论文信息 - A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications

A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications

In 2012, Li and Lee (C. T. Li and C. C. Lee, “A novel user authentication and privacy preserving scheme with smart cards for wireless communications,” Mathematical and Computer Modelling, vol. 55, nos. 1–2, pp. 35–44, 2012) proposed a novel user authentication and privacy preserving scheme with smart cards for wireless communications. However, in this paper, we show that Li-Lee’s scheme is vulnerable to three security weaknesses: (1) Li-Lee’s scheme fails to achieve strong authentication in login and authentication phases, (2) Li-Lee’s scheme fails to update the user’s password correctly in the password change phase, and (3) Li-Lee’s scheme fails strongly to protect replay attacks. In order to remedy those security flaws in Li-Lee’s scheme, we propose a secure and effective user authentication and privacy preserving scheme with smart cards for wireless communications. We show that our scheme is secure against various known types of attacks, such as user anonymity, perfect forward security, strong replay attack, impersonation and off-line password guessing attacks and parallel session attack, which makes our scheme more secure and practical for mobile wireless networking. Moreover, our scheme works without password table, provides correct password change locally by the mobile user, non-repudiation, user friendliness, fairness in key agreement, and session keys establishment between the mobile user and the foreign agent, between the mobile user and the home agent, and between the foreign agent and the home agent. Further, through the simulation results using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool we show that our improved scheme is secure against passive and active attacks.

Ashok Kumar Das | A. Das

[1] Chun Chen,et al. A strong user authentication scheme with smart cards for wireless communications , 2011, Comput. Commun..

[2] Cheng-Chi Lee,et al. A novel user authentication and privacy preserving scheme with smart cards for wireless communications , 2012, Math. Comput. Model..

[3] Christophe De Cannière,et al. KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[4] Chin-Chen Chang,et al. Enhanced authentication scheme with anonymity for roaming service in global mobility networks , 2009, Comput. Commun..

[5] Jianfeng Ma,et al. A new authentication scheme with anonymity for wireless environments , 2004, IEEE Trans. Consumer Electron..

[6] Cheng-Chi Lee,et al. Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[7] María Naya-Plasencia,et al. Quark: A Lightweight Hash , 2010, CHES.

[8] William Stallings,et al. Cryptography and Network Security: Principles and Practice , 1998 .

[9] Ashok Kumar Das,et al. Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[10] Andrey Bogdanov,et al. PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[11] Ashok Kumar Das,et al. A dynamic password-based user authentication scheme for hierarchical wireless sensor networks , 2012, J. Netw. Comput. Appl..