Public key versus symmetric key cryptography in client–server authentication protocols

被引:0
作者
An Braeken
机构
[1] Vrije Universiteit Brussel,
来源
International Journal of Information Security | 2022年 / 21卷
关键词
Elliptic curve cryptography; Symmetric key cryptography; Client–server authentication; Protocol design;
D O I
暂无
中图分类号
学科分类号
摘要
Every month, several new protocols are popping up, comparing themselves with a few others and claiming to outperform the whole state of the art. The most popular domain of protocols is the one for authentication in a client–server architecture for which both symmetric key- and public key-based protocols are being proposed. The usage of public key-based mechanisms has several consequences, not only with respect to an increased computational and communication cost, but also with respect to increased possibilities to strengthen the protocol by making it resistant against a semi-trusted third party. On the other hand, we also recall that symmetric key-based protocols can already offer a nice set of security features. We see a trend in the current generation of papers published on public key-based client–server authentication protocols, showing that only a very limited amount of them really exploit the power that public key cryptography can offer with respect to this privacy towards a semi-trusted third party, and most of them do not even satisfy the same security features able to be also realised by a much more efficient symmetric key-based protocol. This paper serves as a warm wake-up call to all protocol designers to rethink the usage of more heavyweight constructions compared to symmetric key-based mechanisms in order to ensure that if they are used, they also fully exploit their inherent strength.
引用
收藏
页码:103 / 114
页数:11
相关论文
共 206 条
  • [41] Chattopadhyay S(2018)Cloud centric authentication for wearable healthcare monitoring system IEEE Trans. Dependable Secure Comput. 17 942-30
  • [42] Islam SKH(2016)Two birds with one stone: two-factor authentication with security beyond conventional bound IEEE Trans. Dependable Secure Comput. 15 708-215
  • [43] Biswas GP(2015)Cryptanalysis and security enhancement of Zhu’s authentication scheme for Telecare medicine information system Secur. Commun. Netw. 8 149-970
  • [44] Kalra S(2018)Anonymity preserving and lightweight multi-medical server authentication protocol for telecare medical information system IEEE J. Biomed. Health Inform. 23 1749-468
  • [45] Chang CC(2015)Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity Inf. Sci. 321 162-1002
  • [46] Wu HL(2015)A new and secure authentication scheme for wireless sensor networks with formal proof Peer-to-Peer Netw. Appl. 10 16-2269
  • [47] Sun CY(2017)A secure user authentication and key-agreement scheme using wireless sensor networks for agriculture monitoring Future Gener. Comput. Syst. 84 200-378
  • [48] Wang F(2018)Lightweight three factor scheme for real-time data access in wireless sensor networks Wireless Netw. 26 955-329
  • [49] Chen CM(2018)Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing based healthcare applications IEEE Trans. Ind. Inf. 15 457-745
  • [50] Fang W(2019)Cryptanalysis and improvement of a smart card based authentication scheme for multi-server architecture using ECC Int. J. Netw. Secur. 21 993-1102
12345678910