逢 甲 大 學 資 訊 工 程 學 系 博 士 班 博 士 論 文 針對公開通訊網路之不可追蹤的多因子認 證金鑰協定 Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications 指導教授：張真誠 研 究 生：阮玉宇 中 華 民 國 一 百 零 七 年 六 月 Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications Acknowledgements First of all, I would like to express my sincere thanks to my supervisor, Professor Chin-Chen Chang at Fengchia University, for his invaluable advice, and heartfelt and timely encouragement during my time at MSN Lab Without his guiding inputs both in academic knowledge and in research procedures, I would not be able to complete my Ph.D programme I am thankful to the faculty and staff members of Department of Information Engineering and Computer Science, especially Ms Ya-Jane Chen, for their great support My appreciation to friends and colleagues for their companionship and inspiration, particularly during stressful periods of research orientation I would like to thank Le Thi Yen, Nguyen Van Hanh, and Nguyen Bich Van for their help of revision English And last but not least, I am grateful to my family – to my wife, Doan Thi Diem, my son, Nguyen The Duc Anh, for their love, understanding and sacrifice during my seven years away from home; and to my parents for being my anchor as always Nguyen Ngoc Tu iii FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications 摘要 公開通道上的私人連接成為分佈式網絡中的重要組成部分。 由於經濟價格，可 接受的通訊質量和廣泛的可用性等巨大優勢，通信變得越來越普遍。 然而，公 開通道的脆弱性為參與者的隱私和交換信息帶來了各式各樣的潛在風險。 本研 究的重點在於設計強健的身份驗證密鑰協議協議以確保系統具備基本的安全特 性，即機密性，完整性，真實性和隱私。多因素(包括密碼，智能卡和生物識別 信息)已被用來為多種網絡模型提供高級安全協議，例如:多服務器環境，三方 通信，會話發起協議（SIP）和移動衛星網絡。 對於多服務器環境，我們採用生物哈希技術來生成加密的生物哈希碼，並 且用漢明距離來驗證用戶的輸入資訊。 拉格朗日多項式插值法和公鑰技術也 被用來控制用戶的訪問，並為參與者提供撤銷機制。 在三方AKE方案中，我們 利用生物散列模板和一次性密碼為具有高度動態用戶的系統設計一個健壯的協 議。在SIP認證的密鑰協商協議中，利用一次性隨機種子從用戶的掌紋生成新的 哈希代碼來加密所有敏感信息。 最終用戶能夠使用一個短期令牌直接與其他用 戶和多媒體服務器建立安全會話。 在移動衛星方案中，我們利用用戶密碼，智 能卡，秘密身份和公共身份等多種因素加強系統安全。 我們還採用生物哈希技 術對敏感數據進行編碼並驗證用戶的輸入。 其中，短期令牌也被用來方便用戶 直接與其他用戶和應用服務器進行會話密鑰的驗證和協商。 針對上述所有協議都進行了非正式分析。 另外，最後三種方案在隨機預言 模型中都被證明是安全的。 所提出的協議不僅可以抵禦大部分已知的攻擊，還 可以為參與者提供許多理想的功能，包括匿名，隱私，訪問控制，撤銷，生物 統計錯誤抵抗和長期秘鑰更新。 關鍵詞: 身份認證，密鑰協議，生物識別，生物哈希碼，智能卡，匿名， 不可分割性，多服務器網絡，三方協議，會話發起協議，移動衛 星網絡。 iv FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications Abstract Private connections over a public channel become an essential block in modern distributed networks With tremendous advantages such as economical price, acceptable quality, and widespread availability, the communication has been more and more prevalent The vulnerability of the public channels, however, has posed different potential risks to participants’ privacy as well as their exchanged information This study focused on designing robust authenticated key agreement protocols to equip the system with the essential security features, namely confidentiality, integrity, authenticity, and privacy Multi-factors, including a password, a smart card, and biometric information have been employed to propose high-level security protocols for diverse network models, such as multi-server environments, three-party communications, session initiation protocols (SIP), and mobile satellite networks For multi-server scenarios, we adopted Biohashing techniques to generate encrypted Biohash codes, and Hamming distance to verify user inputs The Lagrange polynomial interpolation and public-key technique were also employed to control users’ access and to provide participants with revocation mechanisms In the three-party AKE schemes, along with Biohashing template, a random one-time password was utilized to design a robust protocol for systems with highly dynamic users In the SIP authenticated key agreement protocol, one-time random seeds were utilized to generate refreshed PalmHash codes from user’s palmprint to encrypt all sensitive information An end user could utilize only one short-term token to establish secured sessions directly either with other end-users and with multimedia servers In the mobile satellite scheme, multiple factors, involving user’s password, smart card, secret identity, and public identity were utilized to strengthen the system security It also employed the Biohashing template to encode sensitive data and to verify user’s inputs The shortterm tokens were exploited to facilitate users to authenticate and negotiate session keys directly with other end users and with application servers Informal analyses were carried out for all the protocols mentioned above Additionally, the last three schemes are provably secure in random oracle model Not only were they thus can resist most of the known attacks but also provide participants with many desirable features, including anonymity, template privacy, access control, revocation, biometric error resistance, and long-term secret update Keywords: Authentication, key agreement, biometric, Biohashing, smart card, anonymity,anonymity, untractability, multi-server networks, threeparty protocols, session initiation protocols, mobile satellite networks v FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications Table of Contents Acknowledgements iii 摘要 iv Abstract v Table of Contents vi List of Figures xi List of Tables xii Introduction 1.1 Research Motivation 1.2 Thesis Objectives 1.3 Organization An Untraceable Biometric-based Multi-server Authenticated Key Agreement Protocol with Revocation 2.1 Introduction 2.2 Review of Mishra et al.’s Scheme 2.2.1 Server registration 2.2.2 User registration 2.2.3 User login 2.2.4 Authentication 2.2.5 Password change Cryptanalysis of Mishra et al.’s Scheme 2.3.1 Biohashing limitation 2.3.2 Traceable user attack 2.3.3 Denial-of-service and impersonation attacks 2.3.4 User access control and pre-shared key attack The Proposed Scheme 10 2.4.1 Initial phase 10 2.4.2 Server registration 10 2.4.3 User registration 11 2.4.4 User login 12 2.3 2.4 vi FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications 2.5 2.6 2.7 2.4.5 Authentication 12 2.4.6 Password and biohashing update 13 2.4.7 User access control and revocation 14 Security Analysis 14 2.5.1 User untraceability 15 2.5.2 Mutual authentication 15 2.5.3 Session key agreement and verification 15 2.5.4 Biohash code error resistance 16 2.5.5 Relay and man-in-the-middle attacks 16 2.5.6 Denial-of-service attack 17 2.5.7 Off–line password guessing attack 17 2.5.8 Stolen smart card and user impersonation attack 18 2.5.9 Known session key attack 18 2.5.10 Online password guessing attack 18 2.5.11 Known session-specific temporary information attack 19 2.5.12 Privileged insider attack 19 2.5.13 Server spoofing attack 19 2.5.14 Known pre-key shared attack 20 2.5.15 Forward secrecy 20 Performance Comparisons 20 2.6.1 Security performance 20 2.6.2 Computation performance 20 Chapter Summary 22 Untraceable Biometric-based Three-party Authenticated Key Exchange For Dynamic Systems 23 3.1 Introduction 23 3.2 Review of Yoon and Yoo’s Scheme 26 3.2.1 Registration 26 3.2.2 Authenticated key agreement 27 3.2.3 Password update 27 Cryptanalysis of Yoon and Yoo’s Scheme 28 3.3.1 Key compromised impersonation attack 28 3.3.2 Biometric weaknesses 28 3.3.3 Traceable attack 28 3.3.4 Known session-specific temporary information attack 29 3.3 vii FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications 3.4 3.5 3.6 3.7 3.8 3.9 Review of Islam’s Scheme 29 3.4.1 System initialization phase 29 3.4.2 User registration phase 29 3.4.3 Authenticated key exchange phase 30 3.4.4 Password update phase 31 3.4.5 Lost smart card revocation 31 Cryptanalysis of Islam’s Scheme 32 3.5.1 Off-line password guessing attack from the lost smart card 32 3.5.2 Key compromised impersonation attack 32 3.5.3 Traceable attack 33 The Proposed Scheme 33 3.6.1 Biohashing function 33 3.6.2 Setup phase 34 3.6.3 Registration phase 34 3.6.4 Authenticated key exchange 35 3.6.5 Password and biohashing update 37 3.6.6 User revocation 37 3.6.7 Lost smart card revocation 39 Security Analysis 39 3.7.1 Informal security analysis 39 3.7.2 Formal security analysis 45 Performance Comparisons 51 3.8.1 Security performance 51 3.8.2 Computation comparisons 51 Chapter Summary 53 A Biometric-based Authenticated Key Agreement Scheme for Session Initiation Protocol in IP-based Multimedia Networks 54 4.1 Introduction 54 4.2 Biometric Code 57 4.2.1 PalmHash function 58 4.2.2 PalmHash code verification 59 4.2.3 Exclusive-OR operations on matrices and PalmHash codes 59 The Proposed Scheme 60 4.3.1 Setup phase 60 4.3.2 Registration phase 61 4.3 viii FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [22] S H Islam, “Design and analysis of a three party password–based authenticated key exchange protocol using extended chaotic maps,” Information Sciences, vol 312, pp 104–130, 2015 [23] F Wei, J Ma, A Ge, G Li, and C Ma, “A provably secure three–party password authenticated key exchange protocol without using server’s public–keys and symmetric cryptosystems,” Information Technology and Control, vol 44, no 2, pp 195–206, 2015 [24] J O Kwon, I R Jeong, and D H Lee, “Three–round smart card–based key exchange scheme,” IEICE Transactions on Communications, vol 90, no 11, pp 3255–3258, 2007 [25] X Li, Y Zhang, X Liu, and J Cao, “A lightweight three–party privacy–preserving authentication key exchange protocol using smart card,” KSII Transactions on Internet and Information Systems, vol 7, no 5, pp 1313–1327, 2013 [26] H Yang, Y Zhang, Y Zhou, X Fu, H Liu, and A V Vasilakos, “Provably secure three–party authenticated key agreement protocol using smart cards,” Computer Networks, vol 58, pp 29–38, 2014 [27] M S Farash, M A Attari, and S Kumari, “Cryptanalysis and improvement of a three–party password–based authenticated key exchange protocol with user anonymity using extended chaotic maps,” International Journal of Communication Systems, vol 30, no 1, p e2912, 2017 [28] X Hu and Z Zhang, “Cryptanalysis and enhancement of a chaotic maps–based three–party password authenticated key exchange protocol,” Nonlinear Dynamics, vol 78, no 2, pp 1293–1300, 2014 [29] Q Xie, B Hu, and T Wu, “Improvement of a chaotic maps–based three–party password–authenticated key exchange protocol without using server’s public key and smart card,” Nonlinear Dynamics, vol 79, no 4, pp 2345–2358, 2015 [30] E.-J Yoon and K.-Y Yoo, “Robust biometric–based three–party authenticated key establishment protocols,” International Journal of Computer Mathematics, vol 88, no 6, pp 1144–1157, 2011 [31] L Wu, Y Zhang, and F Wang, “A new provably secure authentication and key agreement protocol for SIP using ECC,” Computer Standards & Interfaces, vol 31, no 2, pp 286–291, 2009 128 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [32] A Irshad, M Sher, M S Faisal, A Ghani, M Ul Hassan, and S Ashraf Ch, “A secure authentication scheme for session initiation protocol by using ECC on the basis of the tang and liu scheme,” Security and Communication Networks, vol 7, no 8, pp 1210–1218, 2014 [33] Z Zhang, Q Qi, N Kumar, N Chilamkurti, and H.-Y Jeong, “A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography,” Multimedia Tools and Applications, vol 74, no 10, pp 3477–3488, 2015 [34] B D Deebak, R Muthaiah, K Thenmozhi, and P I Swaminathan, “Analyzing three–party authentication and key agreement protocol for real time ip multimedia server–client systems,” Multimedia Tools and Applications, vol 75, no 10, pp 5795–5817, 2016 [35] Y Lu, L Li, H Peng, and Y Yang, “A secure and efficient mutual authentication scheme for session initiation protocol,” Peer-to-Peer Networking and Applications, vol 9, no 2, pp 449–459, 2016 [36] B D Deebak, R Muthaiah, K Thenmozhi, and P I Swaminathan, “Analyzing the mutual authenticated session key in ip multimedia server–client systems for 4g networks,” Turkish Journal of Electrical Engineering & Computer Sciences, vol 24, no 4, pp 3158–3177, 2016 [37] L Zhang, S Tang, and S Zhu, “An energy efficient authenticated key agreement protocol for SIP–based green VoIP networks,” Journal of Network and Computer Applications, vol 59, pp 126–133, 2016 [38] H Arshad and M Nikooghadam, “Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol,” The Journal of Supercomputing, vol 71, no 8, pp 3163–3180, 2015 [39] H Tu, N Kumar, N Chilamkurti, and S Rho, “An improved authentication protocol for session initiation protocol using smart card,” Peer-to-Peer Networking and Applications, vol 8, no 5, pp 903–910, 2015 [40] M S Farash, S Kumari, and M Bakhtiari, “Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography,” Multimedia Tools and Applications, vol 75, no 8, pp 4485–4504, 2016 [41] Q Xie and Z Tang, “Biometrics based authentication scheme for session initiation protocol,” SpringerPlus, vol 5, no 1, p 1045, 2016 129 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [42] L Zhang, S Tang, and S Zhu, “A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP,” Peer-to-Peer Networking and Applications, vol 9, no 1, pp 108–126, 2016 [43] G Zheng, H.-T Ma, C Cheng, and Y.-C Tu, “Design and logical analysis on the access authentication scheme for satellite mobile communication networks,” IET Information Security, vol 6, no 1, pp 6–13, 2012 [44] J.-L Tsai, N.-W Lo, and T.-C Wu, “Secure anonymous authentication scheme without verification table for mobile satellite communication systems,” International Journal of Satellite Communications and Networking, vol 32, no 5, pp 443–452, 2014 [45] Y Zhang, J Chen, and B Huang, “Security analysis of an authentication and key agreement protocol for satellite communications,” International Journal of Communication Systems, vol 27, no 12, pp 4300–4306, 2014 [46] M H Ibrahim, S Kumari, A K Das, and V Odelu, “Jamming resistant non– interactive anonymous and unlinkable authentication scheme for mobile satellite networks,” Security and Communication Networks, vol 9, no 18, pp 5563–5580, 2016 [47] H.-Y Lin, “Efficient dynamic authentication for mobile satellite communication systems without verification table,” International Journal of Satellite Communications and Networking, vol 34, no 1, pp 3–10, 2016 [48] Y Liu, A Zhang, S Li, J Tang, and J Li, “A lightweight authentication scheme based on self–updating strategy for space information network,” International Journal of Satellite Communications and Networking, vol 35, no 3, pp 231–248, 2017 [49] E.-J Yoon, K.-Y Yoo, J.-W Hong, S.-Y Yoon, D.-I Park, and M.-J Choi, “An efficient and secure anonymous authentication scheme for mobile satellite communication systems,” EURASIP Journal on Wireless Communications and Networking, vol 2011, no 1, p 86, 2011 [50] C.-C Lee, C.-T Li, and R.-X Chang, “A simple and efficient authentication scheme for mobile satellite communication systems,” International Journal of Satellite Communications and Networking, vol 30, no 1, pp 29–38, 2012 130 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [51] Y Zhang, J Chen, and B Huang, “An improved authentication scheme for mobile satellite communication systems,” International Journal of Satellite Communications and Networking, vol 33, no 2, pp 135–146, 2015 [52] S Beheshtifard, “Validation of authentication protocols for mobile satellite systems,” International Journal of Advanced Biotechnology and Research, vol 7, pp 1517–1521, 2016 [53] L Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol 24, no 11, pp 770–772, 1981 [54] I.-C Lin, M.-S Hwang, and L.-H Li, “A new remote user authentication scheme for multi–server architecture,” Future Generation Computer Systems, vol 19, no 1, pp 13–22, 2003 [55] W.-C Ku, S.-T Chang, and M.-H Chiang, “Weaknesses of a remote user authentication scheme using smart cards for multi–server architecture,” IEICE Transactions on Communications, vol E88B, no 8, pp 3451–3454, 2005 [56] W.-S Juang, “Efficient multi–server password authenticated key agreement using smart cards,” IEEE Transactions on Consumer Electronics, vol 50, no 1, pp 251– 255, 2004 [57] W.-C Ku, H.-M Chuang, and M.-H Chiang, “Cryptanalysis of a multi–server password authenticated key agreement scheme using smart cards,” IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, vol E88A, no 11, pp 3235–3238, 2005 [58] W.-J Tsaur, J.-H Li, and W.-B Lee, “An efficient and secure multi–server authentication scheme with key agreement,” Journal of Systems and Software, vol 85, no 4, pp 876–882, 2012 [59] C.-T Li, C.-C Lee, C.-Y Weng, and C.-I Fan, “An extended multi–server–based user authentication and key agreement scheme with user anonymity,” KSII Transactions on Internet and Information Systems, vol 7, no 1, pp 119–131, 2013 [60] B Wang and M Ma, “A smart card based efficient and secured multi–server authentication scheme,” Wireless Personal Communications, vol 68, no 2, pp 361– 378, 2013 [61] D He and S Wu, “Security flaws in a smart card based authentication scheme for multi–server environment,” Wireless Personal Communications, vol 70, no 1, pp 323–329, 2013 131 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [62] S H Islam, “A provably secure ID–based mutual authentication and key agreement scheme for mobile multi–server environment without esl attack,” Wireless Personal Communications, vol 79, no 3, pp 1975–1991, 2014 [63] C.-C Lee, D.-C Lou, C.-T Li, and C.-W Hsu, “An extended chaotic–maps–based protocol with key agreement for multiserver environments,” Nonlinear Dynamics, vol 76, no 1, pp 853–866, 2014 [64] Y.-P Liao and S.-S Wang, “A secure dynamic ID based remote user authentication scheme for multi–server environment,” Computer Standards & Interfaces, vol 31, no 1, pp 24–29, 2009 [65] H.-C Hsiang and W.-K Shih, “Improvement of the secure dynamic ID based remote user authentication scheme for multi–server environment,” Computer Standards & Interfaces, vol 31, no 6, pp 1118–1123, 2009 [66] S K Sood, A K Sarje, and K Singh, “A secure dynamic identity based authentication protocol for multi–server architecture,” Journal of Network and Computer Applications, vol 34, no 2, pp 609–618, 2011 [67] C.-C Lee, T.-H Lin, and R.-X Chang, “A secure dynamic ID based remote user authentication scheme for multi–server environment using smart cards,” Expert Systems with Applications, vol 38, no 11, pp 13863–13870, 2011 [68] X Li, Y Xiong, J Ma, and W Wang, “An efficient and security dynamic identity based authentication protocol for multi–server architecture using smart cards,” Journal of Network and Computer Applications, vol 35, no 2, pp 763–769, 2012 [69] M.-H Shao and Y.-C Chin, “A privacy–preserving dynamic ID–based remote user authentication scheme with access control for multi–server environment,” IEICE Transactions on Information and Systems, vol E95D, no 1, pp 161–168, 2012 [70] D He, J Chen, W Shi, and M K Khan, “On the security of an authentication scheme for multi–server architecture,” International Journal of Electronic Security and Digital Forensics, vol 5, no 3-4, pp 288–296, 2013 [71] D B He and H Hu, “Cryptanalysis of a dynamic ID–based remote user authentication scheme with access control for multi–server environments,” IEICE Transactions on Information and Systems, vol 96, no 1, pp 138–140, 2013 [72] X Li, J Ma, W Wang, Y Xiong, and J Zhang, “A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments,” Mathematical and Computer Modelling, vol 58, no 1, pp 85–95, 2013 132 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [73] R S Pippal, C Jaidhar, and S Tapaswi, “Robust smart card authentication scheme for multi–server architecture,” Wireless Personal Communications, vol 72, no 1, pp 729–745, 2013 [74] W Tao, J Nan, and M Jianfeng, “Cryptanalysis of two dynamic identity based authentication schemes for multi–server architecture,” China Communications, vol 11, no 11, pp 125–134, 2014 [75] D Wang and P Wang, “On the anonymity of two–factor authentication schemes for wireless sensor networks: Attacks, principle and solutions,” Computer Networks, vol 73, pp 41–57, 2014 [76] H Kim, W Jeon, K Lee, Y Lee, and D Won, “Cryptanalysis and improvement of a biometrics–based multi–server authentication with key agreement scheme,” in Computational Science and Its Applications – ICCSA 2012, vol 7335, pp 391– 406, Springer, Berlin Heidelberg, 2012 [77] E.-J Yoon and K.-Y Yoo, “Robust biometrics–based multi–server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem,” Journal of Supercomputing, vol 63, no 1, pp 235–255, 2013 [78] M.-C Chuang and M C Chen, “An anonymous multi–server authenticated key agreement scheme based on trust computing using smart cards and biometrics,” Expert Systems with Applications, vol 41, no 4, pp 1411–1418, 2014 [79] Y Choi, J Nam, D Lee, J Kim, J Jung, and D Won, “Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics,” Scientific World Journal, vol 2014, pp 1–15, 2014 [80] T Maitra and D Giri, “An efficient biometric and password–based remote user authentication using smart card for telecare medical information systems in multi– server environment,” Journal of Medical Systems, vol 38, no 12, pp 1–19, 2014 [81] D Yang and B Yang, “A biometric password–based multi–server authentication scheme with smart card,” in Computer Design and Applications (ICCDA), 2010 International Conference on, vol 5, pp V5–554–V5–559, IEEE, 2010 [82] D He and D Wang, “Robust biometrics–based authentication scheme for multiserver environment,” Systems Journal, IEEE, vol 9, no 3, pp 816–823, 2014 [83] V Odelu, A K Das, and A Goswami, “A secure biometrics–based multi–server authentication protocol using smart cards,” Information Forensics and Security, IEEE Transactions on, vol 10, no 9, pp 1953–1966, 2015 133 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [84] A T B Jin, D N C Ling, and A Goh, “Biohashing: two factor authentication featuring fingerprint data and tokenised random number,” Pattern Recognition, vol 37, no 11, pp 2245–2255, 2004 [85] A Lumini and L Nanni, “An improved biohashing for human authentication,” Pattern Recognition, vol 40, no 3, pp 1057–1065, 2007 [86] E Barker, “Recommendation for key management part 1: General (revision 4),” NIST Special Publication, vol 800, no 57, pp 1–147, 2016 [87] M Steiner, G Tsudik, and M Waidner, “Refinement and extension of encrypted key exchange,” ACM SIGOPS Operating Systems Review, vol 29, no 3, pp 22–30, 1995 [88] C.-L Lin, H.-M Sun, and T Hwang, “Three–party encrypted key exchange: attacks and a solution,” ACM SIGOPS Operating Systems Review, vol 34, no 4, pp 12–20, 2000 [89] Y Ding and P Horster, “Undetectable on–line password guessing attacks,” ACM SIGOPS Operating Systems Review, vol 29, no 4, pp 77–86, 1995 [90] W Li, Q Wen, Q Su, H Zhang, and Z Jin, “Password–authenticated multiple key exchange protocol for mobile applications,” China Communications, vol 9, no 1, pp 64–72, 2012 [91] J Nam, K.-K R Choo, S Han, J Paik, and D Won, “Two–round password–only authenticated key exchange in the three–party setting,” Symmetry, vol 7, no 1, pp 105–124, 2015 [92] C.-C Lee, C.-T Li, and C.-W Hsu, “A three–party password–based authenticated key exchange protocol with user anonymity using extended chaotic maps,” Nonlinear Dynamics, vol 73, no 1-2, pp 125–132, 2013 [93] M S Farash and M A Attari, “An efficient and provably secure three–party password–based authenticated key exchange protocol based on chebyshev chaotic maps,” Nonlinear Dynamics, vol 77, no 1-2, pp 399–411, 2014 [94] F Zhao, P Gong, S Li, M Li, and P Li, “Cryptanalysis and improvement of a three–party key agreement protocol using enhanced chebyshev polynomials,” Nonlinear Dynamics, vol 74, no 1-2, pp 419–427, 2013 134 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [95] C.-C Lee, C.-T Li, S.-T Chiu, and Y.-M Lai, “A new three–party–authenticated key agreement scheme based on chaotic maps without password table,” Nonlinear Dynamics, vol 79, no 4, pp 2485–2495, 2014 [96] X Wang and J Zhao, “An improved key agreement protocol based on chaos,” Communications in Nonlinear Science and Numerical Simulation, vol 15, no 12, pp 4052–4057, 2010 [97] W.-S Jaung, “Efficient three–party key exchange using smart cards,” Consumer Electronics, IEEE Transactions on, vol 50, no 2, pp 619–624, 2004 [98] E.-J Yoon and K.-Y Yoo, “Enhanced three–round smart card–based key exchange protocol,” in Autonomic and Trusted Computing, pp 507–515, Springer, 2008 [99] S Wu, Y Zhu, and Q Pu, “Cryptanalysis and enhancements of three–party authenticated key exchange protocol using ECC,” Journal of Information Science and Engineering, vol 27, no 4, pp 1329–1343, 2011 [100] J Zhao, D Gu, and L Zhang, “Security analysis and enhancement for three–party password–based authenticated key exchange protocol,” Security and Communication Networks, vol 5, no 3, pp 273–278, 2012 [101] T.-H Chen, W.-B Lee, and H.-B Chen, “A round–and computation–efficient three–party authenticated key exchange protocol,” Journal of Systems and Software, vol 81, no 9, pp 1581–1590, 2008 [102] M K Khan and D He, “Weaknesses of “security analysis and enhancement for three–party password–based authenticated key exchange protocol”,” in Data and Knowledge Engineering, pp 243–249, Springer, 2012 [103] S Park and H.-J Park, “Privacy preserving three–party authenticated key agreement protocol using smart cards,” International Journal of Security and Its Applications, vol 8, no 4, pp 307–320, 2014 [104] J Tournemille and D Tamagno, “Smart card device used as mass storage device,” Sept 20 2005 US Patent 6,945,454 [105] T Okamoto and D Pointcheval, “The gap–problems: A new class of problems for the security of cryptographic schemes,” in International Workshop on Public Key Cryptography, pp 104–118, Springer, 2001 [106] A K Das and B Bruhadeshwar, “An improved and effective secure password– based authentication and key agreement scheme using smart cards for the telecare 135 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications medicine information system,” Journal of Medical Systems, vol 37, no 5, pp 1– 17, 2013 [107] I Mishkovski and L Kocarev, “Chaos–based public-key cryptography,” in ChaosBased Cryptography: Theory, Algorithms and Applications (L Kocarev and S Lian, eds.), pp 27–65, Springer Berlin Heidelberg, 2011 [108] T Găuneysu and C Paar, “Ultra high performance ECC over NIST primes on commercial FPGAs,” in Cryptographic Hardware and Embedded Systems–CHES 2008, pp 62–78, Springer, 2008 [109] A D Keromytis, “A comprehensive survey of voice over IP security research,” IEEE Communications Surveys & Tutorials, vol 14, no 2, pp 514–537, 2012 [110] M Handley, H Schulzrinne, E Schooler, and J Rosenberg, “SIP: session initiation protocol,” tech rep., IETF, 1999 [111] J Rosenberg, H Schulzrinne, G Camarillo, A Johnston, J Peterson, R Sparks, M Handley, and E Schooler, “SIP: session initiation protocol,” tech rep., IETF, 2002 [112] J Franks, P Hallam-Baker, J Hostetler, S Lawrence, P Leach, A Luotonen, and L Stewart, “HTTP authentication: Basic and digest access authentication,” tech rep., IETF, 1999 [113] D Geneiatakis, T Dagiuklas, G Kambourakis, C Lambrinoudakis, S Gritzalis, S Ehlert, D Sisalem, et al., “Survey of security vulnerabilities in session initiation protocol.,” IEEE Communications Surveys and Tutorials, vol 8, no 1-4, pp 68–81, 2006 [114] C.-C Yang, R.-C Wang, and W.-T Liu, “Secure authentication scheme for session initiation protocol,” Computers & Security, vol 24, no 5, pp 381–386, 2005 [115] E.-J Yoon and K.-Y Yoo, “A new authentication scheme for session initiation protocol,” in 2009 International Conference on Complex, Intelligent and Software Intensive Systems, pp 549–554, IEEE, 2009 [116] Y Lu, L Li, and Y Yang, “Robust and efficient authentication scheme for session initiation protocol,” Mathematical Problems in Engineering, vol 2015, pp 1–9, 2015 136 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [117] Y.-P Liao and S.-S Wang, “A new secure password authenticated key agreement scheme for SIP using self–certified public keys on elliptic curves,” Computer Communications, vol 33, no 3, pp 372–380, 2010 [118] K Wu, P Gong, J Wang, X Yan, and P Li, “An improved authentication protocol for session initiation protocol using smart card and elliptic curve cryptography,” Romanian Journal of Information Science and Technology, vol 16, no 4, pp 324– 335, 2013 [119] H.-L Yeh, T.-H Chen, and W.-K Shih, “Robust smart card secured authentication scheme on SIP using elliptic curve cryptography,” Computer Standards & Interfaces, vol 36, no 2, pp 397–402, 2014 [120] L Zhang, S Tang, and Z Cai, “Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card,” International Journal of Communication Systems, vol 27, no 11, pp 2691– 2702, 2014 [121] L Zhang, S Tang, and Z Cai, “Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol–based communications,” IET Communications, vol 8, no 1, pp 83–91, 2014 [122] A Irshad, M Sher, E Rehman, S A Ch, M U Hassan, and A Ghani, “A single round–trip SIP authentication scheme for voice over internet protocol using smart card,” Multimedia Tools and Applications, vol 74, no 11, pp 3967–3984, 2015 [123] Q Jiang, J Ma, and Y Tian, “Cryptanalysis of smart card–based password authenticated key agreement protocol for session initiation protocol of zhang et al.,” International Journal of Communication Systems, vol 28, no 7, pp 1340–1351, 2015 [124] S Kumari, S A Chaudhry, F Wu, X Li, M S Farash, and M K Khan, “An improved smart card based authentication scheme for session initiation protocol,” Peer-to-Peer Networking and Applications, vol 10, no 1, pp 92–105, 2017 [125] H Arshad and M Nikooghadam, “An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc,” Multimedia Tools and Applications, vol 75, no 1, pp 181–197, 2016 [126] M S Farash, “Security analysis and enhancements of an improved authentication for session initiation protocol with provable security,” Peer-to-Peer Networking and Applications, vol 9, no 1, pp 82–91, 2016 137 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [127] S A Chaudhry, H Naqvi, M Sher, M S Farash, and M U Hassan, “An improved and provably secure privacy preserving authentication protocol for sip,” Peer-toPeer Networking and Applications, vol 10, no 1, pp 1–15, 2017 [128] M S Farash and M A Attari, “An anonymous and untraceable password–based authentication scheme for session initiation protocol using smart cards,” International Journal of Communication Systems, vol 29, no 13, pp 1956–1967, 2016 [129] D Mishra, A K Das, and S Mukhopadhyay, “A secure and efficient ECC–based user anonymity–preserving session initiation authentication protocol using smart card,” Peer-to-Peer Networking and Applications, vol 9, no 1, pp 171–192, 2016 [130] D Mishra, A K Das, S Mukhopadhyay, and M Wazid, “A secure and robust smartcard–based authentication scheme for session initiation protocol using elliptic curve cryptography,” Wireless Personal Communications, vol 91, no 3, pp 1361– 1391, 2016 [131] C.-H Wang and Y.-S Liu, “A dependable privacy protection for end–to–end VoIP via Elliptic–Curve Diffie–Hellman and dynamic key changes,” Journal of Network and Computer Applications, vol 34, no 5, pp 1545–1556, 2011 [132] H Arshad and M Nikooghadam, “Three–factor anonymous authentication and key agreement scheme for telecare medicine information systems,” Journal of Medical Systems, vol 38, no 12, p 136, 2014 [133] F Wu, L Xu, S Kumari, and X Li, “An improved and provably secure three–factor user authentication scheme for wireless sensor networks,” Peer-to-Peer Networking and Applications, vol 11, no 1, pp 1–20, 2018 [134] H Schulzrinne and E Wedlund, “Application–layer mobility using SIP,” in Service Portability and Virtual Customer Environments, pp 29–36, IEEE, 2000 [135] A K Jain, K Nandakumar, and A Nagar, “Biometric template security,” EURASIP Journal on Advances in Signal Processing, vol 2008, p 113, 2008 [136] L Leng and J Zhang, “Palmhash code vs palmphasor code,” Neurocomputing, vol 108, pp 1–12, 2013 [137] L Leng, A B J Teoh, M Li, and M K Khan, “Analysis of correlation of 2DPalmHash Code and orientation range suitable for transposition,” Neurocomputing, vol 131, pp 377–387, 2014 138 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [138] L Leng, A B J Teoh, M Li, and M K Khan, “Orientation range of transposition for vertical correlation suppression of 2DPalmPhasor Code,” Multimedia Tools and Applications, vol 74, no 24, pp 11683–11701, 2015 [139] L Leng and A B J Teoh, “Alignment–free row–co–occurrence cancelable palmprint fuzzy vault,” Pattern Recognition, vol 48, no 7, pp 2290–2303, 2015 [140] L Leng, A B J Teoh, and M Li, “Simplified 2DPalmHash code for secure palmprint verification,” Multimedia Tools and Applications, vol 76, no 6, pp 8373– 8398, 2017 [141] D Butcher, X Li, and J Guo, “Security challenge and defense in VoIP infrastructures,” IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol 37, no 6, pp 1152–1162, 2007 [142] L Leng, A B J Teoh, M Li, and M K Khan, “A remote cancelable palmprint authentication protocol based on multi–directional two–dimensional PalmPhasor– fusion,” Security and Communication Networks, vol 7, no 11, pp 1860–1871, 2014 [143] Y Li, X Li, and X Liu, “A fast and efficient hash function based on generalized chaotic mapping with variable parameters,” Neural Computing and Applications, vol 28, no 6, pp 1405–1415, 2017 [144] Y Liu, Y Zheng, Y Liang, S Liu, and D S Rosenblum, “Urban water quality prediction based on multi–task multi–view learning,” in Proceedings of the Twenty– Fifth International Joint Conference on Artificial Intelligence, IJCAI’16, pp 2576– 2582, AAAI Press, 2016 [145] F Meng, G Fu, and D Butler, “Cost–effective river water quality management using integrated real–time control technology,” Environmental Science & Technology, vol 51, no 17, pp 9876–9886, 2017 [146] Y Liu, L Nie, L Liu, and D S Rosenblum, “From action to activity: Sensor–based activity recognition,” Neurocomputing, vol 181, pp 108–115, 2016 [147] D Eckhoff and I Wagner, “Privacy in the smart city–applications, technologies, challenges and solutions,” IEEE Communications Surveys & Tutorials, vol 20, no 1, pp 489–516, 2018 [148] I F Akyildiz, S Mohanty, and J Xie, “A ubiquitous mobile communication architecture for next–generation heterogeneous wireless systems,” IEEE Communications Magazine, vol 43, no 6, pp S29–S36, 2005 139 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [149] S L Kota, “Broadband satellite networks: trends and challenges,” in Wireless Communications and Networking Conference, vol 3, pp 1472–1478, IEEE, 2005 [150] J Evans, “Satellite systems for personal communications,” IEEE Antennas and Propagation Magazine, vol 39, no 3, pp 7–20, 1997 [151] M Sadek and S Aissa, “Personal satellite communication: technologies and challenges,” IEEE Wireless Communications, vol 19, no 6, pp 28–35, 2012 [152] A Roy-Chowdhury, J S Baras, M Hadjitheodosiou, and S Papademetriou, “Security issues in hybrid networks with a satellite component,” IEEE Wireless Communications, vol 12, no 6, pp 50–61, 2005 [153] H Cruickshank, “A security system for satellite networks,” in Fifth International Conference on Satellite Systems for Mobile Communications and Navigation, pp 187–190, IET, 1996 [154] M.-S Hwang, C.-C Yang, and C.-Y Shiu, “An authentication scheme for mobile satellite communication systems,” ACM SIGOPS Operating Systems Review, vol 37, no 4, pp 42–47, 2003 [155] Y.-F Chang and C.-C Chang, “An efficient authentication protocol for mobile satellite communication systems,” ACM SIGOPS Operating Systems Review, vol 39, no 1, pp 70–84, 2005 [156] T.-H Chen, W.-B Lee, and H.-B Chen, “A self-verification authentication mechanism for mobile satellite communication systems,” Computers & Electrical Engineering, vol 35, no 1, pp 41–48, 2009 [157] I Lasc, R Dojen, and T Coffey, “Countering jamming attacks against an authentication and key agreement protocol for mobile satellite communications,” Computers & Electrical Engineering, vol 37, no 2, pp 160–168, 2011 [158] Z Yantao and M Jianfeng, “A highly secure identity–based authenticated key– exchange protocol for satellite communication,” Journal of Communications and Networks, vol 12, no 6, pp 592–599, 2010 [159] M Heydari, S M S Sadough, M S Farash, S A Chaudhry, and K Mahmood, “An efficient password–based authenticated key exchange protocol with provable security for mobile client–client networks,” Wireless Personal Communications, vol 88, no 2, pp 337–356, 2016 140 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications [160] X Li, J Niu, S Kumari, M K Khan, J Liao, and W Liang, “Design and analysis of a chaotic maps–based three–party authenticated key agreement protocol,” Nonlinear Dynamics, vol 80, no 3, pp 1209–1220, 2015 [161] Q Jiang, N Kumar, J Ma, J Shen, D He, and N Chilamkurti, “A privacy–aware two–factor authentication protocol based on elliptic curve cryptography for wireless sensor networks,” International Journal of Network Management, vol 27, no 3, p e1937, 2017 [162] A T B Jin, D N C Ling, and O T Song, “An efficient fingerprint verification system using integrated wavelet and Fourier–Mellin invariant transform,” Image and Vision Computing, vol 22, no 6, pp 503–513, 2004 [163] P B Yra, M Genna, S McMahon, K Kerns, R Tiede, M Laird, and T Cronauer, “Next–generation spacecraft command & data handling system based on the RDA750 processor,” in Proceedings of the 28th AIAA International Communications Satellite Systems Conference, p 8888, AIAA Press, 2010 [164] T S Messerges, E A Dabbish, and R H Sloan, “Examining smart–card security under the threat of power analysis attacks,” IEEE Transactions on Computers, vol 51, no 5, pp 541–552, 2002 [165] E Barker, W Barker, W Burr, W Polk, and M Smid, “Recommendation for key management part 1: General (revision 3),” NIST Special Publication, vol 800, no 57, pp 1–147, 2012 141 FCU e-Theses & Dissertations (2018) Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications Publications N.-T Nguyen, H.-D Le, and C.-C Chang, “Provably secure and efficient threefactor authenticated key agreement scheme with untraceability,” International Journal of Network Security, vol 18, no 2, pp 335–344, 2016, (EI) C.-C Chang and N.-T Nguyen, “An untraceable biometric-based multi-server authenticated key agreement protocol with revocation,” Wireless Personal Communications, vol 90, no 4, pp 1695–1715, 2016, (SCI/EI, IF=0.951) N.-T Nguyen and C.-C Chang, “Untraceable biometric-based three-party authenticated key exchange for dynamic systems,” Peer-to-Peer Networking and Applications, vol 11, no 3, pp 644–663, 2018, (SCI/EI, IF=1.262) N.-T Nguyen and C.-C Chang, “A biometric-based authenticated key agreement scheme for session initiation protocol in ip-based multimedia networks,” Multimedia Tools and Applications, 2018, (SCI/EI, IF=1.530) N.-T Nguyen and C.-C Chang, “A biometric-based authenticated key agreement protocol for user-to-user communications in satellite mobile networks,” Submitted to Wireless Personal Communications, 8/2017 142 FCU e-Theses & Dissertations (2018) ... Untraceable Multi- factor Authenticated Key Agreement Protocols for Public Network Communications FCU e-Theses & Dissertations (2018) Untraceable Multi- factor Authenticated Key Agreement Protocols. .. Dissertations (2018) Untraceable Multi- factor Authenticated Key Agreement Protocols for Public Network Communications Chapter An Untraceable Biometric-based Multi- server Authenticated Key Agreement Protocol... Agreement Protocols for Public Network Communications FCU e-Theses & Dissertations (2018) Untraceable Multi- factor Authenticated Key Agreement Protocols for Public Network Communications Acknowledgements