Security Analysis of ECC Based Authentication Protocols

In this work we consider two elliptic curve cryptography based authentication protocols for performing cryptanalysis and security enhancement. The first one by Moosavi et al., is a mutual authentication scheme for RFID implant systems. We perform a cryptanalysis on this protocol and observe that it is prone to the clogging attack, a kind of denial of service (DoS) attack. We then suggest an improvement on the protocol to prevent the clogging attack. The other protocol we consider for analysis is by Xu et al. This is a smart card based authentication protocol. We again perform the clogging (DoS) attack on this protocol via replay. We observe that all smart card based authentication protocols which precede the one by Xu et al., and require the server to compute the computationally intensive elliptic curve techniques are prone to the clogging attack. We suggest an alternative improvement on the protocol to prevent the clogging attack, which also applies to the protocol by Moosavi et al.

[1]  Chien-Lung Hsu,et al.  A Secure Non-interactive Deniable Authentication Protocol with Certificates Based on Elliptic Curve Cryptography , 2015, New Trends in Intelligent Information and Database Systems.

[2]  Mahmoud Ahmadian-Attari,et al.  A Pairing-free ID-based Key Agreement Protocol with Different PKGs , 2014, Int. J. Netw. Secur..

[3]  Swapnoneel Roy,et al.  On vulnerability analysis of several password authentication protocols , 2015, Innovations in Systems and Software Engineering.

[4]  Ethiopia Nigussie,et al.  An Elliptic Curve-based Mutual Authentication Scheme for RFID Implant Systems , 2014, ANT/SEIT.

[5]  Fatma Kahri,et al.  Implementation of elliptic curve digital signature algorithm (ECDSA) , 2014, 2014 Global Summit on Computer & Information Technology (GSCIT).

[6]  Fan Wu,et al.  An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity , 2015, Secur. Commun. Networks.

[7]  Wei-Kuan Shih,et al.  Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography , 2014, Comput. Stand. Interfaces.

[8]  Chin-Chen Chang,et al.  A Pairing-free ID-based Key Agreement Protocol with Different PKGs , 2014 .

[9]  Hilarie K. Orman,et al.  The OAKLEY Key Determination Protocol , 1997, RFC.

[10]  Donghoon Lee,et al.  Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2014, Sensors.

[11]  Jing Chen,et al.  Two-Factor Remote Authentication Protocol with User Anonymity Based on Elliptic Curve Cryptography , 2014, Wireless Personal Communications.

[12]  Xiaojun Zhang,et al.  A Secure RFID Mutual Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[13]  Chun-Ta Li,et al.  A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card , 2013, IET Inf. Secur..