User Authentication Scheme with Key Agreement providing Countermeasure of Impersonation Attack
Jaeyoung Lee

Jaeyoung Lee, Professor, Department of Liberal Education, Semyung University, Jecheon, Republic of Korea, East Asian.

Manuscript received on 10 June 2019 | Revised Manuscript received on 17 June 2019 | Manuscript Published on 22 June 2019 | PP: 828-832 | Volume-8 Issue-8S2 June 2019 | Retrieval Number: H11390688S219/19©BEIESP

Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open-access article under the CC-BY-NC-ND license (

Abstract: IoT has expanded into broader areas from convenience and application in existing computing environment. Various threats, other than security issue, have emerged with development, and owing to many limitations in specifications, including device power, memory and communication bandwidth, existing security system cannot be applied. Authentication Scheme, by Mishra et al., employing smartcard with multi-servers, is vulnerable to impersonation, replay and DOS attacks. Authentication scheme which overcame such vulnerability is SIAKAS, yet is vulnerable to impersonation and does not offer message untraceability. The thesis enabled counter-responses against impersonation by attackers, by applying RNij, a variable recording the number of login request by an adequate user, during message generation of authentication purpose. Furthermore, by exploiting the trait of RNij, having a different figure every time, untraceability has been granted to message. SIAKAS is vulnerable to impersonation attack by user with smartcard issued, disguising as application server. Attacker can generate a key figure of application server, h(PSK), by using own smartcard data, then execute authentication phase upon login message via the generated h(PSK). Once user authentication is completed, in response to the result, a response message and session key are generated and sent to users, then the user recognizes the message from attacker pretending application server as an adequate application server, thus shares session key with the attacker. The thesis adapted RNij, which only can be identified by the user on authentication stage and the application server, during login message creation, for improvement, thus the attacker impersonating an application server can no longer use their login message for authentication. SIAKAS cannot offer untraceability on messages. If the application server of receiver is the same, M4 included in login messages contains the equal figure. If an attacker hijacks login message through tapping, and examines the identity with M4, various data about both the user and application server can be captured. The thesis additionally adapted RNij, having different figure at every login message creation, into M4 generation, thus ensured freshness and untraceability of the message. Improving existing Authentication Scheme with Key Agreement, vulnerable to impersonation and not offering traceability to message, the thesis proposes an improved Authentication Scheme with Key Agreement, ensuring untraceability and further anonymity to message and against impersonation attack by user with issued smartcard.

Keywords: About Key Agreement, Impersonation Attack, IoT, Smart Card, Untracebility, User Authentication.
Scope of the Article: Service Level Agreements (Drafting, Negotiation, Monitoring and Management)