A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card
- Author(s): Chun-Ta Li 1
-
-
View affiliations
-
Affiliations:
1:
Department of Information Management, Tainan University of Technology, 529 Zhongzheng Road, Tainan City 71002, Taiwan
-
Affiliations:
1:
Department of Information Management, Tainan University of Technology, 529 Zhongzheng Road, Tainan City 71002, Taiwan
- Source:
Volume 7, Issue 1,
March 2013,
p.
3 – 10
DOI: 10.1049/iet-ifs.2012.0058 , Print ISSN 1751-8709, Online ISSN 1751-8717
Password authentication has been widely used in computer networks to provide secure remote access control. In this study, the authors show that the improved password authentication and update scheme based on elliptic curve cryptography proposed by Islam and Biswas is vulnerable to offline password guessing, stolen-verifier and insider attacks. We propose an advanced smart card-based password authentication and update scheme and extend the scheme to provide the privacy of the client. By comparing the criteria with other related schemes, our scheme not only solves several hard security threats but also satisfies more functionality features.
Inspec keywords: data privacy; computer network security; authorisation; public key cryptography
Other keywords:
smart card;
Subjects: Cryptography; Data security
References
-
-
1)
-
19. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: ‘Examining smart-card security under the threat of power analysis attacks’, IEEE Trans. Comput., 2002, 51, (5), pp. 541–552 (doi: 10.1109/TC.2002.1004593).
-
-
2)
-
21. Hankerson, D., Menezes, A., Vanstone, S.: ‘Guide to elliptic curve cryptography’ (Springer-Verlag, New York, USA, 2004).
-
-
3)
-
23. National Institute of Standards and Technology: ‘US department of commerce, advanced encryption standard’ (US Federal Information Processing Standard Publication, 2001).
-
-
4)
-
25. Li, C.T., Yang, C.C., Hwang, M.S.: ‘A secure routing protocol with node selfishness resistance in MANETs’, Int. J. Mob. Commun., 2012, 10, (1), pp. 103–118 (doi: 10.1504/IJMC.2012.044525).
-
-
5)
-
6. Lee, C.C., Li, L.H., Hwang, M.S.: ‘A remote user authentication scheme using hash functions’, ACM Oper. Syst. Rev., 2002, 36, (4), pp. 23–29 (doi: 10.1145/583800.583803).
-
-
6)
-
5. Hwang, J.J., Yeh, T.C.: ‘Improvement on Peyravian–unic's password authentication schemes’, IEICE Trans. Commun., 2002, E85-B, (4), pp. 823–825.
-
-
7)
-
13. Li, C.T.: ‘Secure smart card based password authentication scheme with user anonymity’, Inf. Technol. Control, 2011, 40, (2), pp. 157–162.
-
-
8)
-
11. Das, A.K.: ‘Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards’, IET Inf. Secur., 2011, 5, (3), pp. 145–151 (doi: 10.1049/iet-ifs.2010.0125).
-
-
9)
-
16. Wang, H., Zhang, Y., Xiong, H., Qin, B.: ‘Cryptanalysis and improvements of an anonymous multi-receiver identity-based encryption scheme’, IET Inf. Secur., 2012, 6, (1), pp. 20–27 (doi: 10.1049/iet-ifs.2010.0252).
-
-
10)
-
17. Kocher, P., Jaffe, J., Jun, B.: ‘Differential power analysis’. Proc. Advances in Cryptology, 1999, pp. 388–397.
-
-
11)
-
20. Islam, S.H., Biswas, G.P.: ‘Design of improved password authentication and update scheme based on elliptic curve cryptography’, Math. Comput. Model., 2012, in press.
-
-
12)
-
8. Peyravian, M., Zunic, N.: ‘Methods for protecting password transmission’, Comput. Secur., 2000, 19, (5), pp. 466–469 (doi: 10.1016/S0167-4048(00)05032-X).
-
-
13)
-
14. Song, R.: ‘Advanced smart card based password authentication’, Comput. Stand. Interfaces, 2010, 32, (5–6), pp. 321–325 (doi: 10.1016/j.csi.2010.03.008).
-
-
14)
-
15. Wang, R.C., Juang, W.S., Lei, C.L.: ‘Robust authentication and key agreement scheme preserving the privacy of secret key’, Comput. Commun., 2011, 34, (3), pp. 274–280 (doi: 10.1016/j.comcom.2010.04.005).
-
-
15)
-
24. Li, C.T., Hwang, M.S.: ‘A lightweight anonymous routing protocol without public key en/decryptions for wireless ad hoc networks’, Inf. Sci., 2011, 181, (23), pp. 5333–5347 (doi: 10.1016/j.ins.2011.07.014).
-
-
16)
-
7. Lin, C.L., Hwang, T.: ‘A password authentication scheme with secure password updating’, Comput. Secur., 2003, 22, (1), pp. 68–72 (doi: 10.1016/S0167-4048(03)00114-7).
-
-
17)
-
9. Peyravian, M., Jeffries, C.: ‘Secure remote user access over insecure networks’, Comput. Commun., 2006, 29, (5), pp. 660–667 (doi: 10.1016/j.comcom.2005.07.025).
-
-
18)
-
22. National Institute of Standards and Technology: ‘US department of commerce, secure hash standard’ (US Federal Information Processing Standard Publication, 2002).
-
-
19)
-
1. Li, C.T., Lee, C.C., Wang, L.J., Liu, C.J.: ‘A secure billing service with two-factor user authentication in wireless sensor networks’, Int. J. Innov. Comput., Inf. Control, 2011, 7, (8), pp. 4821–4831.
-
-
20)
-
2. Li, C.T., Lee, C.C.: ‘A novel user authentication and privacy preserving scheme with smart cards for wireless communications’, Math. Comput. Model., 2012, 55, (1–2), pp. 35–44 (doi: 10.1016/j.mcm.2011.01.010).
-
-
21)
-
18. Manqard, S., Oswald, E., Standaert, F.X.: ‘One for all–all for one: unifying standard differential power analysis attacks’, IET Inf. Secur., 2011, 5, (2), pp. 100–110 (doi: 10.1049/iet-ifs.2010.0096).
-
-
22)
-
3. Li, C.T., Lee, C.C.: ‘A robust remote user authentication scheme using smart card’, Inf. Technol. Control, 2011, 40, (3), pp. 236–245.
-
-
23)
-
10. Chien, H.Y., Jan, J.K., Tseng, Y.M.: ‘An efficient and practical solution to remote authentication: smart card’, Comput. Secur., 2002, 21, (4), pp. 372–375 (doi: 10.1016/S0167-4048(02)00415-7).
-
-
24)
-
12. Hsu, C.L.: ‘Security of Chien et al.’s remote user authentication scheme using smart cards’, Comput. Stand. Interfaces, 2004, 26, (3), pp. 167–169 (doi: 10.1016/S0920-5489(03)00094-1).
-
-
25)
-
4. Lamport, L.: ‘Password authentication with insecure communication’, Commun. ACM, 1981, 24, (11), pp. 770–772 (doi: 10.1145/358790.358797).
-
-
26)
- C.T. Li , C.C. Lee , L.J. Wang , C.J. Liu . A secure billing service with two-factor user authentication in wireless sensor networks. Int. J. Innov. Comput., Inf. Control , 8 , 4821 - 4831
-
27)
- C.L. Lin , T. Hwang . A password authentication scheme with secure password updating. Comput. Secur. , 1 , 68 - 72
-
28)
- T. Messerges , E. Dabbish , R. Sloan . Examining smart card security under the threat of power analysis attacks. IEEE Trans. Comp. , 5 , 541 - 552
-
29)
- J.J. Hwang , T.C. Yeh . Improvement on Peyravian–unic's password authentication schemes. IEICE Trans. Commun. , 4 , 823 - 825
-
30)
- C.T. Li , C.C. Yang , M.S. Hwang . A secure routing protocol with node selfishness resistance in MANETs. Int. J. Mob. Commun. , 1 , 103 - 118
-
31)
- R. Song . Advanced smart card based password authentication. Comput. Stand. Interfaces , 321 - 325
-
32)
- S. Manqard , E. Oswald , F.X. Standaert . One for all–all for one: unifying standard differential power analysis attacks. IET Inf. Secur. , 2 , 100 - 110
-
33)
- M. Peyravian , C. Jeffries . Secure remote user access over insecure networks. Comput. Commun. , 5 , 660 - 667
-
34)
- (2001) National Institute of Standards and Technology: US department of commerce, advanced encryption standard.
-
35)
- D. Hankerson , A. Menezes , S. Vanstone . (2004) Guide to elliptic curve cryptography.
-
36)
- C.L. Hsu . Security of Chien et al.. Comput. Stand. Interfaces , 3 , 167 - 169
-
37)
- Kocher, P., Jaffe, J., Jun, B.: `Differential power analysis', Proc. Advances in Cryptology, 1999, p. 388–397.
-
38)
- C.C. Lee , L.H. Li , M.S. Hwang . A remote user authentication scheme using hash functions. ACM Oper. Syst. Rev. , 4 , 23 - 29
-
39)
- C.T. Li . Secure smart card based password authentication scheme with user anonymity. Inf. Technol. Control , 2 , 157 - 162
-
40)
- H.Y. Chien , J.K. Jan , Y.M. Tseng . An efficient and practical solution to remote authentication: smart card. Comput. Secur. , 4 , 372 - 375
-
41)
- S.H. Islam , G.P. Biswas . Design of improved password authentication and update scheme based on elliptic curve cryptography. Math. Comput. Model.
-
42)
- M. Peyravian , N. Zunic . Methods for protecting password transmission. Comput. Secur. , 5 , 466 - 469
-
43)
- C.T. Li , M.S. Hwang . A lightweight anonymous routing protocol without public key en/decryptions for wireless ad hoc networks. Inf. Sci. , 23 , 5333 - 5347
-
44)
- (2002) National Institute of Standards and Technology: US department of commerce, secure hash standard.
-
45)
- R.C. Wang , W.S. Juang , C.L. Lei . Robust authentication and key agreement scheme preserving the privacy of secret key. Comput. Commun. , 3 , 274 - 280
-
46)
- H. Wang , Y. Zhang , H. Xiong , B. Qin . Cryptanalysis and improvements of an anonymous multi-receiver identity-based encryption scheme. IET Inf. Secur. , 1 , 20 - 27
-
47)
- L. Lamport . Password authentication with insecure communication. Commun. ACM , 770 - 772
-
48)
- C.T. Li , C.C. Lee . A robust remote user authentication scheme using smart card. Inf. Technol. Control , 3 , 236 - 245
-
49)
- C.T. Li , C.C. Lee . A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Math. Comput. Model. , 35 - 44
-
50)
- A.K. Das . Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. , 3 , 145 - 151
-
1)