An enhanced ID-based remote mutual authentication with key agreement protocol for mobile devices on elliptic curve cryptosystem

Recently, Yoon et al. and Wu proposed two improved remote mutual authentication and key agreement scheme for mobile devices on elliptic curve cryptosystem. In this paper, we show that Yoon et al.’s protocol fails to provide explicit key perfect forward secrecy and fails to achieve explicit key confirmation. We also point out Wu’s scheme decreases efficiency by using the double secret keys and is vulnerable to the password guessing attack and the forgery attack. In order to overcome the drawback, we proposed and improved scheme. Through the comparison with other protocol, we believe that our improved scheme is more suitable for real-life applications.

[1]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[2]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[3]  P.E. Abi-Char,et al.  A Fast and Secure Elliptic Curve Based Authenticated Key Agreement Protocol For Low Power Mobile Communications , 2007, The 2007 International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST 2007).

[4]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[5]  Bin Zhao,et al.  IMBAS: Identity-based multi-user broadcast authentication in wireless sensor networks , 2008, Comput. Commun..

[6]  Zhi-Gang Chen,et al.  A Distributed Electronic Authentication Scheme Based on Elliptic Curve , 2007, 2007 International Conference on Machine Learning and Cybernetics.

[7]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[8]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[9]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[10]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[11]  Jin Wang,et al.  A Remote User Authentication Scheme Using Bilinear Pairings and ECC , 2006, Sixth International Conference on Intelligent Systems Design and Applications.

[12]  Bao Li,et al.  An Efficient Scheme for User Authentication in Wireless Sensor Networks , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[13]  S. Wu Practical remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, IACR Cryptol. ePrint Arch..

[14]  Duncan S. Wong,et al.  Analysis and improvement of an authenticated key exchange protocol for sensor networks , 2005, IEEE Communications Letters.

[15]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[16]  Shyi-Tsong Wu,et al.  ID-based remote authentication with smart cards on open distributed system from elliptic curve cryptography , 2005, 2005 IEEE International Conference on Electro Information Technology.

[17]  N. Koblitz Elliptic curve cryptosystems , 1987 .