A Remote User Authentication Scheme with Anonymity for Mobile Devices

With the rapid growth of information technologies, mobile devices have been utilized in a variety of services such as e-commerce. When a remote server provides such e-commerce services to a user, it must verify the legitimacy of the user over an insecure communication channel. Therefore, remote user authentication has been widely deployed to verify the legitimacy of remote user login requests using mobile devices like smart cards. In this paper we propose a smart card-based authentication scheme that provides both user anonymity and mutual authentication between a remote server and a user. The proposed authentication scheme is a simple and efficient system applicable to the limited resource and low computing performance of the smart card. The proposed scheme provides not only resilience to potential attacks in the smart card-based authentication scheme, but also secure authentication functions. A smart card performs a simple one-way hash function, the operations of exclusive-or and concatenation in the authentication phase of the proposed scheme. The proposed scheme also provides user anonymity using a dynamic identity and key agreement, and secure password change.

[1]  Ami Marowka,et al.  Routing Scalability in Multicore-Based Ad Hoc Networks , 2009, Informatica.

[2]  Chin-Chen Chang,et al.  A smart-card-based remote authentication scheme , 2005, Second International Conference on Embedded Software and Systems (ICESS'05).

[3]  Wuu Yang,et al.  A bilateral remote user authentication scheme that preserves user anonymity , 2008, Secur. Commun. Networks.

[4]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[5]  Ching-Te Wang,et al.  An Exquisite Mutual Authentication Scheme with Key Agreement Using Smart Card , 2009, Informatica.

[6]  Min-Shiang Hwang,et al.  A new strong-password authentication scheme using one-way hash functions , 2006 .

[7]  Cheng-Chi Lee,et al.  Security enhancement for a dynamic ID-based remote user authentication scheme , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[8]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[9]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[10]  C. Bindu,et al.  Improved Remote User Authentication Scheme Preserving User Anonymity , 2008 .

[11]  Kee-Young Yoo,et al.  Comment on "A remote user authentication scheme using smart cards with forward secrecy , 2004, IEEE Trans. Consumer Electron..

[12]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[13]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[14]  Hung-Yu Chien,et al.  A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[15]  Tzonelih Hwang,et al.  Non-interactive password authentications without password tables , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.

[16]  M. Mambo,et al.  Proxy Signatures: Delegation of the Power to Sign Messages (Special Section on Information Theory and Its Applications) , 1996 .