An improved ID - based client authentication with key agreement scheme on ECC for mobile client - server environments

• Autorzy: Islam S. K. H. , Biswas G. P.
• Języki publikacji: EN

Abstrakty

EN

In wireless mobile networks, a client can move between different locations while staying connected to the network and access the remote server over the mobile networks by using their mobile devices at anytime and anywhere. However, the wireless network is more prone to some security attacks, as it does not have the ingrained physical security like wired networks. Thus, the client authentication is required while accessing the remote server through wireless network. Based on elliptic curve cryptosystem (ECC) and identity-based cryptography (IBC), Debiao et al. proposed an ID-based client authentication with key agreement scheme to reduce the computation and communication loads on the mobile devices. The scheme is suitable for mobile client-server environments, is secure against different attacks and provides mutual authentication with session key agreement between a client and the remote server as they claimed. Unfortunately, this paper demonstrates that Debiao et al.' scheme is vulnerable some cryptographic attacks, and proposed an improved ID-based client authentication with key agreement scheme using ECC. The proposed scheme is secure based on Elliptic Curve Discrete Logarithm Problem (ECDLP) and Computational Diffie- Helmann Problem (CDHP). The detail analysis shows that our scheme overcomes the drawbacks of Debiao et al.'s scheme and achieves more functionality for the client authentication with lesser computational cost than other schemes.

Słowa kluczowe

EN

Elliptic curve cryptography; identity-based cryptosystem; mutual authentication; session key; users' anonymity; client-server environment

• Wydawca: Instytut Informatyki Teoretycznej i Stosowanej Polskiej Akademii Nauk
• Czasopismo: Theoretical and Applied Informatics
• Rocznik: 2012
• Tom: Vol. 24, No. 4
• Strony: 293--312
• Opis fizyczny: Bibliogr. 29 poz., tab.

Twórcy

autor

Islam S. K. H.

autor

Biswas G. P.

• Department of Computer Science and Engineering, Indian School of Mines, Dhanbad-826004, Jharkhand, India,

Bibliografia

• 1. T. ElGamal: A public key cryptosystem and a signature protocol based on discrete logarithms,IEEE Transactions on Information Theory 31, 1985, 469-472.
• 2. R.L. Rivest, A. Shamir, L. Adleman: A method for obtaining digital signatures and public key cryptosystems, Communications of the ACM 21, 1978, 120-126.
• 3. V.S. Miller: Use of elliptic curves in cryptography, In: Proceeding of the Advances in Cryptology – Crypto’85, Springer-Verlag, New York, USA, 1985, pp. 417-426.
• 4. N. Koblitz: Elliptic curve cryptosystem, Mathematics of Computation 48, 1987, 203-209.
• 5. J.H. Yang, C.C. Chang: An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem, Computers & Security 28, 2011, 138-143.
• 6. P.E. Abichar, A. Mhamed, B. Elhassan: A fast and secure elliptic curve based authenticated key agreement scheme for low power mobile communications, In: Proceedings of the 2007 International Conference on Next Generation Mobile Applications, Services and Technologies, 2007, pp. 235-240.
• 7. Z. Jia, Y. Zhang, H. Shao, Y. Lin, J. Wang: A remote user authentication scheme using bilinear pairings and ECC, In: Proceedings of the Sixth International Conference on Intelligent System Design and Applications (ISDA), Jinan, China, 2006, pp. 1091-1094.
• 8. S.T.Wu, J.H. Chiu, B.C. Chieu: ID-based remote authentication with smartcards on open distributed system from elliptic curve cryptography, In: Proceedings of IEEE International Conference on Electro Information Technology, Lincoln, Nebraska, USA, May 22-25, 2005, pp. 5-9.
• 9. E. Yoon, K. Yoo: Robust ID-based remote mutual authentication with key agreement protocol for mobile devices on ECC, In: Proceedings of the International Conference on Computational Science and Engineering, Vancouver, Canada, 2009, pp. 633-640.
• 10. T.H. Chen, Y.C. Chen, W.K. Shih: An Advanced ECC ID-Based remote mutual authentication scheme for mobile devices, In: Proceedings of the Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing, Xian, Shaanxi, China, 2010, pp. 116-120.
• 11. S.H. Islam, G.P. Biswas: A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem, The Journal of Systems and Software 84, 2011, 1892-1898.
• 12. S.H. Islam, G.P. Biswas: Design of improved password authentication and update scheme based on elliptic curve cryptography, Mathematical and Computer Modelling. http://dx.doi.org/10.1016/j.mcm.2011.07.001.
• 13. T-H. Chen, Y-C. Chen, W-K. Shih, H-W.Wei: An efficient anonymous authentication protocol for mobile pay-TV. Journal of Network and Computer Applications 34(4), 1131-1137, 2011.
• 14. H. Debiao, C. Jianhua, H. Jin: An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security, Information Fusion, 2011, <doi:10.1016/j.inffus.2011.01.001>.
• 15. A.K. Das, P. Sharma, S. Chatterjee, J.K. Sing: A dynamic password-based user authentication scheme for hierarchical wireless sensor networks, Journal of Network and Computer Applications. (In Press).
• 16. A. Shamir: Identity-based cryptosystems and signature schemes, In: Proceeding of the Advances in Cryptology – Crypto’84, Springer-Verlag, New York, USA, 1984, pp. 47-53.
• 17. D. Boneh, M. Franklin: Identity-based encryption from the Weil pairing, SIAM Journal of Computing 32, 2003, 586-615.
• 18. M.L. Das, A. Saxena, V. P. Gulati, D.B. Phatak: A novel remote client authentication protocol using bilinear pairings, Computers & Security 25, 2006, 184-189.
• 19. M.L. Das, A. Saxena, V. P. Gulati: A dynamic ID-based remote user authentication scheme, IEEE Transactions on Consumer Electronics 50, 2004, 629-631.
• 20. J.S. Chou, Y. Chen, J.Y. Lin: Improvement of Das et al.’s remote user authentication scheme, <http://eprint.iacr.org/2005/450.pdf>.
• 21. T. Goriparthi, M.L. Das, A. Saxena: An improved bilinear pairing based remote user authentication scheme, Computer Standards & Interfaces 31, 2009, 181-185.
• 22. Y.M. Tseng, T.Y.Wu, J.D.Wu: A pairing-based client authentication protocol for wireless clients with smartcards, Informatica 19, 2008, 285-302.
• 23. Y.Y. Wang, J.Y. Kiu, F.X. Xiao, J. Dan: A more efficient and secure dynamic ID-based remote user authentication scheme, Computer Communications 32, 2009, 583-585.
• 24. M.K. Khan: Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’, Computer Communications 34, 2011, 305-309.
• 25. S.H. Islam, G.P. Biswas: Comments on ID-Based Client Authentication with Key Agreement Protocol on ECC for Mobile Client-Server Environment, First International Conference on Advances in Computing and Communications (ACC 2011), part II, CCIS, Springer-Verlag, Berlin Heidelberg, vol. 191, 2011, pp. 628-635.
• 26. R. Canetti, H. Krawczyk: Analysis of key exchange protocols and their use for building secure channels, In: Proceeding of the Advances in Cryptology – Eurocrypt’01, LNCS, Springer-Verlag, Berlin Heidelberg, vol. 2045, 2001, pp. 451-472.
• 27. Z. Cheng, M. Nistazakis, R. Comley, L. Vasiu: On the indistinguishability-based security model of key agreement protocols – simple cases, <http://eprint.iacr.org/2005/129 >.
• 28. L. Gong: A security risk of depending on synchronized clocks, ACM Operating System Review 26, 1992, 49-53.
• 29. S. H. Islam, G. P. Biswas: An improved remote login scheme based on ECC, In: Proceedings of the International Conference on Recent Trends in Information Technology, 2011, pp. 1221-1226.