 1, pp. 23-36.10.5121/ijsptm.2014.3103
Search in Google Scholar Back to article
28. Chen, D. J., R. Zhang. A More Secure Authentication Scheme for Telecare Medicine Information Systems. – Journal of Medical Systems, Vol. 36, 2012, No 3, pp. 1989-1995.10.1007/s10916-011-9658-521360017
Search in Google Scholar Back to article
29. He, D., J. Chen, Y. Chen. A Secure Mutual Authentication Scheme for Session Initiation Protocol Using Elliptic Curve Cryptography. – Security and Communication Networks, Vol. 5, 2012, No 12, pp. 1423-1429.10.1002/sec.506
Search in Google Scholar Back to article
30. Verma, M., R. Rani. Significant Secret Image Sharing Based on Boolean Operation. – Cybernetics and Information Technologies, Vol. 17, 2017, No 2, pp. 134-150.10.1515/cait-2017-0022
Search in Google Scholar Back to article
31. Reddy, A. G., E.-J. Yoon, A. K. Das, V. Odelu, K.-Y. Yoo. Design of Mutually Authenticated Key Agreement Protocol Resistant to Impression Attacks for Multi-Server Environment. – IEEE Access, Vol. 5, 2017, pp. 3622-3639.10.1109/ACCESS.2017.2666258
Search in Google Scholar Back to article
32. Liu, W., Q. Xie, S. Wang, B. Hu. An Improved Authenticated Key Agreement Protocol for Telecare Medicine Information System. – Springer Plus, Vol. 5, 2016, 2012, pp. 2-16.10.1186/s40064-016-2018-7485486227218005
Search in Google Scholar Back to article
33. Qiu, S., G. Xu, H. Ahmad, Y. Guo. An Enhanced Password Authentication Scheme for Session Initiation Protocol with Perfect Forward Secrecy. – PLoS ONE, Vol. 13, 2018, No 3.10.1371/journal.pone.0194072585636029547619
Search in Google Scholar Back to article
34. Yoon, E.-J., K. D. Ashok, K.-Y. Yoo, R. Alavalapati. Lightweight Authentication with Key-Agreement Protocol for Mobile Network Environment Using Smart Cards. – IET Information Security, 2016, 10. 10.1049/iet-ifs.2015.0390.10.1049/iet-ifs.2016.0288
Search in Google Scholar Back to article
35. Hafizul-Islam, S. K., G. P. Biswas. Apairing-Free Identity-Based Two-Party Authenticated Key Agreement Protocol for Secure and Efficient Communication. – Journal of King Saud University – Computer and Information Sciences, Vol. 29, 2017, pp. 63-73.10.1016/j.jksuci.2015.01.004
Search in Google Scholar Back to article
36. Lu, Y., L. Li, X. Yang, Y. Yang. Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards. – PLoS ONE, Vol. 10, 2015, No 5, e0126323. pmid:25978373.10.1371/journal.pone.0126323443334225978373
Search in Google Scholar Back to article
37. Reddy, A. G., A. K. Das, V. Odelu, K.-Y. Yoo. An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography. 2016.10.1371/journal.pone.0154308486263827163786
Search in Google Scholar Back to article
38. Liu, W., Q. Xie, S. Wang, B. Hu. An Improved Authenticated Key Agreement Protocol for Telecare Medicine Information System. – Springer Plus, 2016.10.1186/s40064-016-2018-7485486227218005
Search in Google Scholar Back to article
39. Xie, Q., Z. Tang. Biometric Based Authentication Scheme for Session Initiation Protocol. – Springer Plus, 2016.10.1186/s40064-016-2725-0494035927462493
Search in Google Scholar Back to article
40. Usha, K. S. A Biometric Based Session Key Agreement Using Modified Elliptic Curve Cryptography. – The International Arab Journal of Information Technology, Vol. 12, 2015, No 2, pp. 155-162.
Search in Google Scholar Back to article

A New Enhanced Authentication Mechanism Using Session Key Agreement Protocol

Abstract

Paradigm

My account