Lightweight Multifactor Authentication Scheme for NextGen Cellular Networks

With increased interest in 6G (6th Generation) cellular networks that can support intelligently small-cell communication will result in effective device-to-device (D2D) communication. High throughput requirement in 5G/6G cellular technology requires each device to act as intelligent transmission relays. Inclusion of such intelligence relays and support of quantum computing at D2D may compromise existing security mechanisms and may lead towards primitive attacks such as impersonation attack, rouge device attack, replay attack, MITM attack, and DoS attack. Thus, an effective yet lightweight security scheme is required that can support existing low computation devices and can address the challenges that 5G/6G poses. This paper proposes a Lightweight ECC (elliptic curve cryptography)-based Multifactor Authentication Protocol (LEMAP) for miniaturized mobile devices. LEMAP is the extension of our previous published work TLwS (trust-based lightweight security scheme) which utilizes ECC with Elgamal for achieving lightweight security protocol, confidentiality, integrity, and non-repudiation. Multi-factor Authentication is based on OTP (Biometrics, random number), timestamp, challenge, and password. This scheme has mitigated the above-mentioned attacks with significantly lower computation cost, communication cost, and authentication overhead. We have proven the correctness of the scheme using widely accepted Burrows-Abadi-Needham (BAN) logic and analyzed the performance of the scheme by using a simulator. The security analysis of the scheme has been conducted using the Discrete Logarithm Problem to verify any quantum attack possibility. The proposed scheme works well for 5G/6G cellular networks for single and multihop scenarios.

View this article on IEEE Xplore

 

Most Cited Article of 2017: Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks

Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs.

View this article on IEEE Xplore