A Secure and Efficient Multi-Factor Mutual Certificateless Authentication with Key Agreement Protocol for Mobile Client-Server Environment on ECC without the third-party

Authentication with key agreement (AKA) protocols are implemented to provide identity authentication and session keys for communication entities. In order to reduce the heavy trust reliance on key generator center (KGC) in identity based AKA protocols, a certificateless based AKA (CLAKA) protocol for client-server environment without the third-party (i.e., KGC) is introduced in this paper. The proposed protocol is constructed based on elliptic curve cryptosystem (ECC) and multi-factor protections (such as password, biometrics, and smart card). Moreover, security proof based on BAN-logic is carried out and shows that our protocol can provide mutual authentication, user anonymity, dynamic identity and perfect forward security, and resist to user impersonation attack, server spoofing attack and privileged insider attack. Meanwhile, security and efficiency analysis shows that our proposed protocol outperforms the previous related ones.

[1]  Muhammad Khurram Khan,et al.  An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[2]  Zhong Chen,et al.  Efficient three-party authenticated key agreement protocol in certificateless cryptography , 2011, Int. J. Comput. Math..

[3]  Wei-Bin Lee,et al.  A novel deniable authentication protocol using generalized ElGamal signature scheme , 2007, Inf. Sci..

[4]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[5]  Chin-Chen Chang,et al.  Yet another attack on a QR-based password authentication system , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[6]  Rosario Gennaro,et al.  Making the Diffie-Hellman Protocol Identity-Based , 2010, CT-RSA.

[7]  Sahadeo Padhye,et al.  An efficient certificateless two-party authenticated key agreement protocol , 2012, Comput. Math. Appl..

[8]  Jia-Lun Tsai,et al.  New dynamic ID authentication scheme using smart cards , 2010, Int. J. Commun. Syst..

[9]  Liqun Chen,et al.  Identity-based key agreement protocols from pairings , 2017, International Journal of Information Security.

[10]  Jian Ren An identity-based single-sign-on scheme for computer networks , 2009, Secur. Commun. Networks.

[11]  Han-Yu Lin,et al.  Fast Remote User Authentication Scheme with Smart Card Based on Quadratic Residue , 2011, J. Digit. Inf. Manag..

[12]  Xiong Li,et al.  A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks , 2015, Comput. Electr. Eng..

[13]  Fan Wu,et al.  Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care , 2015, Journal of Medical Systems.

[14]  Liling Cao,et al.  Analysis and improvement of a multi-factor biometric authentication scheme , 2015, Secur. Commun. Networks.

[15]  Sk Hafizul Islam,et al.  An improved pairing-free identity-based authenticated key agreement protocol based on ECC , 2012 .

[16]  Qiaoyan Wen,et al.  A novel pairing-free certificateless authenticated key agreement protocol with provable security , 2013, Frontiers of Computer Science.

[17]  G. P. Biswas,et al.  Comments on ID-Based Client Authentication with Key Agreement Protocol on ECC for Mobile Client-Server Environment , 2011, ACC.

[18]  Wei-Kuan Shih,et al.  Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data , 2013, IET Inf. Secur..

[19]  Qiaoyan Wen,et al.  A strongly secure identity-based authenticated key agreement protocol without pairings under the GDH assumption , 2015, Secur. Commun. Networks.

[20]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[21]  Meng-bo Hou,et al.  Secure certificateless-based authenticated key agreement protocol in the client-server setting , 2009, 2009 IEEE International Symposium on IT in Medicine & Education.

[22]  Muhammad Khurram Khan,et al.  More efficient key-hash based fingerprint remote authentication scheme using mobile device , 2014, Computing.