PhD Research Work

Thesis Title : Authentication schemes using smart card for secure communication.

Supervisor(s) :

1. Dr. R.Saravanan
   School of Information Technology and Engineering(SITE),
   VIT University, Vellore.

Doctoral committee members :

1. Dr. Kamala Krithivasan
   Department of Computer Science and Engineering,
   Indian Institute of Technology Madras, Chennai.
2. Dr.Rama
   Department of Mathematics,
   Indian Institute of Technology Madras, Chennai.

Abstract

With the rapid development of Internet and wireless technologies, users can remotely access services provided by the remote servers from anywhere at any time through public networks. As well, mobile services have noticeably increased to provide a more handy life to people. Among these services, the global roaming service allows mobile users(MU) to use network services even when they reside in foreign networks(FN) administrated by foreign agents(FA). A special network that provides such a global roaming service is called global mobile network(GLOMONET). Nevertheless, with the increase in various malicious attacks, network and information security has become an important issue for Internet-based services and mobile network services. Thus, there is a need to be more vigilant about the security and the legality of users. User authentication is one of the ways to address the security and the legality concerns of users. User authentication is the process of verifying the legitimacy of a user. However, an adversary may masquerade as a server to communicate with the user and may steal the user's secret information. Further, the adversary can pass the authentication process of the real server too, by using the stolen secret information of the user. Therefore, mutual authentication is needed in order to resist an impersonation attack(i.e., forgery attack). Other security requirements of user authentication include the ability to resist denial-of-service attack, parallel session attack, offline password guessing attack, replay attack, smart card loss attack and stolen-verifier attack, and to provide user anonymity and forward secrecy. However, in the complex Internet and mobile network environment, it is a challenge to design an efficient and secure remote user authentication scheme to meet such security requirements. Based on cryptographic techniques, several authentication schemes using smart card have previously been proposed in both remote server environment and global mobile network environment. However, all of these schemes are vulnerable to various malicious attacks as mentioned above. The main objective of this thesis is to provide secure remote user mutual authentication scheme using smart card that meets all the security requirements. The contribution of this thesis is research on authentication scheme using smart card in both remote server environment and global mobile network environment. In particular, this research cryptanalysis the recent authentication schemes using smart card in both the environments. In remote server environment, this research cryptanalysis two recent schemes, a password-based mutual authentication scheme using smart card proposed in 2009 by Rajaram et al., and a dynamic ID-based authentication scheme using smart card in 2013 by Young-Hwa. However, both schemes are insecure as we show that they fail to meet some of the security requirements. Based on this cryptanalysis, two secure authentication schemes using smart card are proposed in this thesis. One is the password-based authentication scheme and another one is dynamic ID-based authentication scheme. These two schemes meet all the necessary security requirements of the authentication scheme. In global mobile network environment, this research cryptanalysis a recent scheme, an authentication scheme with user anonymity for wireless communications in 2011 by Rhee et al.,. However, this scheme is insecure for mobile environment as we show that it fails to meet some of the security requirements. In addition, this research also proposes a secure authentication scheme with user anonymity for roaming service in global mobile networks. This research also provides performance analysis with existing authentication schemes and formal security proof.