Security analysis and design of an efficient ECC-based two-factor password authentication scheme

Client-server-based communications provide a facility by which users can get several services from home via the Internet. As the Internet is an insecure channel, it is needed to protect information of communicators. An authentication scheme can fulfill the aforementioned requirements. Recently, Huang et al. presented an elliptic curve cryptosystem-based password authentication scheme. This work has demonstrated that the scheme of Huang et al. has security weakness against the forgery attack. In addition, this paper also presented that the scheme of Huang et al. has some design drawbacks. Therefore, this paper has focused on excluding the security vulnerabilities of the scheme of Huang et al. by proposing an elliptic curve cryptosystem-based password authentication scheme using smart card. The security of our scheme is based on the hardness assumption of the one-way hash functions and elliptic curve discrete logarithm problem. Furthermore, we have demonstrated that our scheme is secured against known attacks. The performance of our scheme is also nearly equal when compared to related competing schemes. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[2]  Muhammad Khurram Khan,et al.  An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems , 2017, Int. J. Commun. Syst..

[3]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[4]  MaJianfeng,et al.  Improvement of robust smart-card-based password authentication scheme , 2015 .

[5]  Mohammad S. Obaidat,et al.  Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System , 2015, Journal of Medical Systems.

[6]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[7]  Sourav Mukhopadhyay,et al.  A secure password-based authentication and key agreement scheme using smart cards , 2015, J. Inf. Secur. Appl..

[8]  Juan Qu,et al.  Two-Factor User Authentication with Key Agreement Scheme Based on Elliptic Curve Cryptosystem , 2014, J. Electr. Comput. Eng..

[9]  Robert H. Deng,et al.  Variations of Diffie-Hellman Problem , 2003, ICICS.

[10]  Liping Zhang,et al.  Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems , 2015, Journal of Medical Systems.

[11]  Zhenguo Zhao,et al.  A Secure RFID Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptosystem , 2014, Journal of Medical Systems.

[12]  Chih-Ming Hsiao,et al.  A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol , 2014, Ad Hoc Networks.

[13]  Tanmoy Maitra,et al.  An Efficient Biometric and Password-Based Remote User Authentication using Smart Card for Telecare Medical Information Systems in Multi-Server Environment , 2014, Journal of Medical Systems.

[14]  Sabrina De Capitani di Vimercati,et al.  Guest Editorial: Special Issue on Computer and Communications Security , 2008, TSEC.

[15]  Wei Liang,et al.  Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update , 2015, Int. J. Commun. Syst..

[16]  Tanmoy Maitra Cryptanalysis of A Secure Remote User Authentication Scheme Using Smart Cards , 2015, ArXiv.

[17]  Jianfeng Ma,et al.  Improvement of robust smart‐card‐based password authentication scheme , 2015, Int. J. Commun. Syst..

[18]  Naveen K. Chilamkurti,et al.  Lightweight ECC Based RFID Authentication Integrated with an ID Verifier Transfer Protocol , 2014, Journal of Medical Systems.

[19]  Xiong Li,et al.  An enhanced smart card based remote user password authentication scheme , 2013, J. Netw. Comput. Appl..

[20]  Tanmoy Maitra,et al.  An Efficient and Robust User Authentication Scheme for Hierarchical Wireless Sensor Networks without Tamper-Proof Smart Card , 2016, Int. J. Netw. Secur..

[21]  Xiong Li,et al.  Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems , 2015, Journal of Medical Systems.

[22]  Xiong Li,et al.  Robust three-factor remote user authentication scheme with key agreement for multimedia systems , 2016, Secur. Commun. Networks.

[23]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[24]  Srivaths Ravi,et al.  A study of the energy consumption characteristics of cryptographic algorithms and security protocols , 2006, IEEE Transactions on Mobile Computing.

[25]  Sourav Mukhopadhyay,et al.  Design of a lightweight two-factor authentication scheme with smart card revocation , 2015, J. Inf. Secur. Appl..

[26]  Lih-Chyau Wuu,et al.  Robust smart‐card‐based remote user password authentication scheme , 2014, Int. J. Commun. Syst..

[27]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[28]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[29]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[30]  Moti Yung,et al.  Systematic Design of Two-Party Authentication Protocols , 1991, CRYPTO.

[31]  Fahad Bin Muhaya,et al.  An Efficient Remote User Authentication with Key Agreement Scheme Using Elliptic Curve Cryptography , 2015, Wirel. Pers. Commun..

[32]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[33]  Muhammad Khurram Khan,et al.  An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[34]  Muhammad Khurram Khan,et al.  Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’ , 2014, Int. J. Commun. Syst..

[35]  Ya-Fen Chang,et al.  Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update , 2014, Int. J. Commun. Syst..

[36]  Peng Gong,et al.  On the security of a dynamic identity-based remote user authentication scheme with verifiable password update , 2015, Int. J. Commun. Syst..

[37]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[38]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[39]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).