Reconsidering a lightweight anonymous authentication protocol

ABSTRACT In the cryptographic community, many efforts have been expended to build secure authentication protocols without using heavy asymmetric encryption. However, many of these efforts were ineffectual because many of them were found insecure due to low robustness to different types of attacks. This paper identifies a particular type of an attacker model that will never allow a secure lightweight authentication protocol. We demonstrate this finding by breaking a recently proposed protocol that is fixed from two insecure protocols. Then, we present the arguments for the impossibility of the existence of such a protocol while a secure protocol can appear only in an augmented version of this attacker model.

[1]  Morteza Nikooghadam,et al.  A lightweight authentication and key agreement protocol preserving user anonymity , 2017, Multimedia Tools and Applications.

[2]  Duncan S. Wong,et al.  Cryptanalysis and security enhancement of a robust two‐factor authentication and key agreement protocol , 2016, Int. J. Commun. Syst..

[3]  Han-Yu Lin,et al.  Improved chaotic maps-based password-authenticated key agreement using smart cards , 2015, Commun. Nonlinear Sci. Numer. Simul..

[4]  Jianfeng Ma,et al.  Improvement of robust smart‐card‐based password authentication scheme , 2015, Int. J. Commun. Syst..

[5]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[6]  Ping Wang,et al.  Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity , 2015, Inf. Sci..

[7]  Muhammad Sher,et al.  An improved and provably secure privacy preserving authentication protocol for SIP , 2017, Peer-to-Peer Netw. Appl..

[8]  Chen Chien-Ming,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols(Regular Section) , 2002 .

[9]  Jeng-Shyang Pan,et al.  A Provable Secure Private Data Delegation Scheme for Mountaineering Events in Emergency System , 2017, IEEE Access.

[10]  Xiong Li,et al.  An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement , 2014, Secur. Commun. Networks.

[11]  Lixiang Li,et al.  Robust anonymous two-factor authenticated key exchange scheme for mobile client-server environment , 2016, Secur. Commun. Networks.

[12]  Ya-Fen Chang,et al.  Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update , 2014, Int. J. Commun. Syst..

[13]  Chien-Ming Chen,et al.  A secure authentication scheme for Internet of Things , 2017, Pervasive Mob. Comput..

[14]  Wei Guo,et al.  A Practical Privacy-Preserving Data Aggregation (3PDA) Scheme for Smart Grid , 2019, IEEE Transactions on Industrial Informatics.

[15]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[16]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[17]  Kuo-Hui Yeh A lightweight authentication scheme with user untraceability , 2015, Frontiers of Information Technology & Electronic Engineering.

[18]  Muhammad Khurram Khan,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015, Secur. Commun. Networks.