Authentication Phase. The authentication phase aims to mutually authenticate both of the sensor nodes and the remote user. To communicate the health-related data to the remote user, each sensor must execute the authentication process. The proposed scheme supports two cases of sensors authentication. The first case when the sensor nodes are not in the same location as the remote user, and in the second case, they are in the same location. The proposed authentication and key agreement scheme is as follows (see Figure 3): The sensor node initiates the authentication phase, it generates a random nonce N on 8 bytes and sends a message composed of the generated nonce N, its masked identity MSIdi, and a h(MSIdi, N, Idi) to the remote user. Upon receiving the message by the remote user, the message is verified by checking whether received hash is equal to the computed hash. If the matching is successful, the remote user generates a random nonce M on 8 bytes, else it is an authentication failure. The remote user checks the location of the sensor node. If the remote user cannot reach the sensor node in his Wi-Fi covered area, then: Case ‘not in the area’: The remote user transmits to the gateway node a message composed by the masked identity of the sensor node MSIdi, the received nonce N, the nonce M, and a h(MSIdi, N, M). Upon receiving the message by the gateway node, it verifies the message by checking whether the received hash is equal to the computed hash. If the check is successful, the gateway node generates a random nonce S on 8 bytes, and applies an XOR with the received nonce N: (T = N S). Then, it sends to the remote user a message composed of the received nonces N and M, the computed value T and a h(M, Xxx, S), otherwise the authentication fails. When the remote user receives the message, the nonce value S is computed as follows: (S = N T) and the message is verified by checking whether the received hash is equal to the computed hash. If the check is successful, the remote user also generates a random nonce W on 8 bytes, applies an XOR with value S as:
Authentication Phase. Consider an UAV that has been assigned to collect field information from a particular region. In each region, a MEC operator selected by the USP helps the UAV in transfer- ring/receiving packets. In this phase of the proposed scheme, both the UAV and USP authenticate each other and establish a session key for secure communication. In this regard, the MEC operator helps them in exchanging the communication messages. The detailed description of the phase is as follows:
Authentication Phase. We can think of the authentica- tion phase of Li et al.’s scheme as a two-pass protocol. The individual steps are outlined below: Step 1: N IN : tidN , yN , aN , bN , tN . N picks a random rN and creates timestamp tN . Then it computes xN = aN ⊕idN , yN = xN ⊕rN and tidN = h(idN ⊕tN , rN ) and forwards the tuple ⟨tidN , yN , aN , bN , tN ⟩ to IN .
Authentication Phase. When user U wishes to login to the server, it must inserts its smart card to a card reader and inputs its username and password PW . Then the smart card and the server cooperate to perform the following steps as shown in Fig1. (Username, PW , Smartcard (R, a)) Server (s) 1. b Z * , V bR h(username)P , W bh(h(PW a) username)P REQUEST (username,V ,W )
Authentication Phase. The various steps of the authen- tication phase are depicted in Fig. 4 and are as follows: Step 1: N IN : tidN , yN , aN , bN , tN , id′N . N picks a random rN and creates timestamp tN . It then computes are changed in every other run of the protocol, the anonymity of node N is preserved. In Xx et al’s scheme, an adversary was able to link two sessions to the same node N because of the unmasking of the updated authentication parameters (a+ , b+ ) xN = aN ⊕ idN , yN = xN ⊕ rN . It further picks a random pseudonym id′N to be used as a temporary identifier for this session only, and calculates tidN = h(idN , id′N , tN , rN ) and sets the “Relay Field” of the underlying “MAC Header” to value 1, according to sub-clause 6.10 of [3].
Authentication Phase. During the authentication process, the user Ui and the SIP server S perform the following steps to achieve mutual authentication and key negotiation. Step A1: Ui S : REQUEST (IDi , C4 , C6 ) First, the user Ui inserts its smartcard into the smartcard reader, and enters its identity IDi and its password PWi. Then the smartcard computes C2 C3 h(PWi r) h(IDi s) by using the input password PWi and the secret information (C3, r) stored in the smartcard. After that, the smartcard chooses a high entropy random integer r1 and calculates C4 r1P and C5 r1C2 Ppub . And then it selects a random integer r2 and computes X0 x(X0 ) (x(XXx x) x0 (X0 )x (C5 ) y ) , where
Authentication Phase. This phase is invoked whenever the user U registers or reregisters to server we first show that a passive attacker with smart card can calculate the session key between the server and the user in the protocol At the end of the log-in phase, the session key between the user and the server It suffices to compute Sk with Vi, c, and u. are stored in the smart card before the log-in phase. The purpose of pre-computation is to speed up the computation in the authentication, which should be regarded as a separate phase from the log-in phase. Thus, to reduce the computational load in log-in phase in, the smart card must complete the calculation before the log-in phase, rather than performing the calculation. A smart-card-based password authentication protocol, the basic security requirement is that it should be secure against a passive attacker with smart card and a passive attacker with password. It is certainly more desirable that a smart-card- based password authentication protocol is secure against an active attacker with smart card and an active attacker with password.
Authentication Phase. We can think of the authentication phase of Li et al.’s scheme as a two-pass protocol. The individual steps are outlined be- low:
Step 1: N → IN : (tidN , yN , aN , bN , tN ). N picks a random rN and creates timestamp tN . Then it computes xN = aN ⊕ idN , yN = xN ⊕ rN and tidN = h(idN ⊕ tN , rN ) and forwards the tuple (tidN , yN , aN , bN , tN ) to IN.
Step 2: IN → HN : (tidN , yN , aN , bN , tN , idIjN ). IN adds its relay identity idIjN to the tuple and forwards it to HN. Note that IN when operating in relay mode uses idIjN not idIN . Step 3: HN → IN : (α, β, η, µ, idIjN ). After receiving the pa- rameters from IN, HN verifies the relay identity idIjN from its database and substantiates the validity of the timestamp tN . Upon success of these checks, it computes kN∗ = kHN ⊕ aN ⊕ bN , xN∗ = h(kHN , kN∗ ), idN∗ = xN∗ ⊕ aN , rN∗ = xN∗ ⊕ yN and = tidN∗ = h(idN∗ tN , rN∗ ). It then verifies whether tidN ? tidN∗ . Then, a random fN is chosen and α = xN fN and γ = rN fN are computed. Then a new k+ is picked and a+ = idN h(kHN , k+), b+ = kHN a+ k+, η = γ a+, µ = x x+, x = x(xX , xX , xX , x, µ) are computed. The shared ses- sion key is computed as kS = h(idN , rN , fN , xN ) and is stored in memory. Finally, HN forwards the xxxxx x, x, x, µ, idIjN to IN. =
Authentication Phase. The various steps of the authentication phase are depicted in Fig. 4 and are as follows: calculates tidN = h(idN , idNj , tN , rN ) and sets the “Relay Field” of the underlying “MAC Header” to value 1, according to sub-clause 6.10 of [3].
Authentication Phase ditionally, node N decrypts z+ = Dec(kz, δ ) and replaces zN The authentication phase of PPKA Protocol 2 is depicted in Fig. 4 and detailed as follows:
Step 1: N → IN : (tidN , yN , aN , bN , tN , idNj ). This is identical to Step 1 in PPKA 1 except that the value of tidN is calcu- lated as h(idN , idNj , zN , tN , rN ).