A new authenticated key agreement scheme based on smart cards providing user anonymity with formal proof

Security and Communication Networks

Volumn 8, Issue 18, 2015, Pages 3847-3863

  Wu, Fan ^a   Xu, Lili ^b   Kumari, Saru ^c   Li, Xiong ^d   Alelaiwi, Abdulhameed ^e  

^a XIAMEN INSTITUTE OF TECHNOLOGY   (China)

^b XIAMEN UNIVERSITY   (China)

^c CH CHARAN SINGH UNIVERSITY   (India)

^d HUNAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (China)

^e KING SAUD UNIVERSITY   (Saudi Arabia)

Author keywords

Formal proof; Mutual authentication; Smart card; User anonymity

Indexed keywords

COMPUTER CRIME; SMART CARDS;

AUTHENTICATED KEY AGREEMENT; DE-SYNCHRONIZATION ATTACKS; FORMAL PROOFS; MUTUAL AUTHENTICATION; NETWORK APPLICATIONS; USER ANONYMITY; USER AUTHENTICATION; USER IMPERSONATION ATTACKS;

AUTHENTICATION;

EID: 84936129205     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.1305     Document Type: Article

References (43)

1. Wu F, Xu L. An improved and provable self-certified digital signature scheme with message recovery. International Journal of Communication Systems. 2015; 28(2): 344-357.
2. Islam SH, Khan MK. Provably secure and pairing-free identity-based handover authentication protocol for wireless mobile networks. International Journal of Communication Systems. 2014. 10.1002/dac.2847.
3. Islam SH. Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dynamics. 2014; 78(3): 2261-2276.
4. Chang CC, Wu TC. Remote password authentication with smart cards. IEE Proceedings - Computers and Digital Techniques. 1991; 138(3): 165-168.
5. Islam SH, Biswas G. A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software. 2011; 84(11): 1892-1898.
6. An YSecurity Enhancements of an Improved Timestamp-based Remote User Authentication Scheme, Computer Applications for Security, Control and System Engineering. Springer Berlin Heidelberg: Jeju Island, Korea, 2012.
7. Chen CL, Lee CC, Hsu CY. Mobile device integration of a fingerprint biometric remote authentication scheme. International Journal of Communication Systems. 2012; 25(5): 585-597.
8. Kumar M, Gupta MK, Kumari S. An improved efficient remote password authentication scheme with smart card over insecure networks. International Journal of Network Security. 2011; 13(3): 167-177.
9. He D, Gao Y, Chan S, Chen C, Bu J. An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc & Sensor Wireless Networks. 2010; 10(4): 361-371.
10. Han W, Zhu Z. An ID-based mutual authentication with key agreement protocol for multiserver environment on elliptic curve cryptosystem. International Journal of Communication Systems. 2014; 27(8): 1173-1185.
11. Li CT. Secure smart card based password authentication scheme with user anonymity. Information Technology and Control. 2011; 40(2): 157-162.
12. Li X, Zhang Y. A simple and robust anonymous two-factor authenticated key exchange protocol. Security and Communication Networks. 2013; 6(6): 711-722.
13. Wu ZY, Chiang DL, Lin TC, Chung YF, Chen TS, A reliable dynamic user-remote password authentication scheme over insecure network. In 2012 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA). IEEE Computer Society TCDP: Fukuoka Japan, 2012; 25-28.
14. Xie Q, Dynamic ID-based password authentication protocol with strong security against smart card lost attacks. In Wireless Communications and Applications. Springer, 2012; 412-418.
15. An Y, Yang H. Security enhancements of a remote user authentication scheme preserving user anonymity. International Journal of Multimedia and Ubiquitous Engineering. 2013; 8(1): 129-137.
16. Wu F, Xu L. Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. Journal of Medical Systems. 2013; 37(4): 1-9.
17. Xu L, Wu F. An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity. Security and Communication Networks. 2015; 8(2): 245-260.
18. Xu J, Zhu WT, Feng DG. An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces. 2009; 31(4): 723-728.
19. Sood SK, Sarje AK, Singh K, An improvement of Xu et al.'s authentication scheme using smart cards. In Proceedings of the Third Annual ACM Bangalore Conference. ACM New York: Bangalore, India, 2010; 1-5.
20. Song R. Advanced smart card based password authentication protocol. Computer Standards & Interfaces. 2010; 32(5): 321-325.
21. Chen BL, Kuo WC, Wuu LC. Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems. 2014; 27(2): 377-389.
22. Li X, Niu J, Khan MK, Liao J. An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications. 2013; 36(5): 1365-1371.
23. Li X, Ma J, Wang W, Xiong Y, Zhang J. A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling. 2013; 58(1): 85-95.
24. Kumari S, Khan MK. Cryptanalysis and improvement of 'a robust smart-card-based remote user password authentication scheme'. International Journal of Communication Systems. 2014; 27(12): 3939-3955.
25. Kumari S, Khan MK. More secure smart card-based remote user password authentication scheme with user anonymity. Security and Communication Networks. 2014; 7(11): 2039-2053.
26. Yang H, Zhang Y, Zhou Y, Fu X, Liu H, Vasilakos AV. Provably secure three-party authenticated key agreement protocol using smart cards. Computer Networks. 2014; 58(15): 29-38.
27. Islam SH. Design and analysis of an improved smartcard-based remote user password authentication scheme. International Journal of Communication Systems. 2014. DOI: 10.1002/dac.2793.
28. Islam SH. A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack. Wireless Personal Communications. 2014; 79(3): 1975-1991.
29. Islam SH, Khan MK. Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. Journal of medical systems. 2014; 38(10): 1-16.
30. Khan MK, Zhang J, An efficient and practical fingerprint-based remote user authentication scheme with smart cards. In Information Security Practice and Experience. Springer Berlin Heidelberg: Hangzhou, China, 2006; 260-268.
31. Li X, Niu JW, Ma J, Wang WD, Liu CL. Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications. 2011; 34(1): 73-79.
32. Li X, Niu J, Wang Z, Chen C. Applying biometrics to design three-factor remote user authentication scheme with key agreement. Security and Communication Networks. 2014; 7(10): 1488-1497.
33. Xu L, Wu F. Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. Journal of Medical Systems. 2015; 39(2): 1-9.
34. Wu F, Xu L, Kumari S, Li X. A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Computers & Electrical Engineering. 2015. DOI: 10.1016/j.compeleceng.2015.02.015.
35. Li X, Niu J, Liao J, Liang W. Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems. 2015; 28(2): 374-382.
36. Kocher P, Jaffe J, Jun B., Differential power analysis. In Advances in Cryptology-CRYPTO 99. Springer Berlin Heidelberg: Santa Barbara, California, USA, 1999; 388-397.
37. Messerges TS, Dabbish EA, Sloan RH. Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers. 2002; 51(5): 541-552.
38. Mangard S, Oswald E, Standaert FX. One for all-all for one: unifying standard differential power analysis attacks. IET Information Security. 2011; 5(2): 100-110.
39. Bellare M, Rogaway P, Random oracles are practical: a paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security. ACM New York: Fairfax, Virginia, USA, 1993; 62-73.
40. Bresson E, Chevassut O, Pointcheval D, Security proofs for an efficient password-based key exchange. In Proceedings of the 10th ACM Conference on Computer and Communications Security. ACM New York: Washington, DC, USA, 2003; 241-250.
41. Dolev D, Yao AC. On the security of public key protocols. IEEE Transactions on Information Theory. 1983; 29(2): 198-208.
42. Online demo for ProVerif. http://proverif.rocq.inria.fr/index.php [Accessed on 15 February 2015].
43. Ferguson N, Schneier B, Kohno T. Cryptography Engineering: Design Principles and Practical Applications. John Wiley & Sons, 2012.