Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card

Password authentication has been widely used in computer networks to provide secure remote access control. In this study, the authors show that the improved password authentication and update scheme based on elliptic curve cryptography proposed by Islam and Biswas is vulnerable to offline password guessing, stolen-verifier and insider attacks. We propose an advanced smart card-based password authentication and update scheme and extend the scheme to provide the privacy of the client. By comparing the criteria with other related schemes, our scheme not only solves several hard security threats but also satisfies more functionality features.

References

    1. 1)
      • 19. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: ‘Examining smart-card security under the threat of power analysis attacks’, IEEE Trans. Comput., 2002, 51, (5), pp. 541552 (doi: 10.1109/TC.2002.1004593).
    2. 2)
      • 21. Hankerson, D., Menezes, A., Vanstone, S.: ‘Guide to elliptic curve cryptography’ (Springer-Verlag, New York, USA, 2004).
    3. 3)
      • 23. National Institute of Standards and Technology: ‘US department of commerce, advanced encryption standard’ (US Federal Information Processing Standard Publication, 2001).
    4. 4)
      • 25. Li, C.T., Yang, C.C., Hwang, M.S.: ‘A secure routing protocol with node selfishness resistance in MANETs’, Int. J. Mob. Commun., 2012, 10, (1), pp. 103118 (doi: 10.1504/IJMC.2012.044525).
    5. 5)
      • 6. Lee, C.C., Li, L.H., Hwang, M.S.: ‘A remote user authentication scheme using hash functions’, ACM Oper. Syst. Rev., 2002, 36, (4), pp. 2329 (doi: 10.1145/583800.583803).
    6. 6)
      • 5. Hwang, J.J., Yeh, T.C.: ‘Improvement on Peyravian–unic's password authentication schemes’, IEICE Trans. Commun., 2002, E85-B, (4), pp. 823825.
    7. 7)
      • 13. Li, C.T.: ‘Secure smart card based password authentication scheme with user anonymity’, Inf. Technol. Control, 2011, 40, (2), pp. 157162.
    8. 8)
      • 11. Das, A.K.: ‘Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards’, IET Inf. Secur., 2011, 5, (3), pp. 145151 (doi: 10.1049/iet-ifs.2010.0125).
    9. 9)
      • 16. Wang, H., Zhang, Y., Xiong, H., Qin, B.: ‘Cryptanalysis and improvements of an anonymous multi-receiver identity-based encryption scheme’, IET Inf. Secur., 2012, 6, (1), pp. 2027 (doi: 10.1049/iet-ifs.2010.0252).
    10. 10)
      • 17. Kocher, P., Jaffe, J., Jun, B.: ‘Differential power analysis’. Proc. Advances in Cryptology, 1999, pp. 388397.
    11. 11)
      • 20. Islam, S.H., Biswas, G.P.: ‘Design of improved password authentication and update scheme based on elliptic curve cryptography’, Math. Comput. Model., 2012, in press.
    12. 12)
      • 8. Peyravian, M., Zunic, N.: ‘Methods for protecting password transmission’, Comput. Secur., 2000, 19, (5), pp. 466469 (doi: 10.1016/S0167-4048(00)05032-X).
    13. 13)
      • 14. Song, R.: ‘Advanced smart card based password authentication’, Comput. Stand. Interfaces, 2010, 32, (5–6), pp. 321325 (doi: 10.1016/j.csi.2010.03.008).
    14. 14)
      • 15. Wang, R.C., Juang, W.S., Lei, C.L.: ‘Robust authentication and key agreement scheme preserving the privacy of secret key’, Comput. Commun., 2011, 34, (3), pp. 274280 (doi: 10.1016/j.comcom.2010.04.005).
    15. 15)
      • 24. Li, C.T., Hwang, M.S.: ‘A lightweight anonymous routing protocol without public key en/decryptions for wireless ad hoc networks’, Inf. Sci., 2011, 181, (23), pp. 53335347 (doi: 10.1016/j.ins.2011.07.014).
    16. 16)
      • 7. Lin, C.L., Hwang, T.: ‘A password authentication scheme with secure password updating’, Comput. Secur., 2003, 22, (1), pp. 6872 (doi: 10.1016/S0167-4048(03)00114-7).
    17. 17)
      • 9. Peyravian, M., Jeffries, C.: ‘Secure remote user access over insecure networks’, Comput. Commun., 2006, 29, (5), pp. 660667 (doi: 10.1016/j.comcom.2005.07.025).
    18. 18)
      • 22. National Institute of Standards and Technology: ‘US department of commerce, secure hash standard’ (US Federal Information Processing Standard Publication, 2002).
    19. 19)
      • 1. Li, C.T., Lee, C.C., Wang, L.J., Liu, C.J.: ‘A secure billing service with two-factor user authentication in wireless sensor networks’, Int. J. Innov. Comput., Inf. Control, 2011, 7, (8), pp. 48214831.
    20. 20)
      • 2. Li, C.T., Lee, C.C.: ‘A novel user authentication and privacy preserving scheme with smart cards for wireless communications’, Math. Comput. Model., 2012, 55, (1–2), pp. 3544 (doi: 10.1016/j.mcm.2011.01.010).
    21. 21)
      • 18. Manqard, S., Oswald, E., Standaert, F.X.: ‘One for all–all for one: unifying standard differential power analysis attacks’, IET Inf. Secur., 2011, 5, (2), pp. 100110 (doi: 10.1049/iet-ifs.2010.0096).
    22. 22)
      • 3. Li, C.T., Lee, C.C.: ‘A robust remote user authentication scheme using smart card’, Inf. Technol. Control, 2011, 40, (3), pp. 236245.
    23. 23)
      • 10. Chien, H.Y., Jan, J.K., Tseng, Y.M.: ‘An efficient and practical solution to remote authentication: smart card’, Comput. Secur., 2002, 21, (4), pp. 372375 (doi: 10.1016/S0167-4048(02)00415-7).
    24. 24)
      • 12. Hsu, C.L.: ‘Security of Chien et al.’s remote user authentication scheme using smart cards’, Comput. Stand. Interfaces, 2004, 26, (3), pp. 167169 (doi: 10.1016/S0920-5489(03)00094-1).
    25. 25)
      • 4. Lamport, L.: ‘Password authentication with insecure communication’, Commun. ACM, 1981, 24, (11), pp. 770772 (doi: 10.1145/358790.358797).
    26. 26)
      • C.T. Li , C.C. Lee , L.J. Wang , C.J. Liu . A secure billing service with two-factor user authentication in wireless sensor networks. Int. J. Innov. Comput., Inf. Control , 8 , 4821 - 4831
    27. 27)
    28. 28)
    29. 29)
      • J.J. Hwang , T.C. Yeh . Improvement on Peyravian–unic's password authentication schemes. IEICE Trans. Commun. , 4 , 823 - 825
    30. 30)
    31. 31)
    32. 32)
    33. 33)
    34. 34)
      • (2001) National Institute of Standards and Technology: US department of commerce, advanced encryption standard.
    35. 35)
      • D. Hankerson , A. Menezes , S. Vanstone . (2004) Guide to elliptic curve cryptography.
    36. 36)
    37. 37)
      • Kocher, P., Jaffe, J., Jun, B.: `Differential power analysis', Proc. Advances in Cryptology, 1999, p. 388–397.
    38. 38)
    39. 39)
      • C.T. Li . Secure smart card based password authentication scheme with user anonymity. Inf. Technol. Control , 2 , 157 - 162
    40. 40)
    41. 41)
      • S.H. Islam , G.P. Biswas . Design of improved password authentication and update scheme based on elliptic curve cryptography. Math. Comput. Model.
    42. 42)
    43. 43)
    44. 44)
      • (2002) National Institute of Standards and Technology: US department of commerce, secure hash standard.
    45. 45)
    46. 46)
    47. 47)
    48. 48)
      • C.T. Li , C.C. Lee . A robust remote user authentication scheme using smart card. Inf. Technol. Control , 3 , 236 - 245
    49. 49)
    50. 50)
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2012.0058
Loading

Related content

content/journals/10.1049/iet-ifs.2012.0058
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address