Browse > Article
http://dx.doi.org/10.3837/tiis.2014.08.021

A Secure and Efficient Remote User Authentication Scheme for Multi-server Environments Using ECC  

Zhang, Junsong (School of Computer and Communication Engineering, Zhengzhou University of Light Industry)
Ma, Jian (State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications)
Li, Xiong (School of Computer Science and Engineering, Hunan University of Science and Technology)
Wang, Wendong (State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.8, no.8, 2014 , pp. 2930-2947 More about this Journal
Abstract
With the rapid growth of the communication technology, intelligent terminals (i.e. PDAs and smartphones) are widely used in many mobile applications. To provide secure communication in mobile environment, in recent years, many user authentication schemes have been proposed. However, most of these authentication schemes suffer from various attacks and cannot provide provable security. In this paper, we propose a novel remote user mutual authentication scheme for multi-server environments using elliptic curve cryptography (ECC). Unlike other ECC-based schemes, the proposed scheme uses ECC in combination with a secure hash function to protect the secure communication among the users, the servers and the registration center (RC). Through this method, the proposed scheme requires less ECC-based operations than the related schemes, and makes it possible to significantly reduce the computational cost. Security and performance analyses demonstrate that the proposed scheme can solve various types of security problems and can meet the requirements of computational complexity for low-power mobile devices.
Keywords
User authentication; elliptic curve cryptography; smart card; hash function;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Y. P. Liao and C. M. Hsiao, "A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients," Future Generation Computer Systems, vol. 29, no. 3, pp. 886-900, 2013.   DOI   ScienceOn
2 L. Lamport, "Password authentication with insecure communication," Communication of ACM, vol. 24, pp. 770-772, 1981.   DOI   ScienceOn
3 G. Horng, "Password authentication without using password table," Information Processing Letters, vol. 55, no. 5, pp. 247-250, 1995   DOI   ScienceOn
4 J. K. Jan and Y. Y. Chen, "Paramita Wisdom password authentication scheme without verification tables," The Journal of Systems and Software, vol. 42, no.1, pp. 45-57, 1998.   DOI   ScienceOn
5 D. He, J. H. Chen and J. Hu, "An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security," Information Fusion, vol. 13, no. 3, pp. 223-230, 2012.   DOI   ScienceOn
6 M. S. Hwang, S. K. Chong and T. Y. Chen. "DoS-resistant ID-based password authentication scheme using smart cards," Journal of Systems and Software, vol. 83, no. 1, pp. 163-172, 2010.   DOI   ScienceOn
7 W. S. Juang, "Efficient multi-server password authenticated key agreement using smart cards," IEEE Transaction on Consumer Electronics, vol. 50, no. 1, pp. 251-255, 2004.   DOI   ScienceOn
8 R. G. Song. "Advanced smart card based password authentication protocol," Computer Standards & Interfaces, vol. 32, no. 5-6, pp. 321-325, 2010.   DOI   ScienceOn
9 X. Li, J. W. Niu, M.K. Khan and J. G. Liao. "An enhanced smart card based remote user password authentication scheme," Journal of Network and Computer Applications, vol. 36, no. 5, pp. 1365-1371, 2013.   DOI   ScienceOn
10 L. H. Li, L. C. Lin and M. S. Hwang, "A remote password authentication scheme for multi-server architecture using neural networks," IEEE Transactions on Neural Networks, vol. 12, no. 6, pp. 1498-504, 2001.   DOI   ScienceOn
11 C. C. Chang and J. S. Lee, "An efficient and secure multi-server password authentication scheme using smart cards," in Proc. of the third international conference on cyberworlds, pp. 417-22, November 2004.
12 J. L. Tsai, "Efficient multi-server authentication scheme based on one-way hash function without verification table," Computers & Security, vol. 27, no.3-4, pp. 115-21, 2008.   DOI   ScienceOn
13 Y. P. Liao and S. S. Wang, "A secure dynamic ID based remote user authentication scheme for multi-server environment," Computer Standard & Interfaces, vol. 31, no. 1, pp. 24-29, 2009.   DOI   ScienceOn
14 H. C. Hsiang and W. K. Shih, "Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment," Computer Standards & Interfaces, vol. 31, no. 6, pp. 1118-1123, 2009.   DOI   ScienceOn
15 C. C. Lee, T. H. Lin and R. X. Chang, "A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards," Expert Systems with Applications, vol. 38, no. 11, pp. 13863-13870, 2011.
16 S. K. Sood, A. K. Sarje and K. Singh, "A secure dynamic identity based authentication protocol for multi-server architecture," Journal of Network and Computer Applications, vol. 34, no. 2, pp. 609-618, 2011.   DOI   ScienceOn
17 X. Li, Y. P. Xiong, J. Ma and W. D. Wang. "An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards," Journal of Network and Computer Applications, vol. 35, no. 2, pp. 763-769, 2012.   DOI   ScienceOn
18 Y. H. Chuang and Y. M. Tseng, "Towards generalized ID-based user authentication for mobile multi-server environment," International Journal of Communication System, vol. 25, no. 4, pp. 447-460, 2012.   DOI   ScienceOn
19 X. Li, Y. Zhang, X. Liu and J. Cao, "A Lightweight Three-Party Privacy-preserving Authentication Key Exchange Protocol Using Smart Card," KSII Transactions on Internet & Information Systems, Vol. 7 no. 5, pp. 1313-1327, 2013.   DOI   ScienceOn
20 X. Li, J. Ma, W. D. Wang, Y. P. Xiong and J. S. Zhang, "A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments," Mathematical and Computer Modelling, vol. 58, no. 1-2, pp. 85-95, 2013.   DOI   ScienceOn
21 C. Li, C. Lee and C. Weng, C. Fan, "An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity," KSII Transactions on Internet & Information Systems, Vol. 7 no. 1, pp. 119-131, 2013.   DOI
22 J. Nam, K.K.R. Choo, M. Kim, J. Paik and D. Won, "Dictionary Attacks against Password-Based Authenticated Three-Party Key Exchange Protocols," KSII Transactions on Internet & Information Systems, Vol. 7, no. 12, pp. 3244-3260, 2013.   DOI   ScienceOn
23 M. L. Das, A. Saxena, V. P. Gulati and D. B. Phatak, "A novel remote client authentication protocol using bilinear pairings," Computer and Security, vol. 25, no. 3, pp. 184-189, 2006.   DOI   ScienceOn
24 G. F. Fang and G. X. Huang, "Improvement of recently proposed Remote User Authentication Schemes," http://eprint.iacr.org/2006/200.
25 D. Giri and P.D. Srivastava, "An improved remote client authentication protocol with smart cards using bilinear pairings," http://eprint.iacr.org/2006/274.
26 Shamus Software, http://www.shamus.ie/index.php.
27 J. Yang and C. Chang, "An ID-based remote mutual authentication with key agreement protocol for mobile devices on elliptic curve cryptosystem," Computers and Security, vol. 28, no. 3-4, pp. 138-143, 2009.   DOI   ScienceOn
28 D. Hankerson, A. Menezes and S. Vanstone, Guide to Elliptic Curve Cryptography, Springer, New York, 2004. http://dl.acm.org/citation.cfm?id=940321
29 F. Li, X. Xin and Y. Hu, "Identity-based broadcast signcryption," Computer Standard and Interfaces, vol. 30, no. 1-2, pp. 89-94, 2008.   DOI   ScienceOn
30 P. Rogaway and T. Shrimpton, "Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance," Lecture Notes in Computer Science, vol. 3017, pp. 371-388, 2004.
31 J. M. David, W. Matt and D. S. Michael, "Implementing Public-Key Infrastructure for Sensor Networks," ACM Transactions on Sensor Networks, vol. 4, no. 4, pp. 1-23, 2008.
32 M. Scott, N. Costigan andW. Abdulwahab, "Implementing cryptographic pairings on smartcards," in Proc. of Cryptographic Hardware and Embedded Systems - CHES 2006, LNCS, vol. 4249, pp.134-147, Springer-Verlag, 2006.
33 M. Bellare, D. Pointcheval and P. Rogaway, "Authenticated key agreement secure against dictionary attacks," in Proc. of the Advances in Cryptology - EUROCRYPT 2000, LNCS, vol. 1807, pp. 139-155, Springer-Verlag, 2000.