Faculty Publications
Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736
Publications by NITK Faculty
Browse
8 results
Search Results
Item Security bound enhancement of remote user authentication using smart card(Elsevier Ltd, 2017) Madhusudhan, R.; Hegde, M.Distribution of resources and services via open network has becoming latest trend in information technology. This is provided by many service provider servers. In open network, hackers can easily obtain the communication data. Therefore, open networks and servers demand the security to protect data and information. Hence, network security is most important requirement in distributed system. In this security system, authentication is considered as the fundamental and essential method. Recently many remote user authentication schemes are proposed. In 2012, WANG Ding et al. proposed a remote user authentication scheme, in which the author stated that the scheme provides protection against offline password guessing, impersonation and other known key attacks. By cryptanalysis we have identified that, WANG Ding et al.'s scheme does not provide user anonymity, once the smart card is stolen. This scheme is also susceptible to offline password guessing attack, server masquerading attack, stolen smart card attack and insider attack. Further, this scheme still has problem with proper perfect forward secrecy and user revocation. In order to fix these security weaknesses, an enhanced authentication scheme is proposed and analysed using the formal verification tool for measuring the robustness. From the observation of computational efficiency of the proposed scheme, we conclude that the scheme is more robust and easy to implement practically. © 2017Item A secure and lightweight authentication scheme for roaming service in global mobile networks(Elsevier Ltd, 2018) Madhusudhan, R.; ShashidharaGlobal Mobile Network provides global roaming service to the users moving from one network to another. It is essential to authenticate and protect the privacy of roaming users. Recently, Marimuthu and Saravanan proposed a secure authentication scheme for roaming service in mobile networks. This scheme can protect user anonymity, untraceability, and is believed to have many abilities to resist a range of attacks in global mobile networks. In this paper, we analyse the security strength of their scheme and show that the authentication protocol is in fact insecure against insider attack, stolen-verifier attack, impersonation attack, denial-of-service attack, synchronization problem, lack of user anonymity and operational inefficiencies. Hence, we propose a secure and lightweight authentication scheme for Global Mobile Networks. In addition, the proposed scheme requires few message exchanges between the entities such as MU (Mobile User), FA (Foreign Agent) and HA (Home Agent). The scheme ensures both communication and computation efficiency as compared to the well-known authentication schemes. The performance analysis shows that the proposed authentication scheme is well suited for resource limited wireless and mobile environments. © 2017 Elsevier LtdItem A secure and enhanced elliptic curve cryptography-based dynamic authentication scheme using smart card(John Wiley and Sons Ltd vgorayska@wiley.com Southern Gate Chichester, West Sussex PO19 8SQ, 2018) Madhusudhan, R.; Hegde, M.; Memon, I.In remote system security, 2-factor authentication is one of the security approaches and provides fundamental protection to the system. Recently, numerous 2-factor authentication schemes are proposed. In 2014, Troung et al proposed an enhanced dynamic authentication scheme using smart card mainly to provide anonymity, secure mutual authentication, and session key security. By the analysis of Troung et al's scheme, we observed that Troung et al' s scheme does not provide user anonymity, perfect forward secrecy, server's secret key security and does not allow the user to choose his/her password. We also identified that Troung et al's scheme is vulnerable to replay attack. To fix these security weaknesses, a robust authentication scheme is proposed and analyzed using the formal verification tool for measuring the robustness. From the observation of computational efficiency of the proposed scheme, we conclude that the scheme is more secure and easy to implement practically. © © 2018 John Wiley & Sons, Ltd.Item A robust authentication scheme for telecare medical information systems(Springer New York LLC barbara.b.bertram@gsk.com, 2019) Madhusudhan, R.; Nayak, C.S.With the speedy progress in technology, the Internet has become a non-separable part of human life. It is obvious to use the Internet in all fields and medical field is no exception. The concept of establishing telecare medicine information systems(TMIS) for patients is gaining more popularity recently. To ensure the privacy of patients and to allow authorized access to remote medical servers, many authentication schemes have been proposed. Li et al., in 2016, proposed a secure dynamic identity and chaotic maps based user authentication and key agreement scheme. They claimed that the scheme is resistant to most of the known attacks. However, from thorough cryptanalysis, we have proved that their scheme is vulnerable to user impersonation attack, password guessing attack and server impersonation attack. We have also illustrated that their scheme does not provide user anonymity, convenient smart card revocation and security to session key. To overcome the aforementioned security weaknesses, we have proposed an enhanced authentication scheme using chaotic maps, which has been discussed in this paper along with its cryptanalysis. Cryptanalysis of the proposed scheme proves that the scheme is more robust and suitable for implementation. © 2018, Springer Science+Business Media, LLC, part of Springer Nature.Item Mobile user authentication protocol with privacy preserving for roaming service in GLOMONET(Springer, 2020) Madhusudhan, R.; Shashidhara, R.In GLObal MObile NETwork (GLOMONET), it is essential to authenticate and provide secure communication between a user, foreign agent, and the home agent using session key. Designing a secure and efficient authentication protocol for roaming users in the mobile network is a challenging. In order to secure communication over an insecure channel, a number of authentication schemes have been proposed. The main weakness of the existing authentication protocols is that attackers have the ability to impersonate a legal user at any time. In addition, the existing protocols are vulnerable to various kind of cryptographic attacks such as insider attack, bit flipping attack, forgery attacks, denial-of-service attack, unfair key agreement and cannot provide user’s anonymity. To remedy these weaknesses and to achieve low communication and computation costs, we proposed a secure authentication scheme for roaming users. In addition, the formal verification tools ProVerif and AVISPA is used to check the correctness of the proposed protocol. Finally, the performance evaluation and simulation results shows that the proposed scheme is efficient in terms of communication and computational cost. © 2019, Springer Science+Business Media, LLC, part of Springer Nature.Item A novel DNA based password authentication system for global roaming in resource-limited mobile environments(Springer, 2020) Madhusudhan, R.; Shashidhara RMobile environments are highly vulnerable to security threats and pose a great challenge for the wireless and mobile networks being used today. Because the mode of a wireless channel is open, these networks do not carry any inherent security and hence are more prone to attacks. Therefore, designing a secure and robust protocol for authentication in a global mobile network is always a challenging. In these networks, it is crucial to provide authentication to establish a secure communication between the Mobile User (MU), Foreign Agent (FA) and Home Agent (HA). In order to secure communication among these entities, a number of authentication protocols have been proposed. The main security flaw of the existing authentication protocols is that attackers have the ability to impersonate a legal user at any time. Moreover, the existing authentication protocols in the literature are exposed to various kind of cryptographic attacks. Besides, the authentication protocols require larger key length and more computation overhead. To remedy these weaknesses in mobility networks, DNA (Deoxyribo Nucleic Acid) based authentication scheme using Hyper Elliptic Curve Cryptosystem (HECC) is introduced. It offers greater security and allows an MU, FA and HA to establish a secure communication channel, in order to exchange the sensitive information over the radio link. The proposed system derive benefit from HECC, which is smaller in terms of key size, more computational efficiency. In addition, the security strength of this authentication system is validated through widely accepted security verification tool called ProVerif. Further, the performance analysis shows that the DNA based authentication system using HECC is secure and practically implementable in the resource-constrained mobility nodes. © 2019, Springer Science+Business Media, LLC, part of Springer Nature.Item An improved user authentication scheme for electronic medical record systems(Springer, 2020) Madhusudhan, R.; Nayak, C.S.Electronic Medical Record (EMR) systems is a part of e-healthcare system, which is developing rapidly. In this, it is possible to deliver medical services among multiple participants over a network without physical presence. Since sensitive data is transmitted over public channels, it is very much required to maintain the secrecy of that data. This is achieved by mutual authentication between the participants. For this, various schemes for authentication with smart cards have been proposed. Han et al. proposed one such biometrics-based scheme for the same purpose using hash functions along with symmetric key encryption and elliptic curve cryptography. From cryptanalysis of their scheme, we have pointed out weaknesses viz. no user anonymity, user and server impersonation, man-in-the-middle attack. These security issues have been presented in this article. To overcome these attacks, a scheme has been proposed in this article. Since it does not use symmetric key encryption, the proposed scheme reduces the computational complexity as can be seen in the comparison provided. The security analysis of the proposed scheme, along with BAN (Burrows-Abadi-Needham) logic has been explained in detail. Comparison of the proposed scheme with related schemes with respect to computation cost, execution time and performance is demonstrated. This proves that the proposed scheme performs well in terms of security as well as computational efficiency. © 2020, Springer Science+Business Media, LLC, part of Springer Nature.Item Robust and secure authentication protocol protecting privacy for roaming mobile user in global mobility networks(Inderscience Publishers, 2021) Madhusudhan, R.; Suvidha, K.S.With the advent of new 5G technology there is a need to develop security architecture. Two factor authentication schemes are developed to address the security features such as user anonymity and privacy preservation during roaming scenario in GLObal Mobility NETwork. The entire communication during roaming is carried over insecure channel and owing to this, security concern is raised. The main objective of the proposed protocol is to secure the channel and to overcome all active and passive security attacks. The proposed protocol addresses the active and passive security attacks that exist in 5G cellular networks which are formally verified using AVISPA tool. The proposed protocol is simulated using NS2.35 simulator and the performance metrics such as throughput, end to end delivery and packet delivery ratio are computed. The protocol is efficient in terms of computational and communication cost. The proposed scheme is robust and practically implementable. © 2021 Inderscience Enterprises Ltd.