Journal Articles

Permanent URI for this collectionhttps://idr.nitk.ac.in/handle/123456789/19884

Browse

Subject: search.filters.subject.Authentication

Search Results

Now showing 1 - 10 of 24
  • No Thumbnail Available
    Item
    Digital signature-based secure node disjoint multipath routing protocol for wireless sensor networks
    (2012) Shiva Murthy, G.; D'Souza, R.J.; Varaprasad, G.
    The objective of energy efficient routing protocol is to increase the operational lifetime of the wireless sensor networks. Multipath routing protocols enhance the lifetime of the wireless sensor networks by distributing traffic among multiple paths instead of a single optimal path. Transmission of secured data is also an important research concern in the wireless sensor networks. In this paper, a secure node disjoint multipath routing protocol for wireless sensor networks is proposed. Here, the data packets are transmitted in a secure manner by using the digital signature crypto system. It is compared with an ad hoc on-demand multipath distance vector routing protocol. It shows better results in terms of packet delivery fraction, energy consumption, and end-to-end delay compared to the ad hoc on-demand multipath distance vector routing. © 2012 IEEE.
  • No Thumbnail Available
    Item
    Security bound enhancement of remote user authentication using smart card
    (Elsevier Ltd, 2017) Madhusudhan, R.; Hegde, M.
    Distribution of resources and services via open network has becoming latest trend in information technology. This is provided by many service provider servers. In open network, hackers can easily obtain the communication data. Therefore, open networks and servers demand the security to protect data and information. Hence, network security is most important requirement in distributed system. In this security system, authentication is considered as the fundamental and essential method. Recently many remote user authentication schemes are proposed. In 2012, WANG Ding et al. proposed a remote user authentication scheme, in which the author stated that the scheme provides protection against offline password guessing, impersonation and other known key attacks. By cryptanalysis we have identified that, WANG Ding et al.'s scheme does not provide user anonymity, once the smart card is stolen. This scheme is also susceptible to offline password guessing attack, server masquerading attack, stolen smart card attack and insider attack. Further, this scheme still has problem with proper perfect forward secrecy and user revocation. In order to fix these security weaknesses, an enhanced authentication scheme is proposed and analysed using the formal verification tool for measuring the robustness. From the observation of computational efficiency of the proposed scheme, we conclude that the scheme is more robust and easy to implement practically. © 2017
  • No Thumbnail Available
    Item
    Batch verification of Digital Signatures: Approaches and challenges
    (Elsevier Ltd, 2017) Kittur, A.S.; Pais, A.R.
    Digital Signatures can be considered analogous to an ordinary handwritten signature for signing messages in the Digital world. Digital signature must be unique and exclusive for each signer. Multiple Digital Signatures signed by either single or multiple signers can be verified at once through Batch Verification. There are two main issues with respect to Batch Verification of Digital Signatures; first is the security problem and the second is the computational speed. Due to e-commerce proliferation, quick verification of Digital Signatures through specific hardware or efficient software becomes critical. Internet companies, banks, and other such organizations use Batch verification to accelerate verification of large number of Digital Signatures. Many Batch Verification techniques have been proposed for various Digital Signature algorithms. But most of them lack the security requirements such as signature authenticity, integrity, and non-repudiation. Hence there is a need for the study of batch verification of Digital Signatures. The main contributions of our survey include: (a) Identifying and categorizing various Batch verification techniques for RSA, DSS, and ECDSA(includes schemes based on Bilinear Pairing) (b) Providing a comparative analysis of these Batch Verification techniques (c) Identifying various research challenges in the area of Batch verification of signatures. © 2017 Elsevier Ltd
  • No Thumbnail Available
    Item
    A secure and lightweight authentication scheme for roaming service in global mobile networks
    (Elsevier Ltd, 2018) Madhusudhan, R.; Shashidhara
    Global Mobile Network provides global roaming service to the users moving from one network to another. It is essential to authenticate and protect the privacy of roaming users. Recently, Marimuthu and Saravanan proposed a secure authentication scheme for roaming service in mobile networks. This scheme can protect user anonymity, untraceability, and is believed to have many abilities to resist a range of attacks in global mobile networks. In this paper, we analyse the security strength of their scheme and show that the authentication protocol is in fact insecure against insider attack, stolen-verifier attack, impersonation attack, denial-of-service attack, synchronization problem, lack of user anonymity and operational inefficiencies. Hence, we propose a secure and lightweight authentication scheme for Global Mobile Networks. In addition, the proposed scheme requires few message exchanges between the entities such as MU (Mobile User), FA (Foreign Agent) and HA (Home Agent). The scheme ensures both communication and computation efficiency as compared to the well-known authentication schemes. The performance analysis shows that the proposed authentication scheme is well suited for resource limited wireless and mobile environments. © 2017 Elsevier Ltd
  • No Thumbnail Available
    Item
    DetLogic: A black-box approach for detecting logic vulnerabilities in web applications
    (Academic Press, 2018) Deepa, G.; Santhi Thilagam, P.S.; Praseed, A.; Pais, A.R.
    Web applications are subject to attacks by malicious users owing to the fact that the applications are implemented by software developers with insufficient knowledge about secure programming. The implementation flaws arising due to insecure coding practices allow attackers to exploit the application in order to perform adverse actions leading to undesirable consequences. These flaws can be categorized into injection and logic flaws. As large number of tools and solutions are available for addressing injection flaws, the focus of the attackers is shifting towards exploitation of logic flaws. The logic flaws allow attackers to compromise the application-specific functionality against the expectations of the stakeholders, and hence it is important to identify these flaws in order to avoid exploitation. Therefore, a prototype called DetLogic is developed for detecting different types of logic vulnerabilities such as parameter manipulation, access-control, and workflow bypass vulnerabilities in web applications. DetLogic employs black-box approach, and models the intended behavior of the application as an annotated finite state machine, which is subsequently used for deriving constraints related to input parameters, access-control, and workflows. The derived constraints are violated for simulating attack vectors to identify the vulnerabilities. DetLogic is evaluated against benchmark applications and is found to work effectively. © 2018 Elsevier Ltd
  • No Thumbnail Available
    Item
    A secure and enhanced elliptic curve cryptography-based dynamic authentication scheme using smart card
    (John Wiley and Sons Ltd vgorayska@wiley.com Southern Gate Chichester, West Sussex PO19 8SQ, 2018) Madhusudhan, R.; Hegde, M.; Memon, I.
    In remote system security, 2-factor authentication is one of the security approaches and provides fundamental protection to the system. Recently, numerous 2-factor authentication schemes are proposed. In 2014, Troung et al proposed an enhanced dynamic authentication scheme using smart card mainly to provide anonymity, secure mutual authentication, and session key security. By the analysis of Troung et al's scheme, we observed that Troung et al' s scheme does not provide user anonymity, perfect forward secrecy, server's secret key security and does not allow the user to choose his/her password. We also identified that Troung et al's scheme is vulnerable to replay attack. To fix these security weaknesses, a robust authentication scheme is proposed and analyzed using the formal verification tool for measuring the robustness. From the observation of computational efficiency of the proposed scheme, we conclude that the scheme is more secure and easy to implement practically. © © 2018 John Wiley & Sons, Ltd.
  • No Thumbnail Available
    Item
    A robust authentication scheme for telecare medical information systems
    (Springer New York LLC barbara.b.bertram@gsk.com, 2019) Madhusudhan, R.; Nayak, C.S.
    With the speedy progress in technology, the Internet has become a non-separable part of human life. It is obvious to use the Internet in all fields and medical field is no exception. The concept of establishing telecare medicine information systems(TMIS) for patients is gaining more popularity recently. To ensure the privacy of patients and to allow authorized access to remote medical servers, many authentication schemes have been proposed. Li et al., in 2016, proposed a secure dynamic identity and chaotic maps based user authentication and key agreement scheme. They claimed that the scheme is resistant to most of the known attacks. However, from thorough cryptanalysis, we have proved that their scheme is vulnerable to user impersonation attack, password guessing attack and server impersonation attack. We have also illustrated that their scheme does not provide user anonymity, convenient smart card revocation and security to session key. To overcome the aforementioned security weaknesses, we have proposed an enhanced authentication scheme using chaotic maps, which has been discussed in this paper along with its cryptanalysis. Cryptanalysis of the proposed scheme proves that the scheme is more robust and suitable for implementation. © 2018, Springer Science+Business Media, LLC, part of Springer Nature.
  • No Thumbnail Available
    Item
    A new batch verification scheme for ECDSA ? signatures
    (Springer, 2019) Kittur, A.S.; Pais, A.R.
    In this paper, we propose an efficient batch verification algorithm for ECDSA? (Elliptic Curve Digital Signature Algorithm)? signatures. Our scheme is efficient for both single and multiple signers. ECDSA? signature is a modified version of ECDSA, which accelerates the verification of ECDSA signature by more than 40%. However, the highlighting feature of our proposed scheme is its efficiency for varied batch sizes. The scheme is resistant to forgery attacks by either signer or intruder. The performance of our scheme remains consistent for higher batch sizes too (? 8). Our paper also discusses the possible attacks on ECDSA signatures and also how our scheme is resistant to such attacks. © 2019, Indian Academy of Sciences.
  • No Thumbnail Available
    Item
    Mobile user authentication protocol with privacy preserving for roaming service in GLOMONET
    (Springer, 2020) Madhusudhan, R.; Shashidhara, R.
    In GLObal MObile NETwork (GLOMONET), it is essential to authenticate and provide secure communication between a user, foreign agent, and the home agent using session key. Designing a secure and efficient authentication protocol for roaming users in the mobile network is a challenging. In order to secure communication over an insecure channel, a number of authentication schemes have been proposed. The main weakness of the existing authentication protocols is that attackers have the ability to impersonate a legal user at any time. In addition, the existing protocols are vulnerable to various kind of cryptographic attacks such as insider attack, bit flipping attack, forgery attacks, denial-of-service attack, unfair key agreement and cannot provide user’s anonymity. To remedy these weaknesses and to achieve low communication and computation costs, we proposed a secure authentication scheme for roaming users. In addition, the formal verification tools ProVerif and AVISPA is used to check the correctness of the proposed protocol. Finally, the performance evaluation and simulation results shows that the proposed scheme is efficient in terms of communication and computational cost. © 2019, Springer Science+Business Media, LLC, part of Springer Nature.
  • No Thumbnail Available
    Item
    A trust model based batch verification of digital signatures in IoT
    (Springer, 2020) Kittur, A.S.; Pais, A.R.
    In the modern day world, the Internet of things (IoT) is not a new concept. IoT is getting deployed in various applications and fields. Hence with this fast-growing trend, it is essential to maintain the security in the IoT network. Digital Signature is one of the important ways to authenticate an electronic document or a message during communication. Multiple digital signatures are verified at once through the concept of batch verification. Batch verification of multiple digital signatures reduces the computation load and time. Hence this concept is beneficial in IoT environment where nodes have low computation power and operate in a real-time environment. In this paper, we have developed a Trust Model for IoT which helps the Gateway node to identify the trusted sensor nodes which perform batch verification. The sensor nodes receive a batch of signatures from the Gateway node and verify signatures through batch verification and accordingly send back the results. The trust model that we have developed in this paper significantly reduces the probability of selecting unreliable nodes for verification and also reduces the computation load at Gateway node. We have implemented our trust model and presented the results for batch verification of digital signatures. © 2019, Springer-Verlag GmbH Germany, part of Springer Nature.