An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity

Security and Communication Networks

Volumn 8, Issue 2, 2015, Pages 245-260

  Xu, Lili ^a   Wu, Fan ^b  

^a XIAMEN UNIVERSITY   (China)

^b HUAQIAO UNIVERSITY   (China)

Author keywords

Authentication key exchange; Password; Smart card; Strong forward security; User anonymity

Indexed keywords

CRYPTOGRAPHY; GEOMETRY; SMART CARDS;

AUTHENTICATED KEY EXCHANGE; AUTHENTICATION KEY EXCHANGES; ELLIPTIC CURVE CRYPTOSYSTEM; FORMAL SECURITY MODELS; FORWARD SECURITY; PASSWORD; REMOTE USER AUTHENTICATION SCHEMES; USER ANONYMITY;

AUTHENTICATION;

EID: 84919348312     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.977     Document Type: Article

References (48)

1. Liao IE, Lee CC, Hwang MS. A password authentication scheme over insecure networks. Journal of Computer and System Sciences 2006; 72(4): 727-740.
2. Jia Z, Zhang Y, Shao H, Lin Y, Wang J. A remote user authentication scheme using bilinear pairings and ECC, ISDA'06. IEEE Sixth International Conference on Intelligent Systems Design and Applications, 2006, vol. 2, Jinan, China, 2006; 1091-1094.
3. Vo DL, Kim K. Security enhancement of a remote user authentication scheme using bilinear pairings and ECC, IEEE IFIP International Conference on Network and Parallel Computing Workshops, 2007. NPC Workshops, Dalian, China, 2007; 144-147.
4. Lee CC, Li LH, Hwang MS. A remote user authentication scheme using hash functions. ACM SIGOPS Operating Systems Review 2002; 36(4): 23-29.
5. Hwang MS, Lee CC, Tang YL. A simple remote user authentication scheme. Mathematical and Computer Modelling 2002; 36(1): 103-107.
6. Lee CC, Li CT, Huang KY, Huang SY. An improvement of remote authentication and key agreement schemes. Journal of Circuits, Systems, and Computers 2011; 20(4): 697-707.
7. Li CT, Lee CC. A robust remote user authentication scheme using smart card. Information Technology and Control 2011; 40(3): 236-245.
8. An Y. Security enhancements of an improved timestamp-based remote user authentication scheme, International Conferences, SecTech, CA, CES3 2012, Springer, Jeju Island, Korea, 2012; 54-61.
9. Chen CL, Lee CC, Hsu CY. Mobile device integration of a fingerprint biometric remote authentication scheme. International Journal of Communication Systems 2012; 25(5): 585-597.
10. Hafizul Islam S, Biswas G. Design of improved password authentication and update scheme based on elliptic curve cryptography. Mathematical and Computer Modelling 2013; 57(11-12): 2703C2717.
11. He D, Gao Y, Chan S, Chen C, Bu J. An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc & Sensor Wireless Networks 2010; 10(4): 361-371.
12. Kumar M, Gupta MK, Kumari S. An improved efficient remote password authentication scheme with smart card over insecure networks. International Journal of Network Security 2011; 13(3): 167-177.
13. Li X, Wen F, Cui S. A strong password-based remote mutual authentication with key agreement scheme on elliptic curve cryptosystem for portable devices. Applied Mathematics 2012; 6(2): 217-222.
14. Li CT. A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Information Security 2013; 7(1): 3-10.
15. Zhang L, Tang S, Cai Z. Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. International Journal of Communication Systems 2013; doi:10.1002/dac.2499.
16. Ma C, Wang D, Zhao P, Wang Y. A new dynamic ID-based remote user authentication scheme with forward secrecy, The 2nd International Workshop on Mobile Business Collaboration. Web Technologies and Applications, Springer, Kunming, China, 2012; 99-211.
17. Wu S, Zhu Y, Pu Q. Robust smart-cards-based user authentication scheme with user anonymity. Security and Communication Networks 2012; 5(2): 236-248.
18. Song R. Advanced smart card based password authentication protocol. Computer Standards & Interfaces 2010; 32(5): 321-325.
19. Wu ZY, Chiang DL, Lin TC, Chung YF, Chen TS. A reliable dynamic user-remote password authentication scheme over insecure network, 2012 26th International Conference on IEEE Advanced Information Networking and Applications Workshops (WAINA), Fukuoka, Japan, 2012; 25-28.
20. Tang H, Liu X, Jiang L. A robust and efficient timestamp-based remote user authentication scheme with smart card lost attack resistance. International Journal of Network Security 2013; 15(6): 360-368.
21. Xie Q. Dynamic ID-based password authentication protocol with strong security against smart card lost attacks. First International Conference, ICWCA (Wireless Communications and Applications) 2011 2012: 412-418.
22. Li X, Zhang Y. A simple and robust anonymous two-factor authenticated key exchange protocol. Security and Communication Networks 2013; 6(6): 711-722.
23. Wang D, Ma C, Zhang Q, Zhao S. Secure password-based remote user authentication scheme against smart card security breach. Journal of Networks 2013; 8(1): 148-155.
24. Jiang Q, Ma J, Ma Z, Li G. A privacy enhanced authentication scheme for telecare medical information systems. Journal of Medical Systems 2013; 37(1): 9897. DOI: 10.1007/s10916-012-9897-0.
25. Wu F, Xu L. Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. Journal of medical systems 2013; 37(4): 9958. DOI: 10.1007/s10916-013-9958-z.
26. Lee CC, Chen CL, Wu CY, Huang SY. An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dynamics 2012; 69(1-2): 79-87.
27. Li CT, Lee CC, Weng CY. An extended chaotic maps based user authentication and privacy preserving scheme against dos attacks in pervasive and ubiquitous computing environments. Nonlinear Dynamics 2013; 74(4): 1133-1143.
28. Tsai CS, Lee CC, Hwang MS. Password authentication schemes: current status and key issues. International Journal of Network Security 2006; 3(2): 101-115.
29. Madhusudhan R, Mittal R. Dynamic ID-based remote user password authentication schemes using smart cards: a review. Journal of Network and Computer Applications 2012; 35(4): 1235-1248.
30. Wang D, Ma C, Shi L, Wang Y. On the security of an improved password authentication scheme based on ECC, 3rd International Conference on Information Computing and Applications, 2012. Information Computing and Applications, Springer, Chengde, China, 2012; 181-188.
31. Horng WB, Lee CP, Peng JW. Security weaknesses of Song's advanced smart card based password authentication protocol, 2010 IEEE International Conference on Progress in Informatics and Computing (PIC), vol.1, Shanghai, China, 2010; 477-480.
32. Yoon EJ, Yoo KY. Three attacks on Jia et al.'s remote user authentication scheme using bilinear pairings and ECC. World Academy of Science, Engineering and Technology 2011; 60: 447-451.
33. Ma C, Wang D, Zhao S. Security flaws in two improved remote user authentication schemes using smart cards. International Journal of Communication Systems 2012; doi:10.1002/dac.2468.
34. Tang H, Liu X. Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme. International Journal of Communication Systems 2012; 25(12): 1639-1644.
35. Tapiador JE, Hernandez-Castro JC, Peris-Lopez P, Clark JA. Cryptanalysis of Song's advanced smart card based password authentication protocol, 2011. arXiv preprint arXiv:1111.2744.
36. Tang Hb, Liu Xs, Chen Jy. Weakness of remote authentication scheme of Chen et al. International Journal of Communication Systems 2013. DOI: 10.1002/dac.2534.
37. Kocher P, Jaffe J, Jun B. Differential Power Analysis. Advances in CryptologyłCRYPTO99, 19th Annual International Cryptology Conference, Springer, Santa Barbara, California, USA, 1999; 388-397.
38. Messerges TS, Dabbish EA, Sloan RH. Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 2002; 51(5): 541-552.
39. Mangard S, Oswald E, Standaert FX. One for all-all for one: unifying standard differential power analysis attacks. IET Information Security 2011; 5(2): 100-110.
40. Park D, Boyd C, Moon SJ. Forward secrecy and its application to future mobile communications security, Third International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2000, 2000; 433-445.
41. Bellare M, Rogaway P. Random oracles are practical: a paradigm for designing efficient protocols, Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, VA, USA, 1993; 62-73.
42. Bellare M, Pointcheval D, Rogaway P. Authenticated Key Exchange Secure Against Dictionary Attacks. Advances in Cryptology-Eurocrypt 2000, International Conference on the Theory and Application of Cryptographic Techniques, Springer, Bruges, Belgium, 2000; 139-155.
43. Kwon T. Authentication and key agreement via memorable password, ISOC Network and Distributed System Security Symposium, vol. 20, Citeseer, 2001; 31-33.
44. Kwon T. Practical Authenticated Key Agreement Using Passwords. Information Security, 7th International Conference, ISC 2004, Springer, Palo Alto, CA, USA, 2004; 1-12.
45. Rankl W, Effing W. Smart Card Handbook. Wiley, 2010.
46. Han W, Zhu Z. An ID-based mutual authentication with key agreement protocol for multiserver environment on elliptic curve cryptosystem. International Journal of Communication Systems 2012. DOI: 10.1002/dac.2405.
47. He D. An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings. Ad Hoc Networks 2012; 10(6): 1009-1016.
48. Scott M, Costigan N, Abdulwahab W. Implementing Cryptographic Pairings on Smartcards, Cryptographic Hardware and Embedded Systems-CHES 2006, Springer, Yokohama, Japan, 2006; 134-147.