Mrudula Sarvabhatla

Mrudula Sarvabhatla, M. Giri, Chandra Sekhar Vorugunti

Remote user authentication is critical requirement in Telecare Medicine Information System (TMIS) to protect the patient personal details, security and integrity of the critical medical records of the patient as the patient data is transmitted over insecure public communication channel called Internet. In 2013, Yan proposed a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Dheerendra et al. demonstrated some drawbacks in Yan et al scheme and proposed an improved scheme to erase the drawbacks of Yan et al scheme. We analyze Dheerendra et al scheme and identify that their scheme is vulnerable to off-line identity guessing attack, and on successfully mounting it, the attacker can perfom all major cryptographic attacks.

Vorugunti Chandra Sekhar, Mrudula Sarvabhatla

The rapid development of Internet of Things (IoT) technology, which is an inter connection of networks through an insecure public channel i.e. Internet demands for authenticating the remote user trying to access the secure network resources. In 2013, Ankita et al. proposed an improved three factor remote user authentication scheme. In this poster we will show that Ankita et al scheme is vulnerable to known session specific temporary information attack, on successfully performing the attack, the adversary can perform all other major cryptographic attacks. As a part of our contribution, we will propose an improved scheme which is resistance to all major cryptographic attacks and overcomes the defects in Ankita et al. scheme.

Vorugunti Chandra Sekhar, Mrudula Sarvabhatla

In 2013, Tsai et al. cryptanalyzed Yeh et al. scheme and shown that Yeh et al., scheme is vulnerable to various cryptographic attacks and proposed an improved scheme. In this poster we will show that Tsai et al., scheme is also vulnerable to undetectable online password guessing attack, on success of the attack, the adversary can perform all major cryptographic attacks. As apart of our contribution, we have proposed an improved scheme which overcomes the defects in Tsai et al. and Yeh et al. schemes.

Chandra Sekhar Vorugunti, Mrudula Sarvabhatla

With the rapid advancement of wireless network technology, usage of WSN in real time applications like military, forest monitoring etc. found increasing. Generally WSN operate in an unattended environment and handles critical data. Authenticating the user trying to access the sensor memory is one of the critical requirements. Many researchers have proposed remote user authentication schemes focusing on various parameters. In 2013, Li et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. Li et al. claimed that their scheme is secure against all major cryptographic attacks and requires less computation cost due to usage of hash function instead encryption operations. Unfortunately, in this paper we will show that their scheme is vulnerable to offline password guessing attack, stolen smart card attack, leakage of password etc. and failure to provide data privacy.