Novel Anonymous Authentication Scheme Using Smart Cards

Smart card based authentication scheme has been widely utilized for various transaction-oriented services such as electronic currency exchange, social insurance payment and e-commerce payment charge in modern society. How to develop a smart card based authentication scheme to support initiator untraceability and defend against major security threats for a transaction service user has become a crucial topic for researchers. Recent efforts for developing anonymous authentication scheme with smart card have failed to provide initiator untraceability for user or been vulnerable to some security attacks. This paper first presents a security model for anonymous authentication and then proposes a new anonymous authentication scheme using smart card. Security robustness of the proposed scheme is constructed by one-way hash function and elliptic curve cryptosystem. Our security analysis shows that the proposed scheme achieves general security requirement and offers initiator untraceability for user without requiring database support. Performance analysis on communication overhead and computation cost shows that the proposed scheme has better or similar efficiency in comparison with other existing smart card based authentication schemes.

[1]  Bin Wang,et al.  A Server Independent Authentication Scheme for RFID Systems , 2012, IEEE Transactions on Industrial Informatics.

[2]  Chin-Chen Chang,et al.  A Secure Single Sign-On Mechanism for Distributed Computer Networks , 2012, IEEE Transactions on Industrial Electronics.

[3]  Fatos Xhafa,et al.  JXTA-Overlay: A P2P Platform for Distributed, Collaborative, and Ubiquitous Computing , 2011, IEEE Transactions on Industrial Electronics.

[4]  Fatos Xhafa,et al.  JXTA-OVERLAY : A P 2 P Platform for Distributed , Collaborative and Ubiquitous Computing , 2010 .

[5]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[6]  Jianhua Li,et al.  Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2010, IEEE Transactions on Industrial Electronics.

[7]  Alfred C. Weaver,et al.  Distributing Internet services to the network's edge , 2003, IEEE Trans. Ind. Electron..

[8]  Jiankun Hu,et al.  A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment , 2011, Secur. Commun. Networks.

[9]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[10]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[11]  Qi Xie,et al.  Security Analysis of a Single Sign-On Mechanism for Distributed Computer Networks , 2013, IEEE Transactions on Industrial Informatics.

[12]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[13]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[14]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[15]  Wei-Bin Lee,et al.  A Secure Authentication Scheme with Anonymity for Wireless Communications , 2008, IEEE Commun. Lett..

[16]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[17]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[18]  Vitaly Shmatikov,et al.  Information Hiding, Anonymity and Privacy: a Modular Approach , 2004, J. Comput. Secur..

[19]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[20]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[21]  Alfredo Pironti,et al.  Formal Vulnerability Analysis of a Security System for Remote Fieldbus Access , 2011, IEEE Transactions on Industrial Informatics.

[22]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[23]  Jia-Lun Tsai,et al.  Secure Delegation-Based Authentication Protocol for Wireless Roaming Service , 2012, IEEE Communications Letters.

[24]  Jia-Lun Tsai WEAKNESSES AND IMPROVEMENT OF HSU-CHUANG'S USER IDENTIFICATION SCHEME , 2015 .

[25]  Wen-Shenq Juang,et al.  Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2008, IEEE Transactions on Industrial Electronics.

[26]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[27]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[28]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[29]  Du-Ming Tsai,et al.  Mean Shift-Based Defect Detection in Multicrystalline Solar Wafer Surfaces , 2011, IEEE Transactions on Industrial Informatics.

[30]  Jizhou Sun,et al.  Improvements of Juang 's Password-Authenticated Key Agreement Scheme Using Smart Cards , 2009, IEEE Transactions on Industrial Electronics.