Browse > Article
http://dx.doi.org/10.3745/KTCCS.2013.2.12.517

Zero-knowledge Based User Remote Authentication Over Elliptic Curve  

Choi, Jongseok (부산대학교 전기전자컴퓨터공학과)
Kim, Howon (부산대학교 정보컴퓨터공학부)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.2, no.12, 2013 , pp. 517-524 More about this Journal
Abstract
Although password-based authentication as known as knowledge-based authentication was commonly used but intrinsic problems such as dictionary attack remain unsolved. For that the study on possession-based authentication was required. User remote authentication using smartcard is proceeding actively since Lee et al. proposed user remote authentication using knowledge-based information(password) and possession-base information(smartcard) in 2002. in 2009, Xu et al. proposed a new protocol preserving user anonymity and Shin et al. proposed enhanced scheme with analysis of its vulnerabilities on user anonymity and masquerading attack in 2012. In this paper, we analyze Shin et al. scheme on forward secrecy and insider attack and present novel user authentication based on elliptic curve cryptosystem which is secure against forward secrecy, insider attack, user anonymity and masquerading attack.
Keywords
ECC(Elliptic Curve Cryptography); Smart Card; Authentication; Forward Secrecy; Anonymity;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 L. Lamport, "Password authentication with insecure communication," Communications of the ACM, Vol.24, No.11, pp.770-772, 1981.   DOI   ScienceOn
2 N. Haller, "The S/Key one-time password system," in Proceedings of the ISOC Symposium on Network and Distributed System Security, pp.151-157, 1994
3 J. Choi and H. Kim, "One-Handled The Mobile One-Time Password Scheme," The Journal of The Korean Institute of Communication Sciences, Vol.37, No.6, pp.497-501, 2012   과학기술학회마을   DOI   ScienceOn
4 C. M. Chen and W. C. Ku, "Stolen-verifier attack on two new strong-password authentication protocol," IEICE Transactions on communications, Vol.E85-B, No.11, pp.2519-2521, 2002.
5 C. C. Lee, M. S. Hwang and W. P. Yang, "A Flexible Remote User Authentication Scheme using Smart Cards," ACM Operating System Review, Vol.36, No.4, pp.23-29, 2002.
6 M. L. Das, A. Saxena and V. P. Gulati, "A dynamic ID-based remote user authentication Scheme," IEEE Transactions on Consume Electronics, Vol.50, No.2, pp.629-631, 2004.   DOI   ScienceOn
7 H. Y. Chien and C. H. Chen, "A remote User Authentication Scheme preserving user anonymity," in Proceedings of IEEEAINA'05, Vol.2, pp.245-248, 2005.
8 L. Hu, Y. Yang and X. Niu, "Improved remote User Authentication Scheme preserving user anonymity," in Proceedings of Fifth Annual Conference on Communication Network and Services Research(CNSR), pp.323-328, 2007.
9 C. S. Bindu, P. C. S. Reddy and B. Satyanarayana, "Imporoved Remote User Authentication Scheme Preserving User Anonymity," IJCSNS, Vol.8, No.3, pp.62-66, 2008.
10 Z. Chai, Z. Cao and R. Lu, "Efficient Password-Based Authentication and Key Exchange Scheme Preserving User Privacy," in Proceedings of WASA'06, LNCS 4138, pp.467-477, 2006.
11 S. Kim, J. Y. Chun and D. H. Lee, "Anonymity User Authentication Scheme with Smart Cards preserving Traceability," Journal of the Korea Institute of Information Security and Cryptology, Vol.18, No.5, pp.31-39, 2008   과학기술학회마을
12 J. Choi and S. Shin, "Traceable Authentication Scheme Providing User Anonymity," Journal of The Korea Contents Association, Vol.9, No.4, pp.95-102, 2009   과학기술학회마을   DOI   ScienceOn
13 J. Choi, S. Shin and K. Han, "Three-Party Key Exchange Protocol Providing User Anonymity based on Smartcards," Journal of the Korea Academia-Industrial cooperation Society, Vol.10 No.2, pp.388-395, 2009   과학기술학회마을   DOI   ScienceOn
14 J. Xu, W. Zhu and D. Feng, "An improved smart card based password authentication scheme provable security," Computer Standard & Interface, Vol.31, No.4, pp.723-728, 2009.   DOI   ScienceOn
15 K. Shin and J. Cho, "A Remote Authentication Protocol Design Using Smart Card to Guarantee User Anonymity," Korean Institute Of Information Technology, Vol.10, No.12, pp.77-87, 2012.