Browse > Article
http://dx.doi.org/10.3837/tiis.2017.03.027

An Untraceable ECC-Based Remote User Authentication Scheme  

Mehmood, Zahid (School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University)
Chen, Gongliang (School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University)
Li, Jianhua (School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University)
Albeshri, Aiiad (Faculty of Computing and Information Technology, King Abdulaziz University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.11, no.3, 2017 , pp. 1742-1760 More about this Journal
Abstract
Recent evolution in the open access internet technology demands that the identifying information of a user must be protected. Authentication is a prerequisite to ensure the protection of user identification. To improve Qu et al.'s scheme for remote user authentication, a recent proposal has been published by Huang et al., which presents a key agreement protocol in combination with ECC. It has been claimed that Huang et al. proposal is more robust and provides improved security. However, in the light of our experiment, it has been observed that Huang et al.'s proposal is breakable in case of user impersonation. Moreover, this paper presents an improved scheme to overcome the limitations of Huang et al.'s scheme. Security of the proposed scheme is evaluated using the well-known random oracle model. In comparison with Huang et al.'s protocol, the proposed scheme is lightweight with improved security.
Keywords
Smart-card; Key agreement; Remote user authentication; Password-based authentication;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Saru Kumari, Xiong Li, Fan Wu, Ashok Kumar Das, Hamed Arshad, Muhammad Khurram Khan, "A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps," Future Generation Computer Systems, Volume 63, Pages 56-75, ISSN 0167-739X, October 2016.   DOI
2 Arshad, Hamed, and Morteza Nikooghadam, "Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol," The Journal of Supercomputing, 71.8, 3163-3180, 2015.   DOI
3 Kumari, Saru, Muhammad Khurram Khan, and Xiong Li, "An improved remote user authentication scheme with key agreement," Computers & Electrical Engineering, 40.6, 2014.
4 Mir, Omid, and Morteza Nikooghadam, "A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services," Wireless Personal Communications, 83.4, 2439-2461, 2015.   DOI
5 Lamport L., "Password authentication with insecure communication," Communications of the ACM, 24(11):770-772, 1981.   DOI
6 Peyravian M, Zunic N., "Methods for protecting password transmission. Computers & Security, 19(5):466-469, 2000.   DOI
7 Lin CL, Hwang T., "A password authentication scheme with secure password updating," Computers & Security, 22(1):68-72, 2003.   DOI
8 Yoon, Eun-Jun, et al., "A secure and efficient SIP authentication scheme for converged VoIP networks," Computer Communications, 33.14, 1674-1681, 2010.   DOI
9 Nikooghadam, Morteza, Reza Jahantigh, and Hamed Arshad, "A lightweight authentication and key agreement protocol preserving user anonymity," Multimedia Tools and Applications, 1-23, 2016.
10 Kumari, S., Das, A. K., Wazid, M., Li, X., Wu, F., Choo, K.-K. R., and Khan, M. K., "On the design of a secure user authentication and key agreement scheme for wireless sensor networks," Concurrency Computat.: Pract. Exper.
11 Khalid Mahmood, Shehzad Ashraf Chaudhry, Husnain Naqvi, Taeshik Shon, Hafiz Farooq Ahmad, "A lightweight message authentication scheme for Smart Grid communications in power sector," Computers & Electrical Engineering, Volume 52, Pages 114-124, ISSN 0045-7906, May 2016.   DOI
12 He D, Kumar N, Chilamkurti N., "A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks," Information Sciences, 2015.
13 Kumari, S., Chaudhry, S.A., Wu, F., Farash, M.S., Khan, M.K., "An improved smart card based authentication scheme for session initiation protocol, Peer-to-Peer Netw," Appl., 2015.
14 Chaudhry, S. A., Khan, I., Irshad, A., Ashraf, M. U., Khan, M. K., and Ahmad, H. F., "A provably secure anonymous authentication scheme for Session Initiation Protocol," Security Comm. Networks, 2016.
15 Qu J, Tan XL., "Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem," Journal of Electrical and Computer Engineering 2014, 2014.
16 Chaudhry, S.A., Naqvi, H., Mahmood, K. Ahmad, H.F., Khan, M.K., An Improved Remote User Authentication Scheme Using Elliptic Curve Cryptography Wireless Pers Commun, 2016.
17 Lee SW, Kim HS, Yoo KY., "Improvement of chien et al.'s remote user authentication scheme using smart cards," Computer Standards & Interfaces, 27(2):181-183, 2005.   DOI
18 Lee NY, Chiu YC., "Improved remote authentication scheme with smart card," Computer Standards & Interfaces, 27(2):177-180, 2005.   DOI
19 Islam SH, Biswas G., "Amore efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem," Journal of Systems and Software, 84(11):1892-1898, 2011.   DOI
20 Messerges TS, Dabbish E, Sloan RH, et al., "Examining smart-card security under the threat of power analysis attacks," Computers, IEEE Transactions on, 51(5):541-552, 2002.   DOI
21 Kilinc HH, Yanik T., "A survey of sip authentication and key agreement schemes," Communications Surveys & Tutorials, IEEE, 16(2):1005-1023, 2014.   DOI
22 Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., and Khan, M. K., "An enhanced privacy preserving remote user authentication scheme with provable security," Security Comm. Networks, 8: 3782-3795, 2015.   DOI
23 Kocher P, Jaffe J, Jun B., "Differential power analysis," Advances in CryptologyUCRYPTOS99, Springer, 388-397, 1999.
24 Huang B, Khan MK, Wu L, Muhaya FTB, He D., "An efficient remote user authentication with key agreement scheme using elliptic curve cryptography," Wireless Personal Communications, 1-16, 2015.
25 Song R., "Advanced smart card based password authentication protocol," Computer Standards & Interfaces, 32(5):321-325, 2010.   DOI
26 Chen BL, KuoWC,Wuu LC., "Robust smart-card-based remote user password authentication scheme," International Journal of Communication Systems, 27(2):377-389, 2014.   DOI
27 Jiang Q, Ma J, Li G, Ma Z., "An improved password-based remote user authentication protocol without smart cards," Information technology And control, 42(2):113-123, 2013.
28 Cao X, Zhong S., "Breaking a remote user authentication scheme for multi-server architecture," IEEE Communications Letters, 10(8):580-581, 2006.   DOI
29 Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani MTM., "On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme," Advances in Cryptology-CRYPTO, Springer, 203-220, 2008.
30 Dolev D, Yao AC, "On the security of public key protocols," Information Theory, IEEE Transactions on, 29(2):198-208, 1983.   DOI
31 Chaudhry SA, Naqvi H, Farash MS, Shon T, Sher M., "An improved and robust biometricsbased three factor authentication scheme for multiserver environments," The Journal of Supercomputing 1-17, 2015.
32 Chaudhry SA., "A secure biometric based multi-server authentication scheme for social multimedia networks," Multimedia Tools and Applications, 1-21, 2015.
33 Sood SK, Sarje AK, Singh K., "An improvement of xu et al.'s authentication scheme using smart cards," in Proc. of the third annual ACM Bangalore conference, ACM, 15, 2010.
34 Kumari, S., Karuppiah, M., Li, X., Wu, F., Das, A. K., and Odelu, V., "An enhanced and secure trust-extended authentication mechanism for vehicular ad-hoc networks," Security Comm. Networks, 9: 4255-4271, 2016.   DOI
35 Arshad, Hamed, and Morteza Nikooghadam, "An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC," Multimedia Tools and Applications, 75.1, 181-197, 2016.   DOI
36 Juang WS, Chen ST, Liaw HT., "Robust and efficient password-authenticated key agreement using smart cards," Industrial Electronics, IEEE Transactions on, 55(6):2551-2556, 2008.   DOI
37 Yang G, Wong DS, Wang H, Deng X., "Two-factor mutual authentication based on smart cards and passwords," Journal of Computer and System Sciences, 74(7):1160-1172, 2008.   DOI
38 Xu J, Zhu WT, Feng DG., "An improved smart card based password authentication scheme with provable security," Computer Standards & Interfaces, 31(4):723-728, 2009.   DOI