Design of improved password authentication and update scheme based on elliptic curve cryptography

Mathematical and Computer Modelling

Volumn 57, Issue 11-12, 2013, Pages 2703-2717

  Hafizul Islam, S K ^a   Biswas, G P ^a  

^a INDIAN SCHOOL OF MINES   (India)

Author keywords

Cryptographic hash function; Elliptic curve cryptography; Impersonation attack; Insider attack; Password authentication

Indexed keywords

CRYPTOGRAPHIC HASH FUNCTIONS; ELLIPTIC CURVE CRYPTOGRAPHY; IMPERSONATION ATTACK; INSIDER ATTACK; PASSWORD AUTHENTICATION;

AUTHENTICATION; HASH FUNCTIONS; PUBLIC KEY CRYPTOGRAPHY; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 84892506781     PISSN: 08957177     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.mcm.2011.07.001     Document Type: Article

References (45)

1. Lamport L. Password authentication with insecure communication. Communications of the ACM 1981, 24(11):770-772.
2. Peyravian M., Zunic N. Methods for protecting password transmission. Computers and Security 2000, 19(5):466-469.
3. Lee C.C., Li L.H., Hwang M.S. A remote user authentication scheme using hash functions. ACM Operating Systems Review 2002, 36(4):23-29.
4. Ku W.C., Chen C.M., Lee H.L. Weaknesses of Lee-Li-Hwang's Hash-based password authentication scheme. ACM Operating Systems Review 2003, 37(4):19-25.
5. Yoon E.J., Ruy E.K., Roo K.Y. A secure user authentication scheme using hash functions. ACM Operating Systems Review 2004, 38(2):62-68.
6. Ku W.C., Chaing M.H., Chang S.T. Weaknesses of Yoon-Ryu-Yoo's hash-based password authentication scheme. ACM Operating Systems Review 2005, 39(1):85-89.
7. Hwang J.J., Yeh T.C. Improvement on Peyravian-Zunic's password authentication schemes. IEICE Transactions on Communications 2002, E85-B(4):823-825.
8. Ku W.C., Chen C.M., Hui L. Cryptanalysis of a variant of Peyravian-Zunic's password authentication scheme. IEICE Transactions on Communications 2002, E86-B(5):1682-1684.
9. Lin C.L., Hwang T. A password authentication scheme with secure password updating. Computers and Security 2003, 22(1):68-72.
10. Peyravian M., Jeffries C. Secure remote user access over insecure networks. Computer Communications 2006, 29(5):660-667.
11. Shim K.A. Security flaws of remote user access over insecure networks. Computer communications 2006, 30(1):117-121.
12. Chang Y.F., Chang C.C., Liu Y.L. Password authentication without the server public key. IEICE Transactions on Communications 2004, E87-B(10):3088-3091.
13. L. Zhu, S. Yu, X. Zhang, Improvement upon mutual password authentication scheme, International seminar on business and information management, 2008, pp. 400-403.
14. Trusted Computing Group. TCG Specification Architecture Overview [EB/OL] 2007. Avaliable: http://www.trustedcomputinggroug.org/.
15. Shen Z.H. A new modified remote user authentication scheme using smartcards. Applied Mathematics 2008, 23(3):371-376.
16. Jia Y.L., Jhou A.M., Gao M.X. A new mutual authentication scheme based on nonce and smartcards. Computer Communications 2008, 31(10):2205-2209.
17. Juang W.S., Nien W.K. Efficient password authenticated key agreement using bilinear pairings. Mathematical and Computer Modelling 2008, 47(11-12):1238-1245.
18. Kim S.K., Chung M.G. More secure remote user authentication scheme. Computer Communications 2009, 32(6):1018-1021.
19. Xu J., Zhu W.T., Feng D.G. An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces 2009, 31(4):723-728.
20. Kumar M. An enhanced remote user authentication scheme with smart card. International Journal of Network Security 2010, 10(3):175-184.
21. Li C.T., Hwang M.S. An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 2010, 33(1):1-5.
22. Wang X.M., Zhang W.F., Zhang J.S., Khan M.K. Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Standards and Interfaces 2007, 29:507-512.
23. Xiang T., Wong K.W., Liao X. Cryptanalysis of a password authentication scheme over insecure networks. Journal of Computer and System Sciences 2008, 74(5):657-661.
24. Hsiang H.C., Shih W.K. Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards. Computer Communications 2009, 32(4):649-652.
25. Joye M., Olivier F. Side-channel analysis, Encyclopedia of Cryptography and Security 2005, Kluwer Academic Publishers, pp. 571-576.
26. Chung H.R., Ku W.C., Tsaur M.J. Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments. Computer Standards and Interfaces 2009, 31(4):863-868.
27. Chen Y., Chou J.S., Huang C.H. Comments on five smart card based password authentication protocols. International Journal of Computer Science and Information Security 2010, 8(2):129-132.
28. P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in: Proceedings of Advances in Cryptology- Crypto'99, LNCS, 1999, pp. 388-397.
29. Messerges T.S., Dabbish E.A., Sloan R.H. Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 2002, 51(5):541-552.
30. Hankerson D., Menezes A., Vanstone S. Guide to Elliptic Curve Cryptography 2004, Springer-Verlag, New York, USA.
31. Koblitz N. Elliptic curve cryptosystem. Journal of mathematics computation 1987, 48(177):203-209.
32. V. Miller, Use of elliptic curves in cryptography, in: Proceedings of Advances in Cryptology-Crypto'85, LNCS, 1985, pp. 417-426.
33. Boneh D., Franklin M. Identity-based encryption from the Weil pairing. SIAM Journal on Computing 2003, 32:586-615.
34. Boneh D., Lynn B., Shacham H. Short signatures from the Weil pairing. Journal of Cryptology 2004, 17(4):297-319.
35. Verheul E.R. Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. Journal of Cryptology 2004, 17(4):277-296.
36. Hsiang H.C., Shiha W.K. Improvement of the secure dynamic ID based remote user authenticationnext term scheme for multi-server environment. Computer Standards and Interfaces 2009, 31(6):1118-1123.
37. Yan Y.H., Wang D.S., Li J.P., Li L.G. Cryptanalysis of a remote user authentication scheme based on bilinear pairing. In: IEEE ICACIA 2009, 73-76.
38. Hou M., Xu Q., Shanqing G., Jiang H. Cryptanalysis of identity-based authenticated key agreement protocols from parings. Journal of Networks 2010, 5(7):826-855.
39. C.M. Swanson, Security in key agreement: two-party certificateless schemes, Master's thesis, University of Waterloo, Canada, 2008.
40. R. Canetti, H. Krawczyk, Analysis of key exchange protocols and their use for building secure channels, In: Proceedings of Advances in Cryptology-Eurocrypt'01, Springer-Verlag, LNCS, 2001, pp. 453-474.
41. Z. Cheng, M. Nistazakis, R. Comley, L. Vasiu, On the indistinguishability-based security model of key agreement protocols-simple cases, Cryptology ePrint Archieve, Report 2005/129, 2005.
42. T. Mandt, C. Tan, Certificateless authenticated two-party key agreement protocols, in: Proceedings of the ASIAN 2006, Springer-Verlag, LNCS, 4435, 2008, pp. 37-44.
43. Hsieh B.T, Sun H.M., Hwang T. On the security of some password authentication protocols. Informatica 2003, 14(2):195-204.
44. Diffie W., Hellman M.E. New directions in cryptography. IEEE Transactions on Information Theory 1976, 22(6):644-654.
45. Chung Y.F., Huang K.H., Lai F., Chen T.S. ID-based digital signature scheme on the elliptic curve cryptosystem. Computer Standards and Interfaces 2007, 29(6):601-604.