Browse > Article
http://dx.doi.org/10.3837/tiis.2019.02.027

An Improved Lightweight Two-Factor Authentication and Key Agreement Protocol with Dynamic Identity Based on Elliptic Curve Cryptography  

Qiu, Shuming (Elementary Educational College, Jiangxi Normal University)
Xu, Guosheng (School of CyberSpace Security, Beijing University of Posts and Telecommunications)
Ahmad, Haseeb (Department of Computer Science, National Textile University)
Xu, Guoai (School of CyberSpace Security, Beijing University of Posts and Telecommunications)
Qiu, Xinping (Jiangxi University of Finance and Economics)
Xu, Hong (High-Tech Research and Development Center, the Ministry of Science and Technology)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.13, no.2, 2019 , pp. 978-1002 More about this Journal
Abstract
With the rapid development of the Internet of Things, the problem of privacy protection has been paid great attention. Recently, Nikooghadam et al. pointed out that Kumari et al.'s protocol can neither resist off-line guessing attack nor preserve user anonymity. Moreover, the authors also proposed an authentication supportive session initial protocol, claiming to resist various vulnerability attacks. Unfortunately, this paper proves that the authentication protocols of Kumari et al. and Nikooghadam et al. have neither the ability to preserve perfect forward secrecy nor the ability to resist key-compromise impersonation attack. In order to remedy such flaws in their protocols, we design a lightweight authentication protocol using elliptic curve cryptography. By way of informal security analysis, it is shown that the proposed protocol can both resist a variety of attacks and provide more security. Afterward, it is also proved that the protocol is resistant against active and passive attacks under Dolev-Yao model by means of Burrows-Abadi-Needham logic (BAN-Logic), and fulfills mutual authentication using Automated Validation of Internet Security Protocols and Applications (AVISPA) software. Subsequently, we compare the protocol with the related scheme in terms of computational complexity and security. The comparative analytics witness that the proposed protocol is more suitable for practical application scenarios.
Keywords
Elliptic curve cryptography; Two-factor; Authentication; AVISPA; BAN-Logic;
Citations & Related Records
연도 인용수 순위
  • Reference
1 MS. Farash, SA. Chaudhry, M. Heydari, SMS. Sadough, S. Kumari and MK. Khan, "A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security," Int. J. Communication Systems, vol.30, no.4, 2017.
2 S. Kumari, M. Karuppiah, AK. Das, X. Li, F. Wu and V. Gupta, "Design of a secure anonymity-preserving authentication scheme for session initiation protocol using elliptic curve cryptography," J Ambient Intell Human Comput, 2017.
3 S. Kumari, "Design flaws of "an anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography," Multimed Tools Appl, vol.76, pp. 13581, 2017.   DOI
4 SM. Qiu, GA. Xu, H. Ahmad and LC. Wang, "A Robust Mutual Authentication Scheme Based on Elliptic Curve Cryptography for Telecare Medical Information Systems," IEEE Access, 6, pp. 7452-7463, 2018.   DOI
5 SM. Qiu, GA. Xu, H. Ahmad and YH. Guo, "An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy," PLoS ONE, vol. 13, no. 3, e0194072, 2018.   DOI
6 J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leac and A. Luotonen, "HTTP Authentication: Basic and digest access authentication," IETF RFC, 2617, 1999.
7 C. Yang, R. Wang and W. Liu, "Secure authentication scheme for session initiation protocol," Comput Secur, vol. 24, 381-386, 2015.   DOI
8 HF. Huang, WC. Wei and GE. Brown, "A new efficient authentication scheme for session initiation protocol," in Proc. of 9th Joint Conference on Information Sciences, 2006.
9 D. Denning, G. Sacco. "Timestamps in key distribution systems," Commun ACM, vol. 24, no.8, pp. 533-536, 1981.   DOI
10 A. Durlanik and I. Sogukpinar, "SIP authentication scheme using ECDH," World Enformatika Soc Trans Eng Comput Technol, 8, pp. 350-353, 2005.
11 D. Wang, C. Ma, P. Wang and Z. Chen, "Robust smart card based password authentication scheme against smart card security breach," IACR Cryptology ePrint Archive, 2012. Retrieved from eprint.iacr.org/2012/439.pdf.
12 S. Kumari, M. Khan and X. Li, "An improved remote user authentication scheme with key agreement," Comput Electr Eng, vol.40, no.6, pp. 1997-2012, 2014.   DOI
13 SA. Chaudhry, MS. Farash, H. Naqvi, S. Kumari and MK. Khan, "An enhanced privacy preserving remote user authentication scheme with provable security," Secur Commun Netw, vol.8, no.18, pp. 3782-3795, 2015.   DOI
14 Morteza. Nikooghadam, Reza. Jahantigh and Hamed. Arshad, "A lightweight authentication and key agreement protocol preserving user anonymity," Multimedia Tools Appl, Vol. 76, no.11, pp. 13401-13423, 2017.   DOI
15 D. Dolev and A. Yao, "On the security of public key protocols," IEEE Trans Inf Theory, vol. 29, no.2, pp. 198-208, 1983.   DOI
16 D. Wang and P. Wang, "Two birds with one stone: two-factor authentication with security beyond conventional bound," IEEE Trans Depend Secur Comput, 2016.
17 P. Kocher, J. Jaffe and B. Jun, "Differential power analysis," Advances in Cryptology, 1666, pp. 388-397, 1999.
18 D. Wang, DB. He, P. Wang and C. Chu, "Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment," IEEE Trans Depend Secur Comput, vol. 12, no. 4, pp. 428-442, 2015.   DOI
19 TS. Messerges, EA. Dabbish and RH. Sloan, "Examining smart-card security under the threat of power analysis attacks," IEEE Trans Comput, vol.51, no.5, pp. 541-552, 2002.   DOI
20 Y. Chang, W. Tai and H. Chang, "Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update," Int J Commun Syst, 2015.
21 M. Burrow, M. Abadi, and R. M. Needham, "A logic of authentication," ACM Trans. Comput. Syst, vol. 8, no. 1, pp. 18-36, 1990.   DOI
22 DD. Wang, Z. Zhang, and P. Wang, ''Targeted online password guessing: An underestimated threat,'' in Proc. of ACM CCS, vol. 16, pp. 1242-1254, 2016.
23 D. Wang and P. Wang, "On the implications of Zipf's law in passwords," in Proc. of ESORICS, 2016, pp. 111-131.
24 AVISPA. "Automated validation of internet security protocols and applications," http://www.avispaproject.org/ (accessed on March 2018).
25 J. Chou, C. Huang, Y. Huang and Y. Chen, "Efficient two-pass anonymous identity authentication using smart card," IACR Cryptology ePrint Archive, 2013. Retrieved from eprint.iacr.org/2013/402.pdf.
26 F. Wen and X. Li, "An improved dynamic id-based remote user authentication with key agreement scheme," Comput Electr Eng, vol. 38, no. 2, pp. 381-387, 2011.   DOI
27 H. Kilinc and T. Yanik, "A survey of SIP authentication and key agreement schemes," IEEE Communications Surveys and Tutorials, vol. 16, no. 2, pp. 1005-1023, 2014.   DOI
28 BL. Chen, WC. Kuo and LC. Wuu, "Robust smart-card-based remote user password authentication scheme," Int J Commun Syst, 27, pp. 377-389, 2012.   DOI
29 D. Mishra, AK. Das, A. Chaturvedi and S. Mukhopadhyay, "A secure password-based authentication and key agreement scheme using smart cards," J Inf Secur Appl, 23, pp. 28-43, 2015.   DOI
30 Juan. Qu and Li-min. Zou, "An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme," J. Electrical and Computer Engineering, pp. 786587:1-786587:, 2013.
31 H. Arshad and M. Nikooghadam, "An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC," Multimedia Tools and Applications, vol. 75, no. 1, pp. 181-197, 2016.   DOI
32 Ding. Wang, Nan, Wang, Ping. Wang and Sihan. Qing, "Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity," Inf. Sci, 321, pp. 162-178, 2015.   DOI
33 Chunguang. Ma, Dingwang. and Sendong. Zhao, "Security flaws in two improved remote user authentication schemes using smart cards," Int. J. Communication Systems, vol. 27, no. 10, pp. 2215-2227, 2014.   DOI
34 Xinyi. Huang, Xiaofeng. Chen, Jin. Li, Yang. Xiang and Li. Xu, "Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems," IEEE Trans. Parallel Distrib. Syst, vol. 25, no. 7, pp. 1767-1775, 2014.   DOI
35 J.Arkko, V. Torvinen, G. Camarillo, A. Niemi and T. Haukka, "Security mechanism agreement for SIP sessions," IETF Internet Draft, Jun. 2002.
36 Ding. Wang, Haibo. Cheng, Debiao. He and Ping. Wang, "On the Challenges in Designing Identity-Based Privacy-Preserving Authentication Schemes for Mobile Devices," IEEE Systems Journal, vol. 12, no. 1, pp. 916-925, 2018.   DOI
37 Ding. Wang and Ping. Wang, "On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions," Computer Networks, 73, pp. 41-57, 2014.   DOI
38 Ding. Wang, Qianchen. Gu, Haibo. Cheng and Ping. Wang, "The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes," AsiaCCS, pp. 475-486, 2016.
39 Mohammad. Wazid, Ashok Kumar. Das, Vanga. Odelu, Neeraj. Kumar, Mauro. Conti and Minho. Jo, "Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks," IEEE Internet of Things Journal, vol. 5, no. 1, pp. 269-282, 2018.   DOI
40 Shehzad Ashraf. Chaudhry, Husnain. Naqvi, Khalid. Mahmood, Hafiz. Farooq. Ahmad and Muhammad Khurram. Khan, "An Improved Remote User Authentication Scheme Using Elliptic Curve Cryptography," Wireless Personal Communications, vol. 96, no. 4, pp. 5355-5373, 2017.   DOI
41 Shuai. Liu, Zheng. Pan and Houbing. Song, "Digital image watermarking method based on DCT and fractal encoding," IET Image Processing, vol. 11, no. 10, pp. 815-821, 2017.   DOI
42 DB. He, J. Chen and Chen Y, "A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography," Secur Commun Netw, vol.5, no.12, pp. 1423-1429, 2012.   DOI
43 MK. Khan, "Fingerprint Biometric-based Self-Authentication and Deniable Authentication Schemes for the Electronic World," Iete Technical Review, vol. 26, no. 3, pp. 191-195, 2009.   DOI
44 TH. Chen, HL. Yeh, PC. Liu, HC. Hsiang and WK. Shih, "A secured authentication protocol for SIP using elliptic curves cryptography," FGIT-FGCN, vol. 119, no.1, pp. 46-55, 2010.
45 FW. Liu and H. Koenig, "Cryptanalysis of a SIP authentication scheme," In: 12th IFIP TC6/TC11 International Conference, CMS, Lecture Notes in Computer Science, vol. 7025, pp. 134-143, 2011.
46 R. Arshad and N. Ikram, "Elliptic curve cryptography based mutual authentication scheme for session initiation protocol," Multimed Tools Appl, vol.66, no.2, pp. 165-178, 2013.   DOI
47 MS. Farash and MA. Attari, "An Enhanced authenticated key agreement for session initiation protocol," Inf Technol Control, vol.42, no.4, pp. 333-342, 2013.
48 S. Kumari and MK. Khan, "More secure smart card-based remote user password authentication scheme with user anonymity," Security and Communication Networks, vol.7, no.11, pp. 2039-2053, 2014.   DOI
49 H. Tang and X. Liu, "Cryptanalysis of Arshad et al'.s ECC-based mutual authentication scheme for session initiation protocol," Multimed Tools Appl, vol. 65, no. 3, pp. 321-333, 2013.   DOI
50 XM. Wang, W. Guo, WF. Zhang, MK. Khan and K Alghathbar, "Cryptanalysis and improvement on a parallel keyed hash function based on chaotic neural network," Telecommunication Systems, vol. 52, no. 2, pp. 515-524, 2013.   DOI
51 S. Kumari, SA. Chaudhry, F. Wu, X. Li, MS. Farash and MK. Khan, "An improved smart card based authentication scheme for session initiation protocol," Peer-to-Peer Networking and Applications, 2015.
52 SA. Chaudhry, H. Naqvi, T. Shon, M. Sher and MS. Farash, "Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems," J. Medical Systems, vol. 39, no.6, pp. 1-11, 2015.   DOI
53 S. Challa, AK. Das, S. Kumari, V. Odelu, F. Wu and X. Li, "Provably secure three-factor authentication and key agreement scheme for session initiation protocol," Security and Communication Networks, vol. 9, no.18, pp. 5412-5431, 2016.   DOI
54 SA. Chaudhry, I. Khan, A. Irshad, MU. Ashraf, MK. Khan and HF. Ahmad, "A provably secure anonymous authentication scheme for session initiation protocol," Secur Commun Netw, 2016.
55 AK. Sutrala, AK. Das, V. Odelu, M. Wazid and S. Kumari, "Secure anonymity-preserving password-based user authentication and session key agreement protocol for telecare medicine information systems," Computer Methods and Programs in Biomedicine, vol.135, pp. 167-185, 2016.   DOI
56 Shuai. Liu, Zheng. Pan and Xiaochun. Cheng, "A Novel Fast Fractal Image Compression Method based on Distance Clustering in High Dimensional Sphere Surface," Fractals, vol. 25, no. 4, 1740004, 2017.   DOI
57 Zheng. Pan, Shuai. Liu and Weina. Fu, "A review of visual moving target tracking," Multimedia Tools Appl, vol. 76, no. 16, pp. 16989-17018, 2017.   DOI
58 Shuai. Liu, Mengye. Lu, Gaocheng. Liu and Zheng. Pan, "A Novel Distance Metric: Generalized Relative Entropy," Entropy, vol. 19, no. 6, pp. 269, 2017.   DOI