1. Ph.D Theses

Permanent URI for this collectionhttps://idr.nitk.ac.in/handle/1/11

Browse

Subject: search.filters.subject.Authentication

Search Results

Now showing 1 - 3 of 3
  • Thumbnail Image
    Item
    Secure Authentication Schemes for Roaming Service in Global Mobility Networks
    (National Institute of Technology Karnataka, Surathkal, 2021) Suvidha, K S.; Madhusudhan, R.
    Distribution of resources and services via open network has become the latest trend in information technology. In the open network, hackers can easily obtain the communication data. Therefore, open network demands the security to protect data and information. Hence, network security is the most important requirement in an open network. In the security system, authentication plays a major role. User authentication is a central component of any security infrastructure. Other security measures depend upon verifying the identity of the sender and receiver of information. Authorization grants privileges based upon identity. Audit trails would not provide accountability without authentication. Confidentiality and integrity are broken if we can't reliably differentiate an authorized entity from an unauthorized entity. Remote user authentication is a mechanism to identify the remote users over an insecure communication network. In remote user authentication, password authentication is the simplest method to authenticate the user. But, the limitations in the password authentication approach leads towards the development of two-factor authentication. There are hundreds of remote user authentication schemes have been proposed by many researchers. None of the schemes achieve all the security goals and many schemes fail to provide security against various attacks. Even though some of the schemes provide the security, they are not efficient in terms of computation and communication cost. Hence, it is necessary to design an efficient and secure authentication scheme. This thesis aims to provide efficient and secure remote user authentication schemes in distributed systems and networks. There are many factors involved in authentication schemes and these factors use the characteristics of the password, smart card and biometric. This research concentrates on cryptanalysis and improvements of the smart card based two-factor remote user authentication schemes. Till date, many smart card based remote user authentication schemes have been proposed. But, every scheme has its security flaws. None of the schemes have succeeded to achieve all the security requirements and goals. Also, many schemes do not provide a strong formal proof to prove the security of the scheme. In this thesis, cryptanalysis of the recently proposed remote user authentication schemes has been done to identify the vulnerabilities. New schemes have been proposed to overcome the identified security flaws. Security of i the proposed schemes has been formally analyzed using BAN logic. Furthermore, the proposed schemes have been simulated using Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Through this simulation, it has been ensured that the proposed scheme is secure against active and passive attacks. Using NS 2 simulator, the performance metrics such as throughput, end to end delivery and packet delivery ratio are calculated for the proposed scheme. In the literature study, it is observed that to avoid the replay attack, many remote user authentication schemes depend on clock synchronization. But the clock synchronization has its own disadvantages. Also, the schemes, which are independent of clock synchronization are vulnerable to replay attack. To fix these weaknesses, a novel authentication scheme has been proposed. By employing the Elliptic Curve Diffie-Hellman (ECDH) key exchange algorithm, the proposed scheme resists the replay attack. Through the security analysis, it is proved that the scheme achieves all the security goals and resists well-known attacks like insider attack, offline password guessing attack, etc. The proposed scheme security have been analyzed using BAN logic and simulated in AVISPA tool. Through these results, it is ensured that the proposed scheme resists all security attacks. The contributions of this thesis is to the improve the security of the existing authentication schemes. In particular, this research analyzes the Gope and Hwang, Fan Wu et al. and Lee et al.'s schemes. However, the analyzed schemes have many security flaws like fail to provide user anonymity and forward secrecy, vulnerable to the stolen smart card attack, insider attack, guessing attack etc. Based on the analysis, this research proposes improved schemes to overcome the identified weaknesses. Furthermore, a novel authentication scheme has been proposed to resist security attacks. Finally, the thesis presents concluding remarks and discusses the future scope.
  • Thumbnail Image
    Item
    Cryptanalysis and Improvement of Dynamic ID Based Remote User Authentication Schemes Using Smart Card
    (National Institute of Technology Karnataka, Surathkal, 2019) Hegde, Manjunath Vishweshwar; Madhusudhan, R.
    Distribution of resources and services via open network has become the latest trend in information technology. In the open network, hackers can easily obtain the communication data. Therefore, open network demands the security to protect data and information. Hence, network security is a most important requirement in a distributed system. In the security system, authentication plays a major role. User authentication is a central component of any security infrastructure. Other security measures depend upon verifying the identity of the sender and receiver of information. Authorization grants privileges based upon identity. Audit trails would not provide accountability without authentication. Confidentiality and integrity are broken if we can't reliably differentiate an authorized entity from an unauthorized entity. Remote user authentication is a mechanism to identify the remote users over an insecure communication network. In remote user authentication, password authentication is the simplest method to authenticate the user. But, the limitations in the password authentication approach leads towards the development of two-factor authentication. There are hundreds of remote user authentication schemes have been proposed by many researchers. None of the schemes achieve all the security goals and many schemes fail to provide security against various attacks. Even though some of the schemes provide the security, they are not efficient in terms of computation and communication cost. Hence, it is necessary to design an efficient and secure authentication scheme. This thesis aims to provide efficient and secure remote user authentication schemes in distributed systems and networks. There are many factors involved in authentication schemes and these factors use the characteristics of the password, smart card and biometric. This research concentrates on cryptanalysis and improvements of the smart card based two-factor remote user authentication schemes. Till date, many smart card based remote user authentication schemes have been proposed. But, every scheme has its security flaws. None of the schemes have succeeded to achieve all the security reiquirements and goals. Also, many schemes do not provide a strong formal proof to prove the security of the scheme. In this thesis, cryptanalysis of the recently proposed remote user authentication schemes has been done to identify the vulnerabilities. New schemes have been proposed to overcome the identified security flaws. Security of the proposed schemes has been formally analyzed using BAN logic. Furthermore, the proposed schemes have been simulated using Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Through this simulation, it has been ensured that the proposed scheme is secure against all attacks. In the literature study, it is observed that to avoid the replay attack, many remote user authentication schemes depend on clock synchronization. But the clock synchronization has its own disadvantages. Also, the schemes, which are independent of clock synchronization are vulnerable to replay attack. To fix these weaknesses, a novel authentication scheme has been proposed. By employing the Elliptic Curve Diffie-Hellman (ECDH) key exchange algorithm, the proposed scheme resists the replay attack. Through the security analysis, it is proved that the scheme achieves all the security goals and resists well-known attacks like insider attack, offline password guessing attack, etc. The proposed scheme security have been analyzed using BAN logic and simulated in AVISPA tool. Through these result, it is ensured that the proposed scheme resists all security attacks. The contributions of this thesis is to the improve the security of the existing authentication schemes. In particular, this research analyzes the Wen and Li, Ding et al. and Troung et al.'s schemes. However, the analyzed schemes have many security flaws like fail to provide user anonymity and forward secrecy, vulnerable to the stolen smart card attack, insider attack, guessing attack etc. Based on the analysis, this research proposes improved schemes to overcome the identified weaknesses. Furthermore, a novel authentication scheme has been proposed to avoid the replay attack without clock synchronization. Finally, the thesis presents concluding remarks and discusses the future scope.
  • Thumbnail Image
    Item
    Design of Robust Authentication Protocols for Roaming Service in Glomonet and Mitigation of XSS Attacks in Web Applications
    (National Institute of Technology Karnataka, Surathkal, 2019) Shashidhara; Madhusudhan, R.
    Mobile devices have become an indispensable part of our daily lives due to the immense range of applications including communication, e-commerce, social networking, information sharing and so on. Progressively, mobile device permits to couple with other gadgets using Wi-Fi (Wireless Fidelity), Bluetooth and GPS (Global Positioning System) technologies to access the Internet services and other location based services. In this context, privacy and security issues are also raised. Users are able to access ubiquitous services over wireless and mobile networks. These mobility environments rely on open channel and make use of radio waves to transmit the information across the network. The messages transmitted over radio channels are susceptible to various attacks. In this environment, the adversaries can launch possible threats, including eavesdropping, masquerading, and tampering, which results in financial loss due to information leakage, stealing of passwords, etc. Hence, securing the network through ensuring authentication, confidentiality, maintaining the integrity of information being transmitted and stored is therefore essential. Authentication is the process of verifying a claimed identity. The authentication method can involve multiple factors with the level of security being proportional to the number and type of factors involved. The authentication system plays a crucial role in the context of GLObal MObility NETwork (GLOMONET) where Mobile User (MU) often need to seamless and secure roaming service over multiple Foreign Agents (FA). The possibility of several network threats can be found when a mobile user is unaware of the attacker or third party. Hence, promising the authentication of all communication entities in the mobile networks is essential, which is known as mutual authentication. In this thesis, we study the importance of authentication and key agreement mechanism for the roaming service in global mobility networks. Initially, the security strength of various authentication protocols in mobility networks have been analyzed and reveals that the existing protocols are vulnerable to well-known attacks. As a remedy, the seicure and robust authentication protocols for roaming service have been desinged. The proposed protocols have been proved to be secure using informal security analysis, Burrows-Abadi-Needham (BAN) logic, and also with the broadly-accepted formal security verification tool called Automated Validation of Internet Security Protocols and Applications (AVISPA). In order to provide the privacy-preserving mechanism in mobility environments, a DNA (Deoxyribo Nucleic Acid) based authentication protocol using Hyper Elliptic Curve Cryptosystem (HECC) has been introduced. Authentication using DNA cryptography prevents MU’s password cracking by mapping the plaintext password into a DNA sequence. Further, the proposed scheme replaces elliptic curve cryptosystem with HECC to provide the message confidentiality. HECC is very popular because of it’s smaller key length, operational efficiency, easily implementable in software and hardware platforms. In addition, the proposed DNA based authentication protocol is verified using ProVerif as a formal verification tool. The demonstration of the proposed authentication protocols are simulated using NS-2 simulator for various network performance parameters. Finally, the performance analysis and simulation results shows that the proposed authentication protocols is robust, computationally efficient and practically implementable in the resource-limited mobility environments. In this research, we also focus on the most common and dangerous attack named cross site scripting (XSS) in web applications. XSS attacks permit an attacker to execute the malicious scripts on the victim’s web browser resulting in various side-effects like data compromise, stealing of cookies, passwords, credit card numbers etc. Therefore, a secure XSS framework has been designed, in order to deal with malicious XSS vectors that reaches a browser from all possible routes.