An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme

Qu, Juan; Zou, Li-min

doi:https://doi.org/10.1155/2013/786587

Journal of Electrical and Computer Engineering

On this page

Abstract Introduction Preliminaries Conclusions References Copyright Related Articles

Research Article | Open Access

Volume 2013 | Article ID 786587 | https://doi.org/10.1155/2013/786587

An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme

Juan Qu¹and Li-min Zou¹

Academic Editor: Dharma Agrawal

Received08 May 2013

Revised26 Aug 2013

Accepted30 Aug 2013

Published26 Sept 2013

Abstract

In recent years, several dynamic ID-based remote user authentication schemes have been proposed. In 2012, Wen and Li proposed a dynamic ID-based remote user authentication with key agreement scheme. They claimed that their scheme can resist impersonation attack and insider attack and provide anonymity for the users. However, we will show that Wen and Li's scheme cannot withstand insider attack and forward secrecy, does not provide anonymity for the users, and inefficiency for error password login. In this paper, we propose a novel ECC-based remote user authentication scheme which is immune to various known types of attack and is more secure and practical for mobile clients.

1. Introduction

Smart card authentication is that the most commonly used authentication method that legal users can access the resources provided by remote servers. Due to its simplicity and convenience, it is used in many areas such as E-banks or remote host login. Over the past few years, considerable authentication protocols [1–7] have been proposed. However, most of these schemes are based on static ID and have some flaws such as server spoofing attack, insider attack, and impersonation attack. Based on previous research, an ideal password authentication scheme should achieve the following goals. First, the server should not maintain any verifier table and the user can choose and change his/her password freely. Second, the remote user authentication scheme should meet all the security requirements and achieve all the goals. Third, the remote user authentication scheme has low communication and computation cost. In 2004, Das et al. [8] presented a dynamic ID-based remote user authentication scheme using smart cards. They pointed out that their scheme does not maintain any verifier table and can resist the replay attack, forgery attacks, guessing attacks, and insider attacks. However, in 2009, Wang et al. [9] pointed out that Das et al.’s scheme does not achieve mutual authentication and could not resist impersonation attack. Then, Wang et al. proposed an enhanced password authentication scheme which keeps the merits of Das et al.’s scheme. After that, Tsai et al. [10] showed that Wang et al.’s scheme cannot achieve user anonymity since both and its dynamic are presented in the login message. In the following, Tsai et al. demonstrate that Wang et al.’s scheme is also vulnerable to the impersonation attack. In the same year, Yeh et al. [11] showed that Wang et al.’s scheme is insecure against replay attack, user impersonation attack, server counterfeit attack, man-in-the-middle attack, and password guessing attacks. And they propose an enhanced protocol to overcome all identified security flaws. In 2011, Khan et al. [12] showed that Wang et al.’s scheme does not provide anonymity of a user during authentication is vulnerable to insider attack and stolen smart card attack, and does not provide session key agreement and its user has no choice in choosing his password. And they cover all the flaws of Wang et al.’s scheme and propose an enhanced authentication scheme. In 2012, Madhusudhan and Mittal [13] presented six of the currently available dynamic ID-based remote user authentication schemes; none of these schemes meet all the security requirements. In 2012, Wen and Li [14] analyzed Wang et al.’s scheme and pointed out that their scheme is vulnerable to impersonation attack; only through intercepting and modifying the messages transmitted in the public networks, the adversary could impersonate the legal user to login the server. Moreover, an insider user who has registered in the remote server can reveal some secret information of the server and the other user. Later, Wen et al. proposed an improved scheme, which can resist impersonation attack, avoiding partial information leakage and providing anonymity for the users.

1.1. Our Contributions

In this paper, we research Wen and Li’s scheme and show that their scheme cannot withstand insider attack and forward secrecy, and, though eavesdropping the user’s login request message in the public networks, the user can be traced out. Furthermore, a secure dynamic-ID remote user authentication scheme has been proposed in this paper using ECC. The proposed scheme is immune to various known types of attack and is more secure and practical for mobile clients. The remainder of this paper is organized as follows. We give a brief review of Wen and Li’s scheme in Section 2. In Section 3, the security flaws of Wen and Li’s scheme are presented. In Section 4, we propose an enhanced authentication protocol. In Section 5, we make security analysis and performance analysis. Finally, we give some conclusions in Section 6.

2. Review of Wen and Li’s Scheme

In this section, we briefly review Wen and Li’s scheme [14], which is composed of seven phases: registration phase, login phase, authentication phase and key exchange phase, mutual authentication, and key confirmation phase.

2.1. Registration Phase

(1)When a user wants to register in the remote server, he/she sends his/her chosen , , to the remote server via a secret channel.(2) computes , where is the user’s number and is a one-way hash function. The unique number is kept by to check the validity of the smart card, but the server does not need to keep the or password tables. Then computes , = , where is the server’s secret number kept by itself in private.(3) personalizes the smart card with the following parameters .(4) sends the smart card to via a secret channel.

2.2. Login Phase

When a user wants to login , then inserts his/her smart card in the terminal and keys and . The smart card computes , , , and forwards the login request message to the server .

2.3. Authentication and Key Exchange Phase

Upon receiving the login request message , performs the following steps.(1)Check if the time interval , where is the current timestamp; if it holds and is in the registered list, continues the next step.(2) computes , , , and checks whether the equation holds.(3)If so, computes , and the session key , and key confirmation message .(4) sends the message .

2.4. Mutual Authentication and Key Confirmation Phase

When received at time , performs the following steps.(1)Check whether is valid.(2)If the time interval is valid, computes and verifies that the following equation holds: .(3) computes , and then check if the equation holds. If it holds, computes .(4) sends the message to the server .(5) verifies whether or not. If the equation holds, the scheme is over.

3. Flaws of Wen and Li’s Scheme

In this section, we will demonstrate that Wen and Li’s scheme is vulnerable to insider attack, does not provide the user’s anonymity, and is inefficient in error password login and when the private key of the server is compromised, the adversary can obtain all the previous session keys between the user and the server .

3.1. User Anonymity

Wen and Li claimed that their scheme provides the property of the user’s anonymity. However, we found that the user’s anonymity of Wen and Li’s scheme cannot be protected from an eavesdropping attack in the login phase. The attacker can eavesdrop the user ’s login request message between the user and the server from the public channel; both and in the login request message are kept the same until the user’s password is updated. In other words, a malicious attacker is capable of tracing out the user according to and which is in the ’s login request message. Therefore, Wen and Li’s scheme fails in providing the privacy and anonymity of during the login phase.

3.2. Insider Attack

Insider attack is that the user’s password is derived by the privileged insider of the registration server in the registration protocol. In many scenarios, if the user registers to the server with plaintext password, an insider of the server can impersonate user’s login by abusing the legitimate user’s password and can get access to the other systems. As mentioned in the registration phase of Wen and Li’s scheme, the user sends his and to the server over secure channel. So, the password of the user will be revealed to the server . The privileged insider of the remote system could impersonate to access the other remote system that has registered with outside this system. That is, Wen and Li’s scheme is vulnerable to insider attack.

3.3. Inefficiency for Error Password Login

In Wen and Li’s scheme, even if inputs an error password in login phase, the smart card still sends ’s login request message to the server . Both the login phase and authentication phase are still performed, and this process will terminate until checks whether the equation holds. This situation will waste unnecessary extra communication and computation cost. So, the password authentication is delayed and inefficient.

3.4. Perfect Forward Secrecy

A protocol is called perfect forward secrecy if the compromise of the long-term private keys related to participating entities does not affect the security of previous session keys. In Wen and Li’s scheme, when the private key of the server is compromised and an adversary has intercepted ’s previous login request messages and the message over public networks, then the adversary can compute , , . Then all the past session keys of Wen and Li’s scheme should be compromised to the adversary. From the above discussion, we can obtain that Wen and Li’s scheme fails to protect forward security.

4. Preliminaries

Before the description of our proposed scheme, we introduce the basic concepts of ECC. In all elliptic curve cryptosystem, the elliptic curve equation is defined as the form of : . Given an integer and a point , the point-multiplication over can be defined as ( times). Generally, the security of ECC relies on the difficulties of the following problems.

Definition 1. Given two points and over , the elliptic curve discrete logarithm problem (ECDLP) is to find an integer such that .

Definition 2. Given three points , , and over for , , the computational Diffie-Hellman problem (CDLP) is to find the point over .

5. Proposed Scheme

This section introduces the proposed dynamic ID-based remote user authentication scheme. The proposed scheme is composed of four phases, which are the user registration phase, the login phase, the authentication phase, and the password change phase. The details will be described as follows.

5.1. Registration Phase

(1)When a user wants to register and become a legal user, freely chooses his/her identity and , chooses a random number , and submits , to the via a secure communication channel.(2) computes , , , where is the server’s secret key kept in secretly.(3) stores in the smart card and submits the smart card to the via a secure channel.(4)When receiving the smart card, the user enters into the smart card. At last, the smart card contains parameters .

5.2. Login Phase

If wants to access the server, he/she inserts smart card into the terminal, and keys with , and then the smart card verifies whether the equation holds or not. If they are equal, the smart card accepts the login request and performs the following steps.(1)The smart card chooses a random and computes , , , , and forwards the login request message to the server .(2)The smart card sends the login request message to the server over a public channel.

5.3. Verification Phase

(1)After receiving the message , the server computes , , , and verifies whether the equation holds.(2)If they are equal, it means that is an authentic user and accepts the login request message; otherwise, the login request is rejected. Then, generates a random number , computes , and computes , and the session key and key confirmation message .(3) sends the message to the user .(4)When the user receives the message , computes and verifies whether the following equation holds: .(5) computes and then checks if the equation holds. If it holds, computes .(6) sends the message to the server .(7) verifies whether or not. If the equation holds, the mutual authentication is completed.

5.4. Password Change Phase

In this phase, can change his/her password any time when he/she wants without the help of the . The steps of the password change phase are as follows.(1) inserts his smart card into the smart card reader and then inputs and .(2)The smart card computes and then checks if the is the same as . If they are the same, inputs a new password and computes , , and then the smart card replaces , with , to finish the password change process.

6. Protocol Analysis

This section describes the security analysis of the proposed scheme and compares performance with Wen and Li’s scheme.

6.1. User Anonymity

Suppose that an adversary intercepts the login request message in the login phase of our scheme; the user has no way of guessing because of the hardness of inverting of hash functions. Moreover, due to the random , the user cannot be traced out from the login request message . Therefore, our scheme is able to preserve the user’s anonymity.

6.2. Perfect Forward Secrecy

Perfect forward secrecy is that even though the user’s password or the server’s secret key is compromised, an adversary still cannot obtain all the past session keys. In our proposed authentication scheme, suppose that an adversary knows the ’s password or the server ’s secret key ; he/she tries to determine all the past session key . To know the session key , he has to compute or , from the and , which is faced with the hardness of the computational Diffie-Hellman problem. Therefore, our proposed authentication scheme can provide the property of perfect secrecy.

6.3. Insider Attack

In our proposed scheme, the user freely chooses and a random number and submits , , to the via a secure communication channel. So the insider of server cannot compute the user’s from because it is protected by hash function. Therefore, the insider attack is impossible in the proposed scheme.

6.4. Replay Attack

The replay attack is replaying the same message of receiver or the sender again. The login request message of our proposed protocol uses a random number instead of timestamp to protect against replay attack. The random number is and are generated independently and both will be different in each login message and each verification phase.

6.5. Mutual Authentication and Session Key Agreement

In our proposed protocol, the user and the server can authenticate each other. The server verifies the legal user by verifying whether the equation holds. And the user can also verify the server by verifying whether and are equal. The mutual authentication protects against server side impersonation. Moreover, the user and the server establish a secure session key in each session. With this session key, the user and the remote server can exchange confidential data securely.

6.6. Performance Comparison

In this section, we summarize the functionality comparisons between our scheme and other remote user authentication schemes in Table 1.

7. Conclusions

In this paper, we discuss several weaknesses in Wen and Li’s dynamic ID-based remote user authentication scheme, such as being vulnerable to insider attack, failing to provide anonymity of a user, and perfect forward security. To remedy these weaknesses and improve performance, we have proposed an enhanced remote user authentication scheme that uses elliptic curve cryptography. The proposed scheme does not only inherit the merits of their scheme, but also has low computational and communist cost.

Acknowledgment

This research is supported and partly funded by Natural Science Foundation Project of Chongqing Municipal Education Commission (KJ121103).

References

X. Wang, W. Zhang, J. Zhang, and M. K. Khan, “Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards,” Computer Standards and Interfaces, vol. 29, no. 5, pp. 507–512, 2007.
View at: Publisher Site | Google Scholar
H. Hsiang and W. Shih, “Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards,” Computer Communications, vol. 32, no. 4, pp. 649–652, 2009.
View at: Publisher Site | Google Scholar
M. Hwang and L. Li, “A new remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, vol. 46, no. 1, pp. 28–30, 2000.
View at: Publisher Site | Google Scholar
W. Ku and S. Chang, “Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards,” IEICE Transactions on Communications, vol. E88-B, no. 5, pp. 2165–2167, 2005.
View at: Publisher Site | Google Scholar
H.-R. Tseng, R.-H. Jan, and W. Yang, “A bilateral remote user authentication scheme that preserves user anonymity,” Security and Communication Networks, vol. 1, no. 4, pp. 301–308, 2008.
View at: Google Scholar
W. Yang and S. Shieh, “Password authentication schemes with smart cards,” Computers and Security, vol. 18, no. 8, pp. 727–733, 1999.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, J. Ma, W. Wang, and C. Liu, “Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 73–79, 2011.
View at: Publisher Site | Google Scholar
M. L. Das, A. Saxena, and V. P. Gulati, “A dynamic ID-based remote user authentication scheme,” IEEE Transactions on Consumer Electronics, vol. 50, no. 2, pp. 629–631, 2004.
View at: Publisher Site | Google Scholar
Y. Wang, J. Liu, F. Xiao, and J. Dan, “A more efficient and secure dynamic ID-based remote user authentication scheme,” Computer Communications, vol. 32, no. 4, pp. 583–585, 2009.
View at: Publisher Site | Google Scholar
J. Tsai, T. Wu, and K. Tsai, “New dynamic ID authentication scheme using smart cards,” International Journal of Communication Systems, vol. 23, no. 12, pp. 1449–1462, 2010.
View at: Publisher Site | Google Scholar
K. Yeh, C. Su, N. W. Lo, Y. Li, and Y. Hung, “Two robust remote user authentication protocols using smart cards,” Journal of Systems and Software, vol. 83, no. 12, pp. 2556–2565, 2010.
View at: Publisher Site | Google Scholar
M. K. Khan, S. Kim, and K. Alghathbar, “Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme',” Computer Communications, vol. 34, no. 3, pp. 305–309, 2011.
View at: Publisher Site | Google Scholar
R. Madhusudhan and R. C. Mittal, “Dynamic ID-based remote user password authentication schemes using smart cards: a review,” Journal of Network and Computer Applications, vol. 35, no. 4, pp. 1235–1248, 2012.
View at: Publisher Site | Google Scholar
F. Wen and X. Li, “An improved dynamic ID-based remote user authentication with key agreement scheme,” Computers and Electrical Engineering, vol. 38, no. 2, pp. 381–387, 2012.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2013 Juan Qu and Li-min Zou. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1375

Downloads

1234

Citations