A Simple and Efficient Key Exchange Scheme Against the Smart Card Loss Problem

In a ubiquitous computing environment, a person can use various intelligent devices to obtain his desired services at any time and any place. For convenience, most of these devices are small and of limited power and computation capacity. Therefore, an admired scheme should take these into consideration. In 2006, Lin et al. proposed a lightweight authentication scheme only using one-way hash function. However, their scheme is vulnerable to the several security threats. It is the germination of our idea. In this paper, we only require one-way hash function, exclusive OR operation, a smart card, and a memorial password to construct a simple and efficient key exchange scheme to withstand the most known security threats. We also take several merits into our scheme. First, the friendliness and fairness of a user are considered. The user can freely select her/his identity and password for registration and employ the used identity to register repeatedly when the smart card has lost. Second, a user does not need to worry about the damage of the smart card loss problem even if the content of the smart card has been extracted. Our scheme can take care hard security threats and efficient at the same time. Since our scheme does not require any symmetric and asymmetric cryptosystems, the communication and computation cost is very low. Therefore, our scheme is suitable to be applied in ubiquitous computing environments.

[1]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[2]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[3]  Chien-Ming Chen,et al.  Cryptanalysis of a Variant of Peyravian-Zunic's Password Authentication Scheme , 2003 .

[4]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[5]  Chun-Li Lin,et al.  Impersonation Attack on Two-Gene-Relation Password Authentication Protocol (2GR) , 2006, IEICE Trans. Commun..

[6]  Mohammad Peyravian,et al.  Secure remote user access over insecure networks , 2006, Comput. Commun..

[7]  Hans Eberle,et al.  A High-Speed DES Implementation for Network Applications , 1992, CRYPTO.

[8]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[9]  H. C. Tsai,et al.  Stolen-Verifier Attack on an Efficient Smartcard-Based One-Time Password Authentication Scheme , 2004 .

[10]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[11]  Jiann-Fu Lin,et al.  An efficient and complete remote user authentication scheme using smart cards , 2006, Math. Comput. Model..

[12]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[13]  Ernest F. Brickell,et al.  Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[14]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[15]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[16]  Hung-Yu Chien,et al.  Note on Robust and Simple Authentication Protocol , 2005, Comput. J..

[17]  Antoine Joux,et al.  Collisions of SHA-0 and Reduced SHA-1 , 2005, EUROCRYPT.

[18]  Wen-Shenq Juang Efficient User Authentication and Key Agreement in Ubiquitous Computing , 2006, ICCSA.

[19]  David Taniar,et al.  Computational Science and Its Applications - ICCSA 2006, International Conference, Glasgow, UK, May 8-11, 2006, Proceedings, Part I , 2006, ICCSA.

[20]  Min-Shiang Hwang,et al.  A new strong-password authentication scheme using one-way hash functions , 2006 .

[21]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[22]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[23]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[24]  Yen-Cheng Chen,et al.  An efficient nonce-based authentication scheme with key agreement , 2005, Appl. Math. Comput..

[25]  Frederic P. Miller,et al.  Advanced Encryption Standard , 2009 .

[26]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[27]  Bruce Schneier One-way hash functions , 1991 .

[28]  Hussein M. Abdel-Wahab,et al.  A simple XOR-based technique for distributing group key in secure multicasting , 2000, Proceedings ISCC 2000. Fifth IEEE Symposium on Computers and Communications.

[29]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[30]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[31]  Wei-Chi Ku,et al.  Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[32]  Jianmin Wang,et al.  Efficient remote mutual authentication and key agreement , 2006, Comput. Secur..

[33]  Levente Buttyán,et al.  A simple logic for authentication protocol design , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[34]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[35]  C. Lei,et al.  Efficient blind signature scheme based on quadratic residues , 1996 .

[36]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[37]  Wen-Sheng Jaung Efficient three-party key exchange using smart cards , 2004, IEEE Transactions on Consumer Electronics.