Papers by mohammad sabzinejad Farash
The Journal of Supercomputing, Mar 8, 2016
Multi-server authentication (MSA) enables the user to avail multiple services permitted from vari... more Multi-server authentication (MSA) enables the user to avail multiple services permitted from various servers out of a single registration through registration centre. Earlier, through single-server authentication, a user had to register all servers individually for availing the respective services. In the last few years, many MSA-based schemes have been presented; however, most of these suffer communication overhead cost due to the Registration Centre (RC) involvement in every mutual authentication session. In voice communication this round-trip latency becomes even more noticeable. Hence, the focus of the protocols design has been shifted towards lightweight cryptographic techniques such as Chebyshev chaotic map technique (CCM). We have reviewed few latest MSA-related schemes based on CCM and elliptic curve cryptography (ECC) as well. Based on these limitations and considerations, we have proposed a single-round trip MSA protocol based on CCM technique that foregoes the RC involvement during mutual authentication. Our study work is cost efficient in terms B Azeem Irshad
Cluster Computing, Aug 21, 2017
Telecare medical information system (TMIS) constructs an efficient and convenient connection betw... more Telecare medical information system (TMIS) constructs an efficient and convenient connection between patients and the medical server. The patients can enjoy medical services through public networks, and hence the protection of patients' privacy is very significant. Very recently, Wu et al. identified Jiang et al.'s authentication scheme had some security drawbacks and proposed an enhanced authentication scheme for TMIS. However, we analyze Wu et al.'s scheme and show that their scheme suffers from server spoofing attack, off-line password guessing attack, impersonation attack. Moreover, Wu et al.'s scheme fails to preserve the claimed patient anonymity and its password change phase is unfriendly and inefficient. Thereby, we present a novel anonymous authentication scheme for telecare medical information systems to eliminate the aforementioned faults. Besides, We demonstrate the completeness of the proposed scheme through the BAN logic. Furthermore, the security of our proposed scheme is proven through Bellare and Rogaways model. Compared with the related existing schemes, our scheme is more secure.
A provably secure and efficient authentication scheme for access control in mobile pay-TV systems
Multimedia Tools and Applications, Sep 28, 2014
An improved smart card based authentication scheme for session initiation protocol
Peer-to-peer Networking and Applications, Sep 15, 2015
ABSTRACT
International Journal of Communication Systems, Jul 14, 2015
With the Internet and communication technology change rapidly, people enable to use the roaming n... more With the Internet and communication technology change rapidly, people enable to use the roaming networks. Users applied the account of their home networks to use the services in foreign networks. The mutual authentication between the mobile node and the foreign network is implemented through the home network. However, most of the authentication schemes were not guarantee the security and efficiency. In 2015, Farash et al. showed that Shin and Wen's scheme was unable to resist user traceability, user impersonation, known session key attacks, etc. They proposed the improved authentication scheme. However, we indicate that Farash et al.'s scheme also had not anonymity property and suffering the password guessing attacked, mobile user and foreign network impersonation attack, moreover the known session key attack.Thus, we describe security problems and reasons in detail, analyzed with the attack process. Also, propose a better authentication scheme in the future.
Information Technology and Control, Jun 30, 2017
The main contribution of this paper is to analyze a secure password authentication mechanism (SPA... more The main contribution of this paper is to analyze a secure password authentication mechanism (SPAM), proposed by Chuang et al. in 2013 (IEEE Syst J.). The SPAM was used for designing a secure handover in Proxy Mobile IPv6 (PMIPv6) networks. Chuang et al. in the original paper claimed that SPAM provides high security properties and can resist various attacks. However, in this paper we point out that SPAM is vulnerable to the critical attacks, such as stolen smart card and off-line dictionary attack, replay attack and impersonation attack. In addition, we show that the identity of mobile nodes (MNs) and the session key between MNs and mobile access gateway (MAG) can be disclosed by an insider attacker; resultantly, anonymity and confidentiality between MNs and MAG will be completely broken in SPAM. In-order to counter these problems, an improved scheme is offered which also reduces the computational cost. Moreover, the scheme delivers the anonymity/ untraceability and secure session key agreement. Finally, the security of the scheme is proved in the random oracle model.
Journal of King Saud University - Computer and Information Sciences, Jul 1, 2017
In the literature, many three-party authenticated key exchange (3PAKE) protocols are put forwarde... more In the literature, many three-party authenticated key exchange (3PAKE) protocols are put forwarded to established a secure session key between two users with the help of trusted server. The computed session key will ensure secure message exchange between the users over any insecure communication networks. In this paper, we identified some deficiencies in Tan's 3PAKE protocol and then devised an improved 3PAKE protocol without symmetric key en/decryption technique for mobile-commerce environments. The proposed protocol is based on the elliptic curve cryptography and one-way cryptographic hash function. In order to prove security validation of the proposed 3PAKE protocol we have used widely accepted AVISPA software whose results confirm that the proposed protocol is secure against active and passive attacks including replay and man-in-themiddle attacks. The proposed protocol is not only secure in the AVISPA software, but it also secure
The Journal of Supercomputing, Dec 30, 2015
The rapid advancement in communication technologies enables remote users to acquire a number of o... more The rapid advancement in communication technologies enables remote users to acquire a number of online services. All such online services are provided remotely facilitating the users to freely move any where with out disruption of the services. In order to ensure seamless and secure services to the remote user such services espouse authentication protocols. A number of authentication protocols are readily available to achieve security and privacy in remote client server architecture. Most of these schemes are tailored for single server architecture. In such scenario, if a user wants to attain the services provided by more than one servers he has to register with each server. In recent times, multiserver authentication has got much attention, where a user can register once and then can acquire services provided by multiple servers. Very recently, Lu et al. proposed a biometric, smart card and password-based three
Information Technology and Control, Dec 12, 2013
In 2012, Xie proposed an authentication scheme based on Elliptic Curve Cryptography (ECC) for Ses... more In 2012, Xie proposed an authentication scheme based on Elliptic Curve Cryptography (ECC) for Session Initiation Protocol (SIP). However, this paper demonstrates that the Xie's scheme is vulnerable to impersonation attack by which an active adversary can easily forge the server's identity. Based on this attack, we also show that the Xie's scheme is also defenceless to off-line password guessing attack. Therefore, we propose a more secure and efficient scheme, which does not only cover all the security flaws and weaknesses of related previous protocols, but also provides more functionalities. We also evaluate the proposed protocol by AVISPA (Automated Validation of Internet Security Protocols and Applications) tools and confirm its security attributes.
Journal of Medical Systems, Apr 26, 2015
Telecare medical information systems (TMIS) provides rapid and convenient health care services re... more Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. (J. Med. Syst. 38(10):135, 2014) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography This article is part of the Topical Collection on Patient Facing Systems
A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography
Electronic Commerce Research, Jun 25, 2015
ABSTRACT The use of e-payment system for electronic trade is on its way to make daily life more e... more ABSTRACT The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient. Contrarily, there are a number of security issues to be addressed, user anonymity and fair exchange have become important concerns along with authentication, confidentiality, integrity and non-repudiation. In a number of existing e-payment schemes, the customer pays for the product before acquiring it. Furthermore, many such schemes require very high computation and communication costs. To address such issues recently Yang et al. proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption. They excluded the need of digital signatures for authentication. Further they claimed their schemes to resist replay, man-in-middle, impersonation and identity theft attack while providing confidentiality, authenticity, integrity and privacy protection. However our analysis exposed that Yang et al.'s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An adversary just having knowledge of public parameters can easily masquerade as a legal user. Furthermore, we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.'s schemes. We prove the security of our schemes using automated tool ProVerif. The improved schemes are more robust and more lightweight than Yang et al.'s schemes which is evident from security and performance analysis.
An improved and provably secure privacy preserving authentication protocol for SIP
Peer-to-peer Networking and Applications, Sep 7, 2015
ABSTRACT
Single round-trip SIP authentication scheme with provable security for Voice over Internet Protocol using smart card
Multimedia Tools and Applications, Nov 4, 2015
In recent years, Voice over Internet Protocol (VoIP) has gained more and more popularity as an ap... more In recent years, Voice over Internet Protocol (VoIP) has gained more and more popularity as an application of the Internet technology. For various IP applications including VoIP, the topic of Session Initiation Protocol (SIP) has attracted major concern from researchers. SIP is an advanced signaling protocol operating on Internet Telephony. SIP uses digest authentication protocols such as Simple Mail Transport Protocol (SMTP) and Hyper Text Transport Protocol (HTTP). When a user seeks SIP services, authentication plays an important role in providing secure access to the server only to the authorized access seekers. Being an insecure-channel-based protocol, a SIP authentication protocol is susceptible to adversarial threats. Therefore, security is a big concern in SIP authentication mechanisms. This paper reveals the security vulnerabilities of two recently proposed SIP authentication schemes for VoIP, Irshad et al.’s scheme [Multimed. Tools. Appl. doi:10.1007/s11042-013-1807-z] and Arshad and Nikooghadam’s scheme [Multimed. Tools. Appl. DOI 10.1007/s11042-014-2282-x], the later scheme is based on the former scheme. Irshad et al.’s scheme suffers from password guessing, user impersonation and server spoofing attacks. Arshad and Nikooghadam’s scheme can be threatened with server spoofing and stolen verifier attack. None of these two schemes achieve mutual authentication. It also fails to follow the single round-trip authentication design of Irshad et al.’s scheme. To overcome these weaknesses, we propose a provable secure single round-trip SIP authentication scheme for VoIP using smart card. We formally prove the security of the scheme in random oracle and demonstrate through discussion its resistance to various attacks. The comparative analysis shows that the proposed SIP authentication scheme offers superior performance with a little extra computational cost.
PFLUA-DIoT: A Pairing Free Lightweight and Unlinkable User Access Control Scheme for Distributed IoT Environments
IEEE Systems Journal, Mar 1, 2022
The Internet of Things (IoT) connects enormous objects through various sensors to facilitate dail... more The Internet of Things (IoT) connects enormous objects through various sensors to facilitate daily life by interconnecting the information space with the decision-makers. Security and privacy are, however, the main concerns in IoT due to the openness of communication channels and the unattended nature of common sensors. To provide security and privacy for sensors and users in IoT-based systems; in 2019, Zhou et al. proposed an unlinkable authentication scheme using bilinear pairings. However, the vulnerability of their scheme against sensor node impersonation attack as proved in this article renders the scheme of their work impractical and insecure. A pairing free lightweight and unlinkable authentication scheme for distributed IoT devices (PFLUA-DIoT) is then proposed in this article. The security of PFLUA-DIoT is proved using the formal method along with a discussion on its provision of security features. The performance and security comparisons show that PFLUA-DIoT provides known security features and provides better performance. Due to the avoidance of bilinear pairing-based expensive operations, PFLUA-DIoT completes authentication in less than half running time as compared with their and related schemes. Therefore, the PFLUA-DIoT can address the security and privacy issues of IoT, practically and efficiently.
Arabian journal for science and engineering, Aug 11, 2017
In the multi-server authentication (MSA) paradigm, a subscriber might avail multiple services of ... more In the multi-server authentication (MSA) paradigm, a subscriber might avail multiple services of different service providers, after registering from registration authority. In this approach, the user has to remember only a single password for all service providers, and servers are relieved of individualized registrations. Many MSA-related schemes have been presented so far, however with several drawbacks. In this connection, recently Li et al. in Wirel.
Nonlinear Dynamics, Feb 28, 2014
In theory, high key and high plaintext sensitivities are a must for a cryptosystem to resist the ... more In theory, high key and high plaintext sensitivities are a must for a cryptosystem to resist the chosen/known plaintext and the differential attacks. High plaintext sensitivity can be achieved by ensuring that each encrypted result is plaintext-dependent. In this work, we make detailed cryptanalysis on a published chaotic map-based image encryption system, where the encryption process is plaintext Image dependent. We show that some designing flaws make the published cryptosystem vulnerable to chosen-plaintext attack, and we then proposed an enhanced algorithm to overcome those flaws.
Security and Communication Networks, Jun 29, 2015
Very recently, Kumari et al. proposed a symmetric key and smart card-based remote user password a... more Very recently, Kumari et al. proposed a symmetric key and smart card-based remote user password authentication scheme to enhance Chung et al.'s scheme. They claimed their enhanced scheme to provide anonymity while resisting all known attacks. In this paper, we analyze that Kumari et al.'s scheme is still vulnerable to anonymity violation attack as well as smart card stolen attack. Then we propose a supplemented scheme to overcome security weaknesses of Kumari et al.'s scheme. We have analyzed the security of the proposed scheme in random oracle model which confirms the robustness of the scheme against all known attacks. We have also verified the security of our scheme using automated tool ProVerif.
arXiv (Cornell University), Oct 17, 2020
Wireless Body Sensor Network (WBSN) is a developing technology with constraints in energy consump... more Wireless Body Sensor Network (WBSN) is a developing technology with constraints in energy consumption, coverage radius, communication reliability. Also, communications between nodes contain very sensitive personal information in which sometimes due to the presence of hostile environments, there are a wide range of security risks. As such, designing authenticated key agreement (AKA) protocols is an important challenge in these networks. Recently, Li et al. proposed a lightweight scheme using the hash and XOR functions which is much more efficient compared with similar schemes based on elliptic curve. However, the investigations revealed that the claim concerning the unlinkability between the sessions of a sensor node is NOT true. The present paper considers the security issues of the scheme proposed by Li et al. and some of its new extensions in order to propose a new AKA scheme with anonymity and unlinkability of the sensor node sessions. The results of theoretical analysis compared with similar schemes indicate that the proposed scheme reduces average energy consumption and average computation time by 61 percent while reduces the average communication cost by 41 percent. Further, it has been shown by formal and informal analysis that, Besides the two anonymity and unlinkability features, the other main features of the security in the proposed scheme are comparable and similar to the recent similar schemes.
IACR Cryptology ePrint Archive, 2011
Multiple key agreement protocols produce several session keys instead of one session key. Most of... more Multiple key agreement protocols produce several session keys instead of one session key. Most of the multiple key agreement protocols do not utilize the hash functions in the signature schemes used for identification. Not using hash function in these protocols causes that the protocols do not satisfy some requirement security properties. In this paper we review the multiple key agreement protocols and perform attacks on some of them. Then we introduce a new multiple key agreement protocol and show that the proposed protocol is more secure than the existent multiple key agreement protocols.
An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment
Ad hoc networks, 2016
ABSTRACT The concept of Internet of Things (IOT), which is already at our front doors, is that ev... more ABSTRACT The concept of Internet of Things (IOT), which is already at our front doors, is that every object in the Internet infrastructure (II) is interconnected into a global dynamic expanding network. Sensors and smart objects are beside classical computing devices key parties of the IOT. We can already exploit the benefits of the IOT by using various wearable or smart phones which are full of diverse sensors and actuators and are connected to the II via GPRS or Wi-Fi. Since sensors are a key part of IOT, thus are wireless sensor networks (WSN). Researchers are already working on new techniques and efficient approaches on how to integrate WSN better into the IOT environment. One aspect of it is the security aspect of the integration. Recently, Turkanovic et al.'s proposed a highly efficient and novel user authentication and key agreement scheme (UAKAS) for heterogeneous WSN (HWSN) which was adapted to the IOT notion. Their scheme presented a novel approach where a user from the IOT can authenticate with a specific sensor node from the HWSN without having to communicate with a gateway node. Moreover their scheme is highly efficient since it based on a simple symmetric cryptosystem. Unfortunately we have found that Turkanovic et al.'s scheme has some security shortcomings and is susceptible to some cryptographic attacks. This paper focuses on overcoming the security weaknesses of Turkanovic et al.'s by proposing a new and improved UAKAS. The proposed scheme enables the same functionality but improves the security level and enables the HWSN to dynamically grow without influencing any party involved in the UAKAS. The results of security analysis by BAN-logic and AVISPA tools confirm the security properties of the proposed scheme.