An Enhanced Anonymous Password-based Authenticated Key Agreement Scheme with Formal Proof

With the development of technology, the security of password-based authentication is becoming more and more significant. Recently, Lee et al. proposed an anonymous password-based authenticated key agreement scheme with non-temper resistant smart card to reduce the computation cost of Wang et al.’s scheme. However, based on analysis, it shows that the scheme can’t withstand smart card stolen or lost attack, user impersonation attack and server impersonation attack. Therefore, an enhanced scheme which can resist the attacks mentioned above is presented. By comparing the performance and security with other related schemes, our proposed scheme is more suitable for practical applications.

[1]  Cheng-Chi Lee,et al.  A Robust Remote User Authentication Scheme against Smart Card Security Breach , 2011, DBSec.

[2]  Sandeep K. Sood,et al.  Secure Dynamic Identity-Based Authentication Scheme Using Smart Cards , 2011, Inf. Secur. J. A Glob. Perspect..

[3]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[4]  Qi Xie Dynamic ID-Based Password Authentication Protocol with Strong Security against Smart Card Lost Attacks , 2011 .

[5]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[6]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[7]  Peng Wu,et al.  Secure password-based remote user authentication scheme with non-tamper resistant smart cards , 2012, IACR Cryptol. ePrint Arch..

[8]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[9]  Yalin Chen,et al.  Improvements on two password-based authentication protocols , 2009, IACR Cryptol. ePrint Arch..

[10]  Xiong Li,et al.  A new authenticated key agreement scheme based on smart cards providing user anonymity with formal proof , 2015, Secur. Commun. Networks.

[11]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[12]  J. B. Hayfron-Acquah,et al.  Cloud computing login authentication redesign , 2014 .

[13]  Nuril Anwar,et al.  Forensic SIM Card Cloning Using Authentication Algorithm , 2016 .

[14]  Tae Hyun Kim,et al.  Side channel analysis attacks using AM demodulation on commercial smart cards with SEED , 2012, J. Syst. Softw..

[15]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[16]  Christof Paar,et al.  Side-Channel Analysis of Cryptographic RFIDs with Analog Demodulation , 2011, RFIDSec.

[17]  Andrey Bogdanov,et al.  Beyond the Limits of DPA: Combined Side-Channel Collision Attacks , 2012, IEEE Transactions on Computers.

[18]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[19]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[20]  Hyun-Sung Kim,et al.  Anonymous Password-based Authenticated Key Agreement Scheme with Non-tamper Resistant Smart Cards , 2015 .

[21]  Min Gyo Chung,et al.  More secure remote user authentication scheme , 2009, Comput. Commun..