Two-Factor Remote Authentication Protocol with User Anonymity Based on Elliptic Curve Cryptography
Tóm tắt
In order to provide secure remote access control, a robust and efficient authentication protocol should realize mutual authentication and session key agreement between clients and the remote server over public channels. Recently, Chun-Ta Li proposed a password authentication and user anonymity protocol by using smart cards, and they claimed that their protocol has satisfied all criteria required by remote authentication. However, we have found that his protocol cannot provide mutual authentication between clients and the remote server. To realize ‘real’ mutual authentication, we propose a two-factor remote authentication protocol based on elliptic curve cryptography in this paper, which not only satisfies the criteria but also bears low computational cost. Detailed analysis shows our proposed protocol is secure and more suitable for practical application.
Tài liệu tham khảo
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Peyravian, M., & Zunic, N. (2006). Methods for protecting password transmission. Computers & Security, 19(2006), 466–469.
Peyravian, M., & Jeffries, C. (2006). Secure remote user access over insecure networks. Computer Communications, 29(5), 660–6673.
Chang, C.-C., Lee, C.-Y., & Chiu, Y.-C. (2009). Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications, 32(4), 611–618.
Rhee, H. S., Kwon, J. O., & Lee, D. H. (2009). A remote user authentication scheme without using smartcards. Computer Standards & Interfaces, 31(1), 6–13.
Juang, W.-S., & Nien, W.-K. (2008). Efficient password authenticated key agreement using bilinear pairings’. Mathematical and Computer Modelling, 47(2008), 1238–1245.
Liu, J.-Y., Zhou, A.-M., & Gao, M.-X. (2008). A new mutual authentication scheme based on nonce and smart cards. Computer Communications, 31(10), 2205–2209.
Wang, X. M., Zhang, W. F., Zhang, J. S., & Khan, M. K. (2007). Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Stander & Interface, 29, 507–512.
Wang, Y., Liu, J., Xiao, F., & Dan, J. (2009). A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications, 32(4), 583–585.
Chen, T.-H., Hsiang, H.-C., & Shih, W.-K. (2011). Security enhancement on an improvement on two remote user authenticaiton schemes using smartcards. Future Generation Computer Systems, 27(2011), 377–380.
Khan, M. K., Kim, S.-K., & Alghathbar, K. (2011). Cryptanalysis and security enhancement of a ‘more efficent & secure dynamic ID-based remte user authencitaion scheme’. Computer Communications, 34(2011), 305–309.
Zhang, L., Tang, S., & Cai, Z. (2013). Efficient and flexible password authenticated key agreement for VoIP session initiation protocol using smart card. International Journal of communication systems. doi:10.1002/dac.2499.
Fan, C.-I., & Lin, Y.-H. (2009). Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Transations on Information Forensics and Security, 4(4), 933–945.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis’. In Proceedings of advances in cryptology, CRYPTO’99 (pp. 388–397).
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Wang, R.-C., Juang, W.-S., & Lei, C.-L. (2011). Robust authtication and key agreement scheme preserving the privacy of secret key. Computer Communications, 34(2011), 274–280.
Li, C.-T. (2012). A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inforamtion Security. doi:10.1049/ie-ifs.2012.0058.
Islam, S. H., & Biswas, G. P. (2013). Design of improved password authentication and update scheme based on elliptic curve cryptography. Mathematical and Computer Modelling, 57(11–12), 2703–2717.
Koblitz, N., Menezes, A., & Vanstone, S. (2000). The state of elliptic curve cryptography’. Designs, Codes and Cryptography, 19(2), 173–193.
Gong, L., Needham, R., & Yahalom, R. (1990). Reasoning about belif in cryptographic protcocols. In Proceedings of the 1990 IEEE computer society symposium research in security and privacy (pp. 234–246).
Scott, M., Costigan, N., & Abdulwahab, W. (2006). Implementing cryptographic pairings on smartcards. In Proceedings of the eighth workshop on cryptographic hardware and embedded systems. Yokohama, Japan (pp. 134–147).
Lee, J., & Chang, C. (2007). Secure communications for cluster-based ad hoc networks using node identities. Journal of Network and Computer Applications, 30(4), 1377–1396.
Li, C., Hwang, M., & Chung, Y. (2008). A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Computer Communication, 31, 2803–2814.