Design and analysis of remote authentication and access control schemes for wireless communications

Abstract

Wireless communication is susceptible to various kinds of security attacks, such as re- play attack, man-in-the-middle attack, privileged-insider attack, impersonation attacks, on- line/o ine guessing attacks, stolen-veri er attack and denial-of-service attack. Hence, to achieve hazard-free service, design of remote user authentication and remote access control mechanisms is highly essential in various applications that involve wireless communication. In this thesis, we aim to study remote user authentication and access control problems in the folliwing areas: 1) multi-server authentication in wireless medium, 2) user authentication in crowdsourcing Internet of Things (IoT) environment, 3) user authentication in distributed mo- bile cloud computing environment, and 4) ne-gained access control with user authentication in telecare medicine information system (TMIS). In the rst study, we propose a new authentication scheme for multi-server environments using Chebyshev polynomial and chaotic map. According to the proposed scheme, a user does not need to maintain di erent credentials to register with various servers. We use the user biometric along with password for authorization and access to various application servers. At the time of authentication, a session key is established between the respective server and user without involving the registration center (RC). This signi cantly reduces the commu- nication cost, and it makes the authentication process faster and e cient. The proposed scheme is light-weight compared to other related schemes. Our scheme provides strong au- thentication, supports biometrics and password change phase, and dynamic server addition phase. We perform the formal security veri cation using the broadly-accepted AVISPA (Au- tomated Validation of Internet Security Protocols and Applications) software tool to show that the presented scheme is secure. In addition, we use the formal security analysis using the Burrows-Abadi-Needham (BAN) logic along with the Real-Or-Random (ROR) model, and prove that the proposed scheme is secure against di erent known attacks. High security and signi cantly low computation and communication costs make our scheme is very suitable for multi-server environments as compared to other existing related schemes. The second study is based on designing a new chaotic map-based anonymous three-factor user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing IoT environment. The three factors involved in the proposed scheme are: 1) smart card, 2) password and 3) personal biometrics. The proposed scheme avoids computationally expensive elliptic curve point multiplication or modular exponentiation operation, which are based on public key cryptosystem. Hence, it is lightweight and e cient. The formal security veri cation using the widely-accepted veri cation tool, called the ProVerif 1.93, shows that the proposed scheme is secure. In addition, we present the formal security analysis using the both widely- accepted ROR model and BAN logic. With combination of high security and appreciably low communication and computational overheads, the proposed scheme is practical for battery limited devices used in crowdsourcing IoT environment. In the third study, we propose a new secure and lightweight mobile user authentication scheme for distributed mobile cloud computing environment. The proposed protocol is based on one-way cryptographic hash function, bitwise exclusive-OR (XOR) operation and fuzzy extractor technique. The proposed scheme supports secure key exchange, and user anonymity and untraceability properties. The proposed scheme does not involve registration center (RC), smart card generator (SCG) or identity provider (IdP) in the authentication and key estab- lishment process. Through the informal (non-mathematical) security analysis and also the rigorous formal security analysis using ROR model, it has been demonstrated that the pro- posed scheme is secure against possible well-known passive and active attacks, and also pro- vides user anonymity. Moreover, we provide formal security veri cation through ProVerif 1.93 simulation tool for the proposed scheme. In addition, we perform the authentication proof of our proposed scheme using the BAN logic. Since the proposed scheme does not exploit any resource constrained cryptosystem, it has lowest computation cost in compare to the existing related schemes. Final study involves on design of ne-grained data access control of server data with suit- able authentication scheme in TMIS and e-healcare system. It is worth noting that none of the existing user authentication protocols designed for TMIS and e-healthcare applications provide any ne-grained access control of user sensitive data. The proposed scheme also pro- vides user anonymity during any message communication that protects patient's privacy as the user never delivers his/her original identity to the the medical server. We present the formal security analysis using both the widely-accepted ROR model and BAN logic. The pro- posed scheme supports user anonymity, forward secrecy, and e cient password change without contacting the remote server. In addition, as compared to other related schemes proposed in TMIS, the proposed scheme is superior with respect to communication and computation costs. Better trade-o among security and functionality features, and communication and computa- tion costs makes the proposed scheme suitable and practical for telecare medicine environment as compared to other existing related schemes.