An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks

SUMMARY In this paper, we cryptanalyze Rhee et al.'s ‘Remote user authentication scheme without using smart cards’, and prove that their scheme is not completely secure against user impersonation attack. The security flaw is caused by mathematical homomorphism of the registration information. In addition, their scheme lacks key agreement procedures for generating the session key to encrypt the communication messages after mutual authentication. Furthermore, a modification is proposed to improve the security, practicability and robustness of such scheme. Firstly, we introduce elliptic curve cryptosystem to enhance the security. Secondly, in order to improve the practicability, our improvement is much more easily implemented using portable devices in global mobility networks; moreover, a synchronized clock system, traditional password table or ancillary equipment are not required in our improvement. Finally, the proposed scheme not only achieves mutual authentication, but also provides the procedure for key agreement and update of secrets for users and servers to increase the robustness. Copyright © 2013 John Wiley & Sons, Ltd.

[1]  Diarmid Marshall,et al.  User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking , 2011, Comput. Secur..

[2]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[3]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[4]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[5]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[6]  Lih-Chyau Wuu,et al.  Robust smart‐card‐based remote user password authentication scheme , 2014, Int. J. Commun. Syst..

[7]  Qiaoyan Wen,et al.  An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network , 2012, Comput. Commun..

[8]  Baptiste Hemery,et al.  Unconstrained keystroke dynamics authentication with shared secret , 2011, Comput. Secur..

[9]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[10]  Wei-Kuan Shih,et al.  An Advanced ECC ID-Based Remote Mutual Authentication Scheme for Mobile Devices , 2010, 2010 7th International Conference on Ubiquitous Intelligence & Computing and 7th International Conference on Autonomic & Trusted Computing.

[11]  Yu-Fang Chung,et al.  ID-based digital signature scheme on the elliptic curve cryptosystem , 2007, Comput. Stand. Interfaces.

[12]  Dong Hoon Lee,et al.  A remote user authentication scheme without using smart cards , 2009, Comput. Stand. Interfaces.

[13]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[14]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[15]  Shyi-Tsong Wu,et al.  ID-based remote authentication with smart cards on open distributed system from elliptic curve cryptography , 2005, 2005 IEEE International Conference on Electro Information Technology.

[16]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[17]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[18]  Kazuhiro Yokoyama,et al.  Elliptic curve cryptosystem , 2000 .

[19]  Zuowen Tan,et al.  Security Analysis of Two Password Authentication Schemes , 2009, 2009 Eighth International Conference on Mobile Business.

[20]  Yuefei Zhu,et al.  A novel lightweight authentication scheme with anonymity for roaming service in global mobility networks , 2011, Int. J. Netw. Manag..

[21]  Chun Chen,et al.  Lightweight and provably secure user authentication with anonymity for the global mobility network , 2011, Int. J. Commun. Syst..

[22]  Jenq-Shiou Leu,et al.  Exploiting hash functions to intensify the remote user authentication scheme , 2012, Comput. Secur..

[23]  Weijun Zhang,et al.  A novel key agreement protocol based on bilinear pairing , 2010, 2010 3rd International Conference on Biomedical Engineering and Informatics.

[24]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[25]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..