Comments on "Provably Secure Dynamic Id-Based Anonymous Two-Factor Authenticated Key Exchange Protocol With Extended Security Model"

Authenticated key exchange (AKE) protocol allows a user and a server to authenticate each other and generate a session key for the subsequent communications. With the rapid development of low-power and highly-efficient networks, such as pervasive and mobile computing network in recent years, many efficient AKE protocols have been proposed to achieve user privacy and authentication in the communications. Besides secure session key establishment, those AKE protocols offer some other useful functionalities, such as two-factor user authentication and mutual authentication. However, most of them have one or more weaknesses, such as vulnerability against lost-smart-card attack, offline dictionary attack, de-synchronization attack, or the lack of forward secrecy, and user anonymity or untraceability. Furthermore, an AKE scheme under the public key infrastructure may not be suitable for light-weight computational devices, and the security model of AKE does not capture user anonymity and resist lost-smart-card attack. In this paper, we propose a novel dynamic ID-based anonymous two-factor AKE protocol, which addresses all the above issues. Our protocol also supports smart card revocation and password update without centralized storage. Further, we extend the security model of AKE to support user anonymity and resist lost-smart-card attack, and the proposed scheme is provably secure in extended security model. The low-computational and bandwidth cost indicates that our protocol can be deployed for pervasive computing applications and mobile communications in practice.

[1]  Debiao He,et al.  Improvement on a Smart Card Based Password Authentication Scheme , 2012 .

[2]  Bin Wang,et al.  A Server Independent Authentication Scheme for RFID Systems , 2012, IEEE Transactions on Industrial Informatics.

[3]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[4]  Muhammad Khurram Khan,et al.  An Improved Remote User Authentication Scheme Using Elliptic Curve Cryptography , 2017, Wirel. Pers. Commun..

[5]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[6]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[7]  Ping Wang,et al.  Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity , 2015, Inf. Sci..

[8]  Jianhua Li,et al.  Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2010, IEEE Transactions on Industrial Electronics.

[9]  Yang Xiao,et al.  A survey of anonymity in wireless communication systems , 2009, Secur. Commun. Networks.

[10]  R. C. Mittal,et al.  Dynamic ID-based remote user password authentication schemes using smart cards: A review , 2012, J. Netw. Comput. Appl..

[11]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[12]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[13]  Ching-Hsiang Chang,et al.  A Robust and Efficient Smart Card Oriented Remote User Authentication Protocol , 2011, 2011 Seventh International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[14]  Gerhard P. Hancke,et al.  Industrial Wireless Sensor Networks: Challenges, Design Principles, and Technical Approaches , 2009, IEEE Transactions on Industrial Electronics.

[15]  Xuelei Li,et al.  An improved dynamic ID-based remote user authentication with key agreement scheme , 2012, Comput. Electr. Eng..

[16]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[17]  Emmanuel Bresson,et al.  Security proofs for an efficient password-based key exchange , 2003, CCS '03.

[18]  Chin-Chen Chang,et al.  A Secure Single Sign-On Mechanism for Distributed Computer Networks , 2012, IEEE Transactions on Industrial Electronics.

[19]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[20]  Jizhou Sun,et al.  Improvements of Juang 's Password-Authenticated Key Agreement Scheme Using Smart Cards , 2009, IEEE Transactions on Industrial Electronics.

[21]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[22]  Benjamin Fabian,et al.  SHARDIS: A Privacy-Enhanced Discovery Service for RFID-Based Product Information , 2012, IEEE Transactions on Industrial Informatics.

[23]  Wen-Shenq Juang,et al.  Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2008, IEEE Transactions on Industrial Electronics.

[24]  Vanga Odelu,et al.  An Effective and Robust Secure Remote User Authenticated Key Agreement Scheme Using Smart Cards in Wireless Communication Systems , 2015, Wirel. Pers. Commun..

[25]  Marc Witteman,et al.  Advances in Smartcard Security , 2002 .

[26]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[27]  Bidi Ying,et al.  Anonymous and Lightweight Authentication for Secure Vehicular Networks , 2017, IEEE Transactions on Vehicular Technology.

[28]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[29]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[30]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[31]  Debiao He,et al.  Cryptanalysis of a Dynamic ID-Based Remote User Authentication Scheme with Access Control for Multi-Server Environments , 2013, IEICE Trans. Inf. Syst..

[32]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[33]  Shehzad Ashraf Chaudhry A secure biometric based multi-server authentication scheme for social multimedia networks , 2016, Multimedia Tools and Applications.

[34]  Qi Xie,et al.  Improvement of a security enhanced one-time two-factor authentication and key agreement scheme , 2012, Sci. Iran..

[35]  Muhammad Khurram Khan,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015, Secur. Commun. Networks.

[36]  Muhammad Sher,et al.  A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme , 2017, Multimedia Tools and Applications.

[37]  Fatos Xhafa,et al.  JXTA-Overlay: A P2P Platform for Distributed, Collaborative, and Ubiquitous Computing , 2011, IEEE Transactions on Industrial Electronics.

[38]  Yuqing Zhang,et al.  A simple and robust anonymous two-factor authenticated key exchange protocol , 2013, Secur. Commun. Networks.

[39]  Dan Wu,et al.  A Node-to-Node Location Verification Method , 2010, IEEE Transactions on Industrial Electronics.

[40]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[41]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[42]  Yu-Jung Huang,et al.  Efficient Implementation of RFID Mutual Authentication Protocol , 2012, IEEE Transactions on Industrial Electronics.

[43]  Qi Xie,et al.  Security Analysis of a Single Sign-On Mechanism for Distributed Computer Networks , 2013, IEEE Transactions on Industrial Informatics.