Browse > Article
http://dx.doi.org/10.3837/tiis.2016.03.019

Forward Anonymity-Preserving Secure Remote Authentication Scheme  

Lee, Hanwook (Department of Computer Engineering, Sungkyunkwan University)
Nam, Junghyun (Department of Computer Engineering, Konkuk University)
Kim, Moonseong (Information Management Division, Korean Intellectual Property Office)
Won, Dongho (Department of Computer Engineering, Sungkyunkwan University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.10, no.3, 2016 , pp. 1289-1310 More about this Journal
Abstract
Dynamic ID-based authentication solves the ID-theft problem by changing the ID in each session instead of using a fixed ID while performing authenticated key exchanges between communicating parties. User anonymity is expected to be maintained and the exchanged key kept secret even if one of the long-term keys is compromised in the future. However, in the conventional dynamic ID-based authentication scheme, if the server's long-term key is compromised, user anonymity can be broken or the identities of the users can be traced. In addition, these schemes are vulnerable to replay attacks, in which any adversary who captures the authentication message can retransmit it, and eventually cause the legitimate user to be denied service. This paper proposes a novel dynamic ID-based authentication scheme that preserves forward anonymity as well as forward secrecy and obviates replay attacks.
Keywords
Forward anonymity; dynamic ID-based authentication; smart card;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. K. Khan, S. Kim and K. Alghathbar, “Cryptanalysis and security enhancement of a `more efficient & secure dynamic ID-based remote user authentication scheme',” Computer Communications, vol. 34, no. 3. pp. 305-309, 2011. Article (CrossRef Link).   DOI
2 S. Wu, Y. Zhu and Q. Pu, “Robust smart-cards-based user authentication scheme with user anonymity,” Security and Communication Networks, vol. 5, no. 2, pp. 236-248, 2012. Article (CrossRef Link).   DOI
3 C. Ma, D. Wang and Q. Zhang, "Cryptanalysis and improvement of Sood et al.'s dynamic ID-based authentication scheme," Distributed Computing and Internet Technology, pp. 141-152, 2012. Article (CrossRef Link).
4 D. Wang, C. Ma, P. Wang and Z. Chen, “Robust smart card based password authentication scheme against smart card security breach,” IACR Cryptology ePrint Archive, 2012. Article (CrossRef Link).
5 C. Liu and C. Ma, "An efficient and provable secure pake scheme with robust anonymity," Information Computing and Applications, 2012. Article (CrossRef Link).
6 T. Cao and J. Zhai, “Improved dynamic ID-based authentication scheme for telecare medical information systems,” Journal of medical systems, vol. 37, no. 2, pp. 1-7, 2013. Article (CrossRef Link).   DOI
7 W. Juang, S. Chen and H. Liaw, “Robust and efficient password-authenticated key agreement using smart cards,” IEEE Transactions on Industrial Electronics, vol. 55, no. 6, pp. 2551-2556, 2008. Article (CrossRef Link).   DOI
8 D. Sun, J. Huai, J. Sun, J. Li, J. Zhang and Z. Feng, “Improvements of Juang’s password- authenticated key agreement scheme using smart cards,” IEEE Transactions on Industrial Electronics, vol. 56, no. 6, pp. 2284-2291, 2009. Article (CrossRef Link).   DOI
9 E. Bresson, O. Chevassut and D. Pointcheval, "Security proofs for an efficient password-based key exchange," in Proc. of 10th ACM conf. on Computer and communications security, pp. 241-250, 2003. Article (CrossRef Link).
10 M. L. Das, A. Saxena and V. P. Gulati, “A dynamic ID-based remote user authentication scheme,” IEEE Transactions on Consumer Electronics, vol. 50, no. 2, pp. 629-631, 2004. Article (CrossRef Link).   DOI
11 A. K. Awasthi and S. Lal, “Security analysis of a dynamic ID-based remote user authentication scheme,” IACR Cryptology ePrint Archive, 2004. Article (CrossRef Link).
12 I. Liao, C. Lee and M. Hwang, "Security enhancement for a dynamic ID-based remote user authentication scheme," in Proc. of Int. Conf. on Next Generation Web Services Practices, 2005. Article (CrossRef Link).
13 H. Chien and C. Chen, "A remote authentication scheme preserving user anonymity," in Proc. of 19th Int. Conf. on Advanced Information Networking and Applications, pp.245-248, 2005. Article (CrossRef Link).
14 W. Horng, C. Lee and J. Peng, “A secure remote authentication scheme preserving user anonymity with non-tamper resistant smart cards,” WSEAS Transactions on Information Science and Applications, vol. 7, no. 5, pp. 619-628, 2010. Article (CrossRef Link).
15 J. Tsai, T. Wu and K. Tsai, “New dynamic ID authentication scheme using smart cards,” International Journal of Communication Systems, vol. 23, no. 12 pp. 1449-1462, 2010. Article (CrossRef Link).   DOI
16 Q. Jiang, J. Ma, G. Li and L. Yang, “Robust two-factor authentication and key agreement preserving user privacy,” IJ Network Security vol. 16, no. 3, pp. 229-240, 2014. Article (CrossRef Link).
17 X. Li, W. Qiu, D. Zheng, K. Chen and J. Li, “Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards,” IEEE Transactions on Industrial Electronics, vol. 57, no. 2, pp. 793-800, 2010. Article (CrossRef Link).   DOI
18 C. Chang, H. Le and C. Chang, “Novel untraceable authenticated key agreement protocol suitable for mobile communication,” Wireless personal communications, vol. 71, no. 1, pp. 425-437, 2013. Article (CrossRef Link).   DOI
19 Q. Jiang, J. Ma, Z. Ma and G. Li, “A privacy enhanced authentication scheme for telecare medical information systems,” Journal of medical systems, vol. 37, no. 1, pp. 1-8, 2013. Article (CrossRef Link).   DOI
20 W. Diffie, P. C. Van Oorschot and M.J. Wiener, “Authentication and authenticated key exchanges,” Designs, codes and cryptography, vol. 2, no. 2, pp. 107-125, 1992. Article (CrossRef Link).   DOI
21 F. Hao, "On robust key agreement based on public key authentication," Financial Cryptography and Data Security, pp. 383-390, 2010. Article (CrossRef Link).
22 H. Krawczyk, "HMQV: A high-performance secure Diffie-Hellman protocol," Advances in Cryptology-CRYPTO 2005, pp. 546-566, 2005. Article (CrossRef Link).
23 M. Bellare, D. Pointcheval and P. Rogaway, "Authenticated key exchange secure against dictionary attacks," Advances in Cryptology-Eurocrypt 2000, pp. 139-155, 2000. Article (CrossRef Link).