KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

An Untraceable ECC-Based Remote User Authentication Scheme

  • Mehmood, Zahid (School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University) ;
  • Chen, Gongliang (School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University) ;
  • Li, Jianhua (School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University) ;
  • Albeshri, Aiiad (Faculty of Computing and Information Technology, King Abdulaziz University)
  • Received : 2016.09.22
  • Accepted : 2017.01.15
  • Published : 2017.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recent evolution in the open access internet technology demands that the identifying information of a user must be protected. Authentication is a prerequisite to ensure the protection of user identification. To improve Qu et al.'s scheme for remote user authentication, a recent proposal has been published by Huang et al., which presents a key agreement protocol in combination with ECC. It has been claimed that Huang et al. proposal is more robust and provides improved security. However, in the light of our experiment, it has been observed that Huang et al.'s proposal is breakable in case of user impersonation. Moreover, this paper presents an improved scheme to overcome the limitations of Huang et al.'s scheme. Security of the proposed scheme is evaluated using the well-known random oracle model. In comparison with Huang et al.'s protocol, the proposed scheme is lightweight with improved security.

Keywords

References

  1. Lamport L., "Password authentication with insecure communication," Communications of the ACM, 24(11):770-772, 1981. https://doi.org/10.1145/358790.358797
  2. Peyravian M, Zunic N., "Methods for protecting password transmission. Computers & Security, 19(5):466-469, 2000. https://doi.org/10.1016/S0167-4048(00)05032-X
  3. Lin CL, Hwang T., "A password authentication scheme with secure password updating," Computers & Security, 22(1):68-72, 2003. https://doi.org/10.1016/S0167-4048(03)00114-7
  4. Yoon, Eun-Jun, et al., "A secure and efficient SIP authentication scheme for converged VoIP networks," Computer Communications, 33.14, 1674-1681, 2010. https://doi.org/10.1016/j.comcom.2010.03.026
  5. Nikooghadam, Morteza, Reza Jahantigh, and Hamed Arshad, "A lightweight authentication and key agreement protocol preserving user anonymity," Multimedia Tools and Applications, 1-23, 2016.
  6. Arshad, Hamed, and Morteza Nikooghadam, "An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC," Multimedia Tools and Applications, 75.1, 181-197, 2016. https://doi.org/10.1007/s11042-014-2282-x
  7. Juang WS, Chen ST, Liaw HT., "Robust and efficient password-authenticated key agreement using smart cards," Industrial Electronics, IEEE Transactions on, 55(6):2551-2556, 2008. https://doi.org/10.1109/TIE.2008.921677
  8. Yang G, Wong DS, Wang H, Deng X., "Two-factor mutual authentication based on smart cards and passwords," Journal of Computer and System Sciences, 74(7):1160-1172, 2008. https://doi.org/10.1016/j.jcss.2008.04.002
  9. Kumari, S., Karuppiah, M., Li, X., Wu, F., Das, A. K., and Odelu, V., "An enhanced and secure trust-extended authentication mechanism for vehicular ad-hoc networks," Security Comm. Networks, 9: 4255-4271, 2016. https://doi.org/10.1002/sec.1602
  10. Xu J, Zhu WT, Feng DG., "An improved smart card based password authentication scheme with provable security," Computer Standards & Interfaces, 31(4):723-728, 2009. https://doi.org/10.1016/j.csi.2008.09.006
  11. Saru Kumari, Xiong Li, Fan Wu, Ashok Kumar Das, Hamed Arshad, Muhammad Khurram Khan, "A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps," Future Generation Computer Systems, Volume 63, Pages 56-75, ISSN 0167-739X, October 2016. https://doi.org/10.1016/j.future.2016.04.016
  12. Arshad, Hamed, and Morteza Nikooghadam, "Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol," The Journal of Supercomputing, 71.8, 3163-3180, 2015. https://doi.org/10.1007/s11227-015-1434-8
  13. Kumari, Saru, Muhammad Khurram Khan, and Xiong Li, "An improved remote user authentication scheme with key agreement," Computers & Electrical Engineering, 40.6, 2014.
  14. Mir, Omid, and Morteza Nikooghadam, "A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services," Wireless Personal Communications, 83.4, 2439-2461, 2015. https://doi.org/10.1007/s11277-015-2538-4
  15. Kumari, S., Das, A. K., Wazid, M., Li, X., Wu, F., Choo, K.-K. R., and Khan, M. K., "On the design of a secure user authentication and key agreement scheme for wireless sensor networks," Concurrency Computat.: Pract. Exper.
  16. He D, Kumar N, Chilamkurti N., "A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks," Information Sciences, 2015.
  17. Kumari, S., Chaudhry, S.A., Wu, F., Farash, M.S., Khan, M.K., "An improved smart card based authentication scheme for session initiation protocol, Peer-to-Peer Netw," Appl., 2015.
  18. Chaudhry, S. A., Khan, I., Irshad, A., Ashraf, M. U., Khan, M. K., and Ahmad, H. F., "A provably secure anonymous authentication scheme for Session Initiation Protocol," Security Comm. Networks, 2016.
  19. Khalid Mahmood, Shehzad Ashraf Chaudhry, Husnain Naqvi, Taeshik Shon, Hafiz Farooq Ahmad, "A lightweight message authentication scheme for Smart Grid communications in power sector," Computers & Electrical Engineering, Volume 52, Pages 114-124, ISSN 0045-7906, May 2016. https://doi.org/10.1016/j.compeleceng.2016.02.017
  20. Qu J, Tan XL., "Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem," Journal of Electrical and Computer Engineering 2014, 2014.
  21. Chaudhry, S.A., Naqvi, H., Mahmood, K. Ahmad, H.F., Khan, M.K., An Improved Remote User Authentication Scheme Using Elliptic Curve Cryptography Wireless Pers Commun, 2016.
  22. Lee SW, Kim HS, Yoo KY., "Improvement of chien et al.'s remote user authentication scheme using smart cards," Computer Standards & Interfaces, 27(2):181-183, 2005. https://doi.org/10.1016/j.csi.2004.02.002
  23. Lee NY, Chiu YC., "Improved remote authentication scheme with smart card," Computer Standards & Interfaces, 27(2):177-180, 2005. https://doi.org/10.1016/j.csi.2004.06.001
  24. Sood SK, Sarje AK, Singh K., "An improvement of xu et al.'s authentication scheme using smart cards," in Proc. of the third annual ACM Bangalore conference, ACM, 15, 2010.
  25. Song R., "Advanced smart card based password authentication protocol," Computer Standards & Interfaces, 32(5):321-325, 2010. https://doi.org/10.1016/j.csi.2010.03.008
  26. Chen BL, KuoWC,Wuu LC., "Robust smart-card-based remote user password authentication scheme," International Journal of Communication Systems, 27(2):377-389, 2014. https://doi.org/10.1002/dac.2368
  27. Jiang Q, Ma J, Li G, Ma Z., "An improved password-based remote user authentication protocol without smart cards," Information technology And control, 42(2):113-123, 2013.
  28. Huang B, Khan MK, Wu L, Muhaya FTB, He D., "An efficient remote user authentication with key agreement scheme using elliptic curve cryptography," Wireless Personal Communications, 1-16, 2015.
  29. Cao X, Zhong S., "Breaking a remote user authentication scheme for multi-server architecture," IEEE Communications Letters, 10(8):580-581, 2006. https://doi.org/10.1109/LCOMM.2006.1665116
  30. Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani MTM., "On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme," Advances in Cryptology-CRYPTO, Springer, 203-220, 2008.
  31. Dolev D, Yao AC, "On the security of public key protocols," Information Theory, IEEE Transactions on, 29(2):198-208, 1983. https://doi.org/10.1109/TIT.1983.1056650
  32. Chaudhry SA, Naqvi H, Farash MS, Shon T, Sher M., "An improved and robust biometricsbased three factor authentication scheme for multiserver environments," The Journal of Supercomputing 1-17, 2015.
  33. Chaudhry SA., "A secure biometric based multi-server authentication scheme for social multimedia networks," Multimedia Tools and Applications, 1-21, 2015.
  34. Kocher P, Jaffe J, Jun B., "Differential power analysis," Advances in CryptologyUCRYPTOS99, Springer, 388-397, 1999.
  35. Messerges TS, Dabbish E, Sloan RH, et al., "Examining smart-card security under the threat of power analysis attacks," Computers, IEEE Transactions on, 51(5):541-552, 2002. https://doi.org/10.1109/TC.2002.1004593
  36. Islam SH, Biswas G., "Amore efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem," Journal of Systems and Software, 84(11):1892-1898, 2011. https://doi.org/10.1016/j.jss.2011.06.061
  37. Kilinc HH, Yanik T., "A survey of sip authentication and key agreement schemes," Communications Surveys & Tutorials, IEEE, 16(2):1005-1023, 2014. https://doi.org/10.1109/SURV.2013.091513.00050
  38. Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., and Khan, M. K., "An enhanced privacy preserving remote user authentication scheme with provable security," Security Comm. Networks, 8: 3782-3795, 2015. https://doi.org/10.1002/sec.1299