Provably secure and efficient identification and key agreement protocol with user anonymity

Many authentication and key agreement protocols were proposed for protecting communicated messages. In previous protocols, if the user@?s identity is transmitted in plaintext, an adversary can tap the communications and employ it to launch some attacks. In most protocols with user anonymity, they focus on satisfaction of several security requirements. From a client@?s point of view, those protocols are not admired since the cost of storage, computation and communication is high. In pervasive computing, a client usually uses a limited-resource device to access multiple servers. The storage and computation are very important issues especially in this kind of environments. Also, for a convenience of designing protocol, most protocols use timestamps to prevent the replay attack. As we know, the serious time synchronization problem exists in timestamp-based protocols. Finally, most protocols do not have formal proofs for the security. In this paper, we propose a secure and efficient identification and key agreement protocol with user anonymity based on the difficulty of cracking the elliptic curve Diffie-Hellman assumption. In addition, we also propose an augmented protocol for providing the explicit mutual authentication. Compared with the related protocols, the proposed protocols@? computation cost is lower and the key length is shorter. Therefore, our protocols are suitable even for applications in low power computing environments. Finally, we formally prove the security of the proposed protocols by employing the random oracle model.

[1]  Wen-Shenq Juang Efficient User Authentication and Key Agreement in Ubiquitous Computing , 2006, ICCSA.

[2]  Rajendra S. Katti,et al.  A Secure Identification and Key agreement protocol with user Anonymity (SIKA) , 2006, Comput. Secur..

[3]  Dong Hoon Lee,et al.  EC2C-PAKA: An efficient client-to-client password-authenticated key agreement , 2007, Inf. Sci..

[4]  Hilarie K. Orman,et al.  Fast Key Exchange with Elliptic Curve Systems , 1995, CRYPTO.

[5]  Dongho Won,et al.  Security weakness in a three-party pairing-based protocol for password authenticated key exchange , 2007, Inf. Sci..

[6]  Nevenko Zunic,et al.  Methods for Protecting Password Transmission , 2000, Comput. Secur..

[7]  Chien-Chih Wang,et al.  Authenticated multiple key exchange protocols based on elliptic curves and bilinear pairings , 2008, Comput. Electr. Eng..

[8]  Robert H. Deng,et al.  Privacy Protection for Transactions of Digital Goods , 2001, ICICS.

[9]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[10]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[11]  Seog Chung Seo,et al.  A New Security Protocol Based on Elliptic Curve Cryptosystems for Securing Wireless Sensor Networks , 2006, EUC Workshops.

[12]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[13]  Robert H. Deng,et al.  New efficient user identification and key distribution scheme providing enhanced security , 2004, Comput. Secur..

[14]  Rolf Oppliger,et al.  SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle , 2006, Comput. Commun..

[15]  Chien-Lung Hsu,et al.  Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks , 2004, Comput. Secur..

[16]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[17]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.