Efficient User Authentication and Key Agreement in Ubiquitous Computing

In ubiquitous computing, many computers serve each person at any time and any place. These computers could be thin servers and only have low computation and communication capacity. In this paper, we propose a novel user authentication and key agreement scheme suitable for ubiquitous computing environments. The main merits include: (1) there are many security domains which have their own security controllers, and each security domain can be formed dynamically; (2) a user only has to register in a security controller once, and can use all permitted services in this environment; (3) a user can freely choose his own password to protect his secret token; (4) the computation and communication cost is very low; (5) servers and users can authenticate each other; (6) it generates a session key agreed by the server and the user; (7) our proposed scheme is a nonce-based scheme which does not have a serious time-synchronization problem.

[1]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[2]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[3]  Adi Shamir,et al.  Factoring Estimates for a 1024-Bit RSA Modulus , 2003, ASIACRYPT.

[4]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[5]  G. Borriello,et al.  Key challenges in communication for ubiquitous computing , 2002, IEEE Communications Magazine.

[6]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[7]  Peter Sweeney,et al.  Simple authenticated key agreement algorithm , 1999 .

[8]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[9]  Taekyoung Kwon,et al.  Security analysis and improvement of the efficient password-based authentication protocol , 2005, IEEE Communications Letters.

[10]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[11]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[12]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[13]  Wen-Shenq Juang A Simple and Efficient Conference Scheme for Mobile Communications , 2005, WISA.

[14]  Paul F. Syverson,et al.  A taxonomy of replay attacks [cryptographic protocols] , 1994, Proceedings The Computer Security Foundations Workshop VII.

[15]  Chun-Li Lin,et al.  Provably secure authenticated key exchange protocols for low power computing clients , 2006, Comput. Secur..

[16]  Min-Shiang Hwang,et al.  Cryptanalysis of Simple Authenticated Key Agreement Protocols , 2004 .

[17]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[18]  Manoj Kumar,et al.  New remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[19]  Tzonelih Hwang,et al.  Reparable key distribution protocols for Internet environments , 1995, IEEE Trans. Commun..

[20]  Paul Syverson,et al.  A Taxonomy of Replay Attacks , 1994 .

[21]  Mark Weiser,et al.  Some computer science issues in ubiquitous computing , 1993, CACM.

[22]  Mark Weiser,et al.  Some Computer Science Problems in Ubiquitous Computing , 1993 .

[23]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[24]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[25]  Bruce Schneier One-way hash functions , 1991 .

[26]  Chou Chen Yang,et al.  Cryptanalysis of a user friendly remote authentication scheme with smart cards , 2004, Comput. Secur..