Browse > Article
http://dx.doi.org/10.3837/tiis.2016.09.026

A User Anonymous Mutual Authentication Protocol  

Kumari, Saru (Department of Mathematics, Ch. Charan Singh University)
Li, Xiong (School of Computer Science and Engineering, Hunan University of Science and Technology)
Wu, Fan (Department of Computer Science and Engineering, Xiamen Institute of Technology)
Das, Ashok Kumar (Center for Security, Theory and Algorithmic Research, International Institute of Information Technology)
Odelu, Vanga (Department of Mathematics, Indian Institute of Technology Kharagpur)
Khan, Muhammad Khurram (Centre of Excellence in Information Assurance (CoEIA), King Saud University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.10, no.9, 2016 , pp. 4508-4528 More about this Journal
Abstract
Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author's claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server's reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.'s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.
Keywords
Guessing and Impersonation attacks; Authentication; Forward secrecy; BAN Logic;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D. He, N. Kumar, and N. Chilamkurti, “A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks,” Information Sciences, vol. 321, pp.263-277, 2015. Article (CrossRef Link)   DOI
2 D. He, and D. Wang, “Robust biometrics-based authentication scheme for multi-server environment,” IEEE Systems Journal, vol. 9, no. 3, pp.816-823, 2015. Article (CrossRef Link)   DOI
3 D. He, S Zeadally, N Kumar, and J.H. Lee, “Anonymous authentication for wireless body area networks with provable security,” IEEE Systems Journal, 2016. Article (CrossRef Link)
4 X. Li, J. Niu, J. Liao, and W. Liang, “Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update,” International Journal of Communication Systems, vol. 28, no.2, pp.374-382, 2015. Article (CrossRef Link)   DOI
5 S. Kumari, M.K. Gupta, and M. Kumar, “Cryptanalysis and security enhancement of chen et al.’s remote user authentication scheme using smart card,” Central European Journal of Computer Science, vol. 2, no. 1, pp. 60-75, 2012. Article (CrossRef Link)
6 S. Kumari, M.K. Gupta, M.K. Khan, and X. Li, “An improved timestamp-based password authentication scheme: comments, cryptanalysis and improvement,” Security and Communication Networks, vol.7, no.11, 1921-1932, 2014. Article (CrossRef Link)   DOI
7 D. Wang, and P. Wang, “On the Anonymity of Two-Factor Authentication Schemes for Wireless Sensor Networks: Attacks, Principle and Solutions,” Computer Networks, vol. 73, pp. 41-57, 2014. Article (CrossRef Link)   DOI
8 D. Wang, D. He, P. Wang, and C. Chu, “Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment,” IEEE Transactions on Dependable and Secure Computing, vol. 12, no. 4, pp. 228-44, 2015. Article (CrossRef Link)   DOI
9 M. Burrows, M. Abadi, and R. Needham, “A logic of authentication,” ACM Transactions on Computer System, vol. 8, pp. 18-36, 1990. Article (CrossRef Link)   DOI
10 Z. Fu, K. Ren, J. Shu, X. Sun, and F. Huang, “Enabling Personalized Search over Encrypted Outsourced Data with Efficiency Improvement,” IEEE Transactions on Parallel and Distributed Systems, 2015. Article (CrossRef Link)
11 Z. Fu, X. Sun, Q. Liu, L. Zhou, and J. Shu, “Achieving Efficient Cloud Search Services: Multi-keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing,” IEICE Transactions on Communications, vol. E98-B, no. 1, pp.190-200, 2015. Article (CrossRef Link)   DOI
12 Y. Ren, J. Shen, J. Wang, J. Han, and S. Lee, “Mutual Verifiable Provable Data Auditing in Public Cloud Storage,” Journal of Internet Technology, vol. 16, no. 2, pp. 317-323, 2015. Article (CrossRef Link)   DOI
13 L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no. 11, pp. 770-772, 1981. Article (CrossRef Link)   DOI
14 X Li, J Niu, S Kumari, J Liao, and W Liang, “An enhancement of a smart card authentication scheme for multi-server architecture,” Wireless Personal Communications, vol. 80, no 1, pp. 175-192, 2015. Article (CrossRef Link)   DOI
15 G. Horng, “Password authentication without using password table,” Information Processing Letters, vol. 55, pp. 247-250, 1995. Article (CrossRef Link)   DOI
16 J.K. Jan, and Y.Y. Chen, “Paramita Wisdom’ Password authentication scheme without verification tables,” The Journal of Systems and Software, vol. 42, pp. 45-57, 1998. Article (CrossRef Link)   DOI
17 P. Guo, J. Wang, B. Li, and S.Y. Lee, “A Variable Threshold-value Authentication Architecture for Wireless Mesh Networks,” Journal of Internet Technology, vol. 15, no. 6, pp. 929-936, 2014. Article (CrossRef Link)
18 X. Li, J. Niu, M. K. Khan, J. Liao, and X. Zhao, “Robust three-factor remote user authentication scheme with key agreement for multimedia systems,” Security and Communication Networks, 2014. Article (CrossRef Link)
19 M.S. Hwang, C.C. Lee, and Y.L. Tang, “A simple remote user authentication scheme,” Mathematical & Computer Modelling, vol. 36, pp. 103-107, 2002. Article (CrossRef Link)   DOI
20 C.C. Lee, and M.S. Hwang, and W.P. Yang, “Flexible remote user authentication scheme using smart cards,” ACM Operating Systems Review, vol. 36, pp. 46-52, 2002. Article (CrossRef Link)   DOI
21 M.L. Das, A. Saxena, and V.P. Gulati, “A dynamic ID-based remote user authentication scheme,” IEEE Transactions on Consumer Electronics, vol. 50, no. 2, 629-631, 2004. Article (CrossRef Link)   DOI
22 Y.C. Lee, “A new dynamic id-based user authentication scheme to resist smart card theft attack,” Applied Mathematics and Information Sciences, vol. 6, pp. 355-361, 2012.
23 A.K. Awasthi, “Comment on a dynamic id-based remote user authentication scheme,” arXiv preprint cs/0410011, 2004.
24 H.Y. Chien, and C.H. Chen, “A remote password authentication preserving user anonymity,” in Proc. of 19th International Conference on Advanced Information Networking and Applications (AINA’05), 2, 245-248, 2005. Article (CrossRef Link)
25 Z. Xia, X. Wang, X. Sun, and Q. Wang, “A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data,” IEEE Transactions on Parallel and Distributed Systems, vol. 27, no. 2, pp. 340-352, 2015. Article (CrossRef Link)   DOI
26 W. Shi and D. He, “A security enhanced mutual authentication scheme based on nonce and smart cards,” Journal of the Chinese Institute of Engineers, vol. 37, no. 8, pp.1090-1095, 2014. Article (CrossRef Link)   DOI
27 T.T. Truong, M.T. Tran, and A.D. Duong, “Enhanced dynamic authentication scheme (EDAS),” Information System Frontiers, vol. 16, no. 1, pp. 113-127, 2014. Article (CrossRef Link)   DOI
28 B.L. Chen, W.C. Kuo, and L.C. Wuu, “Robust smart-card-based remote user password authentication scheme,” International Journal of Communication Systems, vol. 27, no. 2, pp. 377-389, 2014. Article (CrossRef Link)   DOI
29 T.T. Truong, and M.T. Tran and A.D. Duong “Modified dynamic ID-based user authentication scheme resisting smart-card-theft attack,” Applied Mathematics and Information Sciences, vol. 8, no.3, pp. 967-976, 2014. Article (CrossRef Link)   DOI
30 F. Wen, D. Guo, and X. Li, “Cryptanalysis of a new dynamic id-based user authentication scheme to resist smart-card-theft attack,” Applied Mathematics and Information Sciences, vol. 8, no. 4, pp. 1855-1858, 2014. Article (CrossRef Link)   DOI
31 P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Proc. of Advances in Cryptology (CRYPTO’99), 388-397, 1999. Article (CrossRef Link)
32 M.S. Hwang, and L.H. Li, “A New Remote User Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, vol. 46, no.1, pp. 28–30, 2000. Article (CrossRef Link)   DOI
33 T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Examining smart-card security under the threat of power analysis attacks,” IEEE Transactions on Computers, vol. 51, no. 5, pp. 541-552, 2002. Article (CrossRef Link)   DOI
34 N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, pp. 203-209, 1987. Article (CrossRef Link)   DOI
35 D. Hankerson, A. Menezes, and S. Vanstone, “Guide to elliptic curve cryptography,” LNCS, Springer: New York, 2004. Article (CrossRef Link)
36 M.K. Khan, S.K. Kim, and K. Alghathbar, “Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic id-based remote user authentication scheme,” Computer Communications, vol. 34, no. 3, 305-309, 2010. Article (CrossRef Link)   DOI
37 W.C. Ku, and S.T. Chang, “Impersonation attacks on a dynamic ID-based remote user authentication scheme using smart cards,” IEICE Transactions on Communication, vol. E88-B, no. 5, pp. 2165-2167, 2005. Article (CrossRef Link)   DOI
38 S. Kumari, and M.K. Khan, “More secure smart card based remote user password authentication scheme with user anonymity,” Security and Communication Networks, 2013. Article (CrossRef Link)
39 D. He, N. Kumar, H. Shen, and J.H. Lee, “One-to-many authentication for access control in mobile pay-TV systems,” Science China-Information Sciences, vol. 59, no. 5, pp. 1-14, 2016. Article (CrossRef Link)   DOI
40 S. Kumari, and M.K. Khan, “Cryptanalysis and improvement of ‘A robust smart-card-based remote user password authentication scheme,” International Journal of Communication Systems, vol. 27, no. 12, pp. 3939-3955, 2012. Article (CrossRef Link)   DOI
41 D. Wang, Q. Gu, H. Cheng and P. Wang, “The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes,” in Proc. of the 11th ACM Asia Conference on Computer and Communications Security (AISACCS 2016), pp. 475-486. Article (CrossRef Link)
42 K.M. Martin, “Everyday cryptography: Fundamental principles and applications,” Oxford University Press, Chapter 13, p. 495, 2012. Article (CrossRef Link)
43 L. Zhang, S. Tang, and S. Zhu, “An energy efficient authenticated key agreement protocol for SIP-based green VoIP Networks,” Journal of Network and Computer Applications, vol.59, pp. 126-133, 2016. Article (CrossRef Link)   DOI
44 Q. Jiang, J. Ma, G. Li, and X. Li. “Improvement of robust smart-card-based password authentication scheme,” International Journal of Communication Systems, vol. 28, no. 2, pp. 383-393, 2015. Article (CrossRef Link)   DOI
45 R. Canetti, and H. Krawczyk, “Analysis of key exchange schemes and their use for building secure channels,” in Proc. of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology-Eurocrypt 2001, pp. 453-473, 2001. Article (CrossRef Link)
46 Q. Jiang, M. K. Khan, X. Lu, J. Ma, and D. He., “A privacy preserving three-factor authentication protocol for e-health clouds,” Journal of Supercomputing, 2016. Article (CrossRef Link)