A Secure and Efficient ECC-Based Anonymous Authentication Protocol

Wang, Feifei; Xu, Guoai; Gu, Lize

doi:https://doi.org/10.1155/2019/4656281

Security and Communication Networks

On this page

Abstract Introduction Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2019 | Article ID 4656281 | https://doi.org/10.1155/2019/4656281

A Secure and Efficient ECC-Based Anonymous Authentication Protocol

Feifei Wang,¹Guoai Xu,¹and Lize Gu¹

Academic Editor: Dimitrios Geneiatakis

Received16 Aug 2018

Accepted24 Jun 2019

Published20 Aug 2019

Abstract

Nowadays, remote user authentication protocol plays a great role in ensuring the security of data transmission and protecting the privacy of users for various network services. In this study, we discover two recently introduced anonymous authentication schemes are not as secure as they claimed, by demonstrating they suffer from offline password guessing attack, desynchronization attack, session key disclosure attack, failure to achieve user anonymity, or forward secrecy. Besides, we reveal two environment-specific authentication schemes have weaknesses like impersonation attack. To eliminate the security vulnerabilities of existing schemes, we propose an improved authentication scheme based on elliptic curve cryptosystem. We use BAN logic and heuristic analysis to prove our scheme provides perfect security attributes and is resistant to known attacks. In addition, the security and performance comparison show that our scheme is superior with better security and low computation and communication cost.

1. Introduction

With the dramatic increase of network attacks and privacy leakage, it is extremely important for various network services to identify the authenticity of communicating party and protect the privacy of users in insecure environment. As a basic defense strategy for numerous network services, the authentication protocol is aimed at solving these security issues. It has been used in various areas, such as e-banking, e-health, wireless sensor networks, and internet of things [1–3]. Authentication protocol generally provides three useful functionalities, that is, mutual authentication, user anonymity, and session key agreement.

Recently, there have been a great number of authentication schemes introduced and some evaluation metrics developed [4–8]. In 2012, Wang et al. [9] presented a robust authentication protocol that is resistant to known attacks, but the protocol has low efficiency, as it requires a number of modular exponentiation operations. Besides, they presented a comprehensive evaluation criteria for smart card based password authentication protocols. Madhusudhan and Mittal [10] defined the security requirements and desirable properties an authentication protocol should fulfil and provide. Kim–Kim [11] introduced an efficient dynamic identity authentication scheme, in which a synchronization mechanism is adopted to achieve user anonymity. In 2014, Islam et al. [12] introduced an anonymous authentication scheme based on elliptic curve cryptosystem (ECC). Huang et al. [13] proposed an anonymous authentication protocol based on RSA cryptosystem. In 2015, Wang et al. [14] demonstrated Kim–Kim’s scheme and its similar schemes that employ the same synchronization mechanism cannot withstand desynchronization attack and introduced an ElGamal cryptosystem based scheme to overcome this threat. In 2016, Nikooghadam et al. [15] presented an efficient authentication protocol using symmetric key cryptosystem and claimed the protocol is resistant to various known attacks. Jung et al. [16] proposed a symmetric key cryptosystem based authentication and key agreement protocol for wireless sensor networks. In 2017, Luo et al. [17] proved that Islam et al.’s scheme is susceptible to insider attack and offline password guessing attack and introduced a new ECC-based scheme for improvement. But their scheme suffers from session key disclosure attack and offline guessing password attack. Xiong et al. [18] proved Jung et al.’s protocol fails to achieve forward secrecy and suffers from smart card loss attack and introduced an improved scheme based on hash chain technique. Xie et al. [19] proposed a provably secure authentication protocol using ECC. Unfortunately, the protocol is inefficient in detection of wrong identity and password. Amin et al. [20] demonstrated that Huang et al.’s scheme cannot resist offline password guessing attack and forgery attack and presented an anonymous RSA cryptosystem based scheme for improvement.

Although a great number of research works have been done on authentication protocols [21–35], new authentication schemes still have various security weaknesses [22–29, 32–34]. Offline guessing password attack and forward secrecy attack are two of the most common security weaknesses.

One prominent issue of authentication protocol is security against offline guessing password attack. In authentication scheme, the verification value is essential to check the validity of inputted password and implement local password updates. But the introduced verification value probably leads to offline password guessing attack, even server impersonation attack, user impersonation attack, and man-in-the-middle attack. To solve this problem, Wang et al. [35] introduced an effective solution by integrating “fuzzy-verifier” with “honeywords”.

On the other hand, forward secrecy is a matter of concern to authentication protocol. Numerous authentication schemes proposed recently achieve many desirable features but fail to preserve forward secrecy. Forward secrecy attack is a security vulnerability that damages the whole server system. Halevi and Krawczyk [36] demonstrated that, for any key exchange scheme, perfect forward secrecy can be achieved through using Diffie-Hellman key exchange.

1.1. Our Contributions

We cryptanalyze several representative schemes in the paper. Firstly, we point out Amin et al.’s scheme [20] suffers from offline guessing attack, user impersonation attack and fails to provide forward secrecy. Next, we reveal Nikooghadam et al.’s protocol [15] suffers from offline guessing attack, man-in-the-middle attack, session key disclosure attack, server impersonation attack, desynchronization attack, user impersonation attack, and fails to preserve forward secrecy and user anonymity. Then we point out Mishra et al.’s session initiation protocol [33] fails to provide forward secrecy. In addition, we demonstrate Hsieh et al.’s authentication scheme for wireless communication [34] suffers from offline password guessing attack and impersonation attack.

To eliminate these security vulnerabilities, we propose an improved authentication protocol based on elliptic curve cryptosystem. We use BAN logic and informal analysis to prove the completeness and security of our scheme. Furthermore, we give the performance and security comparison of related schemes. The results show that our scheme is more practical.

1.2. Structure of the Paper

Section 2 gives the cryptanalysis of Amin et al.’s scheme. Section 3 is the cryptanalysis of Nikooghadam et al.’s scheme. Section 4 is the cryptanalysis of two environment-specific authentication schemes. Section 5 gives the proposed scheme. Section 6 is the security analysis of our scheme. And Section 7 gives the security and performance comparison of related schemes. Section 8 is a conclusion.

We elaborate the notations of this paper in Table 1.

2. Cryptanalysis of Amin Et Al.’s Scheme

In this section, we describe Amin et al.’s scheme and reveal its security vulnerabilities.

2.1. Review of Amin Et Al.’s Scheme

Amin et al.’s scheme consists of the following three phases (see Figure 1).

2.1.1. Initialization Phase

S chooses two big prime numbers u, v and calculates . Next, S selects another prime number , where . And d is calculated according to . S publishes public parameters and keeps as secret.

2.1.2. Registration Phase

In this phase, submits his identity information to S with the purpose of obtaining the access permission.

Step 1. picks and freely. calculates , where is a nonce. Afterwards, is transmitted to S via a secure channel.

Step 2. Upon receiving , S calculates , , . S stores in a smart card. The smart card is transmitted to via a secure channel.

Step 3. stores in the smart card.

2.1.3. Login and Authentication Phase

In this phase, delivers a login request message to . verifies the legitimacy of the message and sends back a response.

Step 1. attaches the smart card to a terminal and inputs and . The smart card calculates , , , and checks whether . If the equation holds, perform next step.

Step 2. The smart card computes , , where is random number. is transmitted to S.

Step 3. After receiving , S validates if , where is the current time receives at server end, and is an accredited maximum transport delay. If it holds, it denotes that is fresh. S computes to derive . Then S calculates , .

Step 4. S calculates and checks . If the equation holds, S regards as a legitimate user. Otherwise, this protocol aborts.

Step 5. S computes , , , where is a random number. S sends to .

Step 6. After receiving , the smart card first checks if is fresh. Next, the smart card calculates , , and checks if . If the equation holds, S is authenticated by . Then, the smart card calculates as session key.

2.2. Cryptanalysis of Amin Et Al.’s Scheme

In this part, we elaborate Amin et al.’s scheme is susceptible to several security attacks.

2.2.1. Offline Password Guessing Attack

The adversary extracts from the smart card. performs offline password guessing attack in the following steps.

Step 1. Choose an identity from the identity dictionary space, and a password from the password dictionary space.

Step 2. Calculate , , . Compare with . If they are equal, it shows that is 's real identity, and is 's correct password.

Step 3. Repeat Steps 1-2, until finds the real and .

2.2.2. User Impersonation Attack

Once extracts from the smart card and gets , via “offline password guessing attack”, performs user impersonation attack in the following steps.

Step 1. Calculate , , . Obviously, is equal to .

Step 2. Select a nonce . Calculate , where is the current timestamp. Calculate . Send to .

Step 3. Upon receiving , as is fresh, S computes to retrieve . Then S computes , , . As is equal to , S regards as legitimate user .

The inherent reason for above attacks is that there is a verification value in smart card for the adversary to check if the guessed and are correct.

2.2.3. Forward Secrecy

Suppose gets the secret key and intercepts message and from public channel. Then calculates the session key as follows.

Step 1. Compute to derive .

Step 2. Compute .

Step 3. Compute , .

In Amin et al.’s scheme, and S select random numbers , respectively. The transmission of uses RSA encryption under the public key of S. The transmission of uses bitwise XOR with . Hence, the confidentiality of random numbers is completely dependent on the private key of S. Once the private key of S is compromised, the attacker can easily get all session keys of the whole server system.

3. Cryptanalysis of Nikooghadam Et Al.’s Scheme

In this section, we review Nikooghadam et al.’s scheme and reveal its security vulnerabilities.

3.1. Review of Nikooghadam Et Al.’s Scheme

Nikooghadam et al.’s scheme includes the following two phases (see Figure 2).

3.1.1. Registration Phase

In this phase, when receiving the enrollment request, issues a smart card to .

Step 1. picks , freely. Then calculates , where is a random number. is transmitted to through a secure channel.

Step 2. After receiving , calculates , . computes ’s dynamic identity , where is a random number. stores in a smart card and delivers it to through a secure channel.

Step 3. stores in the smart card.

3.1.2. Login and Authentication Phase

This phase verifies the legitimacy of communicating parties and negotiates a session key.

Step 1. inserts his smart card into a terminal and enters ,. The smart card calculates , , where is a nonce. The smart card delivers to S.

Step 2. After receiving , S checks the freshness of . Then S computes , , , and checks , . If both the two equations hold, perform next step. Otherwise, this protocol aborts.

Step 3. S chooses two random numbers , . Then S computes , , and returns to .

Step 4. Upon receiving , the smart card calculates and checks if . If the two equations hold, perform next step; otherwise, this protocol aborts.

Step 5. The smart card calculates , . is transmitted to S.

Step 6. Upon receiving , S calculates and checks . If the equation holds, S computes .

3.2. Cryptanalysis of Nikooghadam Et Al.’s Scheme

In this part, we demonstrate Nikooghadam et al.’s scheme is susceptible to several security attacks.

3.2.1. Inefficiency for Wrong Password Detection

In the login phase, the smart card never checks the validity of the entered password. If inputs a wrong password by accident, the smart card cannot detect this fault, until a login request is sent to S, and S returns back a response to reject it. It wastes too much time of users.

3.2.2. Offline Password Guessing Attack

The adversary extracts from ’s smart card and intercepts from public channel. Offline password guessing is launched in the following steps.

Step 1. Choose an identity from the identity dictionary space and a password from the password dictionary space.

Step 2. Calculate , . Check , . If both the two equations hold, it shows that is 's real identity, and is 's correct password.

Step 3. Repeat Steps 1-2, until find real and .

3.2.3. User Anonymity

For the message , is compromised by performing offline password guessing attack; this is violation of user anonymity.

Once the adversary gets and obtains and by performing offline password guessing attack and intercepts , , and from pubic channel, performs user impersonation attack, server impersonation attack, man-in-the-middle attack, session key disclosure attack, and desynchronization attack as follows.

3.2.4. User Impersonation Attack

Step 1. computes .

Step 2. computes , where is a nonce, and is current timestamp. sends to S.

Step 3. After S receiving , as is fresh, , , S regards as the legitimate user and returns to .

Step 4. Upon receiving , computes , , and sends to S.

Step 5. After S receiving , as , S computes .
establishes a session key with S successfully.

3.2.5. Server Impersonation Attack

Step 1. Compute .

Step 2. Compute .

Step 3. Intercept from public channel. Generate a nonce and select a binary string whose length is the same as . Compute and return to .

Step 4. After receiving , as , regards as the sever S.

3.2.6. Man-in-the-Middle Attack

Step 1. Intercept from public channel and send to S.

Step 2. Intercept from public channel and send to .

Step 3. Intercept from public channel and send to S.

3.2.7. Session Key Disclosure Attack

Step 1. Calculate .

Step 2. Calculate .

Step 3. Calculate .

3.2.8. Desynchronization Attack

Step 1. Calculate .

Step 2. Intercept from pubic channel. Compute . Select a binary string whose length is same as . Compute . Sends to .

Step 3. Intercept from pubic channel. Compute . Send to S.

After that, cannot login anymore, unless re-register to S.

3.2.9. Forward Secrecy

Suppose obtains the master key of S and intercepts and from public channel, and then calculates the session key as follows.

Step 1. Calculate .

Step 2. Calculate .

Step 3. Calculate .

Step 4. Calculate .

The transmission of random numbers , uses symmetric encryption under key . The confidentiality of random numbers is dependent on the authentication value . Once the master key of S is leaked, the attacker is able to compute and obtain , by decrypting message . Consequently, the session keys of the whole sever system are compromised.

In the authentication scheme, random numbers are essential to establish unique session key in each session. If the user or server cannot transmit random number to the other side securely, it certainly will compromise the session key.

4. Cryptanalysis of Two Authentication Schemes for Specific Environment

Recently, Mishra et al. presented an efficient authentication scheme for session initiation protocol. In addition, Hsieh et al. introduced an authentication scheme for wireless communication. However, after a rigorous analysis, we discover both the two schemes have vulnerabilities. We reveal the weaknesses of the two schemes in this section.

4.1. Review of Mishra Et Al.’s Scheme

We briefly review Mishra et al.’s scheme in this subsection. As the password and biometric update phase is irrelevant to our cryptanalysis, we omit it.

4.1.1. Registration Phase

Step 1. picks , at will and computes , where is a nonce. delivers to the server S securely.

Step 2. Upon receiving , computes , , where is the secret key of S, and is the number of times the user once registered with S. S sends a smart card storing to .

Step 3. imprints his biometric . The smart card computes , , and stores in its memory.

4.1.2. Login and Authentication Phase

Step 1. enters , and imprints . The smart card checks if . If it holds, the smart card calculates , , , , , where u is a nonce. The smart card delivers to S.

Step 2. After receiving the message, S computes , , and checks if . If it holds, S calculates , and sends to .

Step 3. After receiving , the smart card calculates , . If , regards he establishes a valid session key with S.

4.2. Weaknesses of Mishra Et Al.’s Scheme

4.2.1. Forward Secrecy

In the case that the adversary obtains the secret key and intercepts the messages and from public channel, then is able to breach the session key in the following steps.

Step 1. Compute .

Step 2. Let .

Step 3. Compute , .

Step 4. Check if . If they are equal, proceed next step. Otherwise, let , and go to Step 3.

Step 5. Compute the session key .

4.3. Review of Hsieh Et Al.’s Scheme

We briefly review Hsieh et al.’s scheme in this subsection. As the ticket authentication phase is irrelevant to our cryptanalysis, we omit it.

4.3.1. Registration Phase

Step 1. The mobile station MS delivers to the home agent HA securely.

Step 2. After receiving the registration request, HA computes , , , , where are the secret values of HA, and are two random numbers. HA issues a smart card storing to MS.

4.3.2. Ticket-Issuing Phase

Step 1. MS computes , , , , , where are random numbers. MS sends to the foreign agent FA.

Step 2. After receiving the message, FA computes , , where k is a secret key shared by FA and HA. FA delivers to HA.

Step 3. After receiving the message, HA computes , , , , , , , , , . HA delivers to FA.

Step 4. Upon receiving , computes , , . sends to .

Step 5. Upon receiving , MS computes , and checks if . If it holds, MS calculates , , , and sends to FA.

Step 6. Upon receiving , FA checks if . If the equation holds, FA and MS authenticate each other and establish a session key successfully.

4.4. Weaknesses of Hsieh Et Al.’s Scheme

4.4.1. Offline Password Guessing Attack

Suppose the adversary extracts from the smart card and intercepts the messages and from public channel. Then performs the following steps.

Step 1. picks a password from the password dictionary space.

Step 2. computes , , , and checks if . If it holds, it shows that is the correct password.

Step 3. Repeat Steps 1-2, until finds .

4.4.2. MS Impersonation Attack

In the case that smart card is compromised, the adversary is able to obtain the password via offline password guessing attack; that is to say, the adversary has acquired all the authentication information that MS has. The capability of adversary has no differences with the legitimate MS. Hence, the adversary is able to impersonate and defraud and successfully.

4.4.3. HA Impersonation Attack

intercepts the message from public channel. With the smart card and , is able to perform impersonation attack in the following steps.

Step 1. computes , , , , , , , where is a random number. sends to .

Step 2. After receiving , MS computes , . As , MS computes , . MS believes that it establishes a session key with HA.

5. Proposed Scheme

To overcome the weaknesses of Amin et al.’s scheme and Nikooghadam et al.’s scheme, we propose an improved anonymous authentication protocol using ECC. The proposed scheme establishes secure session key based on Diffie-Hellman key exchange. Our scheme consists of the following four phases (see Figure 3).

5.1. Initialization Phase

S chooses an elliptic curve group . is a generator of . Then, S chooses a random number x as its private key and calculates as its public key. S publishes and keeps x as secret.

5.2. Registration Phase

In this phase, when receiving a registration request, issues a smart card containing the parameters for user authentication to .

Step 1. picks and freely. calculates , where is a random number. Afterwards, is transmitted to S via a secure channel.

Step 2. After receiving , S calculates , , , where . stores in a smart card and transmits it to through a secure communication channel.

Step 3. stores in the smart card.

5.3. Login and Authentication Phase

This phase verifies the authenticity of communicating parties and generates a session key.

Step 1. attaches his smart card to a terminal and inputs and . Then the smart card calculates , , and checks . If the equation holds, the smart card computes , , , , , where is a random number. is transmitted to S.

Step 2. After receiving , S computes , , , , and checks . If the equation holds, S generates a random number and computes , , , . is transmitted to .

Step 3. After receiving , computes , , and checks . If the equation holds, S computes . is transmitted to S.

Step 4. After receiving , S computes and checks . If the equation holds, S establishes a session key with successfully.

5.4. Password Updates Phase

updates his original password to a new one as follows.

Step 1. attaches his smart card to a terminal and inputs and . The smart card calculates , , and checks . If it holds, the smart card asks the user to input a new password.

Step 2. enters his new password . Then the smart card calculates , . The smart card deletes and stores in its memory.

6. Security Analysis

6.1. Informal Analysis

The heuristic analysis shows that our scheme can withstand various known attacks.

6.1.1. Offline Password Guessing Attack

Suppose that the adversary steals the smart card of and extracts from it; then executes the following steps.

Step 1. Choose an identity from identity dictionary space and a password from password dictionary space.

Step 2. Compute , .

Step 3. Check .

In our scheme, we employ the verification value . When and the identity and password are 64 bits, there are pairs of conforming to . Even if finds a pair of that conforms to , the probability they are equal to the identity and password of is .

Our scheme overcomes the offline password guessing attack at a cost of false acceptance rate of . But it does not compromise the security. When the server receives a login request message generated with erroneous , as , the server rejects the login request.

6.1.2. Replay Attack

Suppose that the adversary tries to launch replay attack in the following cases.

In the case that the adversary intercepts from public channel and replays the message to S, S handles the message and returns to . However, without and , is unable to generate a valid . The protocol finally aborts.

In the case that replays message or . Both the two messages are generated based on the random numbers and . The random numbers are only valid for the current session. If replays , the smart card will find that the received is not equal with computed based on its secret. Similarly, if replays , S will find that . The protocol finally aborts.

6.1.3. Desynchronization Attack

Desynchronization attack denotes that the adversary modifies the parameters of a message or simply blocks the message causing that the legitimate user cannot access the server anymore.

In our scheme, all the messages are generated based on the authentication value and the random number or . The user and the server check the validity of each message they receive. If the adversary modifies the parameters of a message, the receiver will detect the message is tampered with and reject it. Besides, if blocks a message, it just leads to the single authentication failure for the current session, but it does not alter the parameters that the user and the server have. The user is able to continue to access the server.

6.1.4. User Anonymity

In our scheme, is protected by symmetric encryption under the key . The adversary cannot retrieve , unless he gets the private key of S. Furthermore, the cipher text of changes with random number in each session. Our scheme also achieves user identity untraceability.

6.1.5. User Impersonation Attack

extracts from the stolen smart card and intercepts the transmitted messages between and S from public channel. Then tries to forge a login request to defraud S. generates a random number and computes , . To compute , is required. However, is protected by hash function. The only way to obtain is to retrieve from . As , , the adversary needs to get firstly. But as analyzed in “offline password guessing attack”, the adversary is unable to get in the case that smart card is compromised. Eventually, the adversary cannot forge a valid login request. Our scheme is immune to user impersonation attack.

6.1.6. Server Impersonation Attack

Provided that gets and the transmitted messages between and S, tries to impersonate the server by forging a valid message , where , , , . In order to compute , the adversary has to know . As analyzed in “user impersonation attack”, the adversary is unable to obtain , even if he compromises the smart card. Without , the adversary is unable to perform server impersonation attack successfully.

6.1.7. Forward Secrecy

Assuming the adversary obtains the private key of S and intercepts , , from public channel. Then tries to compute the session key. As , and are required to compute . With the private key x, the adversary computes , , . is known. Next, to obtain , needs to derive from , . That is to say, needs to solve the elliptic curve Diffie–Hellman problem (CDHP). Otherwise, the adversary is unable to reveal SK. Hence, our scheme achieves forward secrecy.

6.1.8. Session Key Disclosure Attack

intercepts the transmitted messages between and S from public channel. Then attempts to compromise SK. and are required to compute SK. To get , needs to break the smart card and password of user at the same time. To get , needs to solve the elliptic curve CDHP. Both are beyond the ability of . Our scheme is secure against session key disclosure attack.

In our scheme, the session key includes a long-term authentication value and a temporary secret key generated by Diffie-Hellman key exchange. The long-term authentication value denotes the shared secret authentication information between S and . The temporary secret key ensures that our scheme is resistant to known key attack and achieves forward secrecy.

6.2. Formal Analysis

We use BAN logic [38] to prove our scheme achieves mutual authentication and session key establishment. Table 2 gives the symbols and rules used in BAN logic.

The goals that our scheme should achieve are as follows. Goal 1: Goal 2: Goal 3: Goal 4:

The idealized form of our scheme is given as follows. M1: M2: M3:

The assumptions about the initial belief of our scheme are given as follows. S1: S2: S3: S4: S5: S6: S7: S8:

The BAN logic proof of our scheme is performed in the following steps.

According to M1, we have(1)

Applying the message-meaning rule on S1, (1), we obtain(2)

Applying the nonce-verification rule on S2, (2), we obtain(3)

Applying the jurisdiction rule on S3, (3), we obtain(4)

According to M2, we have(5)

Applying the message-meaning rule on S4, (5), we obtain(6)

Applying the nonce-verification rule on S5, (6), we obtain(7) Goal 1

Applying the jurisdiction rule to S6, (7), we obtain(8) Goal 2

According to M3, we have(9)

Applying the message-meaning rule on S1, (9), we obtain(10)

Applying the nonce-verification rule on S7, (10), we obtain(11) Goal 3

Applying the jurisdiction rule to S8, (11), we obtain(12) Goal 4

7. Security and Performance Comparison

We compare the proposed scheme with other recently introduced schemes [15, 17, 19, 20, 22–24] in this section. Table 3 shows the results of security analysis. Only our scheme is resistant to various known attacks and achieves forward secrecy and user anonymity and detects the wrong password promptly, while other schemes have security loopholes more or less.

We estimate the computation overheads and communication costs of related schemes concerning login and authentication phase in Table 4. In accordance with Table 4, the total computation overhead of our scheme is inferior to Amin et al.’s scheme and Nikooghadam et al.’s scheme, but it is pretty better than other schemes [17, 19, 22–24]. Furthermore, we have demonstrated that the schemes of Amin et al. and Nikooghadam et al. suffer from various vulnerabilities. In addition, our scheme has the lowest communication overhead among these schemes.

In summary, our scheme has obvious advantages in terms of security. As for computation overhead, our scheme is superior to most schemes. Besides, our scheme is ahead of other schemes in aspect of communication cost. Hence, our scheme is more practical than other schemes.

8. Conclusion

In this paper, we cryptanalyze two anonymous authentication schemes and pointed out they suffer from a variety of security attacks like offline password guessing attack and user impersonation attack. In addition, we reveal the security weaknesses of two environment-specific authentication schemes. To overcome the security loopholes, we present an efficient authentication scheme using elliptic curve cryptosystem. In our scheme, the security of session key is fully guaranteed. It prevents all the possible session key exposure, forward secrecy attack included. We give both formal analysis and informal analysis to prove the completeness and security of the proposed scheme. Furthermore, the outcomes of security and performance comparison show that the proposed scheme is superior with better security and low computation and communication cost. Besides, the proposed scheme has good expansibility. In the future, we plan to design an efficient biometrics-based remote user authentication scheme for multiserver environment based on our current work.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This research is supported by the National Key Research and Development Program of China No. 2018YFB0803605 and the National Natural Science Foundation of China No. 61897069.

References

T. Kumar, A. Braeken, M. Liyanage, and M. Ylianttila, “Identity privacy preserving biometric based authentication scheme for Naked healthcare environment,” in Proceedings of the IEEE International Conference on Communications, (ICC '17), Paris, France, 2017.
View at: Google Scholar
F. Wei, J. Ma, Q. Jiang, J. Shen, and C. Ma, “Cryptanalysis and improvement of an enhanced two-factor user authentication scheme in wireless sensor networks,” Information Technology & Control, vol. 45, no. 1, pp. 62–70, 2016.
View at: Google Scholar
L. Wu, J. Fan, Y. Xie, J. Wang, and Q. Liu, “Efficient location-based conditional privacy-preserving authentication scheme for vehicle ad hoc networks,” International Journal of Distributed Sensor Networks, vol. 13, no. 3, 2017.
View at: Google Scholar
M. Khan and S. Kim, “Cryptanalysis and security enhancement of a more efficient and secure dynamic ID-based remote user authentication scheme,” Computer Communications, vol. 34, no. 3, pp. 305–309, 2011.
View at: Google Scholar
Y.-F. Chang, W.-L. Tai, and H.-C. Chang, “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update,” International Journal of Communication Systems, vol. 27, no. 11, pp. 3430–3440, 2014.
View at: Publisher Site | Google Scholar
R.-C. Wang, W.-S. Juang, and C.-L. Lei, “Robust authentication and key agreement scheme preserving the privacy of secret key,” Computer Communications, vol. 34, no. 3, pp. 274–280, 2011.
View at: Publisher Site | Google Scholar
F. Wen and X. Li, “An improved dynamic ID-based remote user authentication with key agreement scheme,” Computers and Electrical Engineering, vol. 38, no. 2, pp. 381–387, 2012.
View at: Publisher Site | Google Scholar
S. Wu, Y. Zhu, and Q. Pu, “Robust smart-cards-based user authentication scheme with user anonymity,” Security and Communication Networks, vol. 5, no. 2, pp. 236–248, 2012.
View at: Publisher Site | Google Scholar
D. Wang, P. Wang, C. Ma, and Z. Chen, “Robust smart card based password authentication scheme against smart card security breach,” Cryptology ePrint Archive Report 2012/439, 2012, https://eprint.iacr.org/2012/439.pdf.
View at: Google Scholar
R. Madhusudhan and R. C. Mittal, “Dynamic ID-based remote user password authentication schemes using smart cards: a review,” Journal of Network and Computer Applications, vol. 35, no. 4, pp. 1235–1248, 2012.
View at: Publisher Site | Google Scholar
K. Kim and M. Kim, “An enhanced anonymous authentication and key exchange scheme using smart card,” in Proceedings of the International Conference on Information Security and Cryptology, pp. 487–494, Springer-Verlag, 2012.
View at: Google Scholar
S. Islam and G. Biswas, “Dynamic ID-based remote user mutual authentication scheme with smart card using elliptic curve cryptography,” Journal of Electronics, vol. 31, no. 5, pp. 473–488, 2014.
View at: Google Scholar
H.-F. Huang, H.-W. Chang, and P.-K. Yu, “Enhancement of timestamp-based user authentication scheme with smart card,” International Journal of Network Security, vol. 16, no. 6, pp. 463–467, 2014.
View at: Google Scholar
D. Wang, N. Wang, P. Wang, and S. Qing, “Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity,” Information Sciences, vol. 321, Article ID 11496, pp. 162–178, 2015.
View at: Publisher Site | Google Scholar
M. Nikooghadam, R. Jahantigh, and H. Arshad, “A lightweight authentication and key agreement scheme preserving user anonymity,” Multimedia Tools and Applications, vol. 76, no. 11, pp. 13401–13423, 2017.
View at: Publisher Site | Google Scholar
J. Jung, J. Kim, Y. Choi, and D. Won, “An anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in wireless sensor networks,” Sensors, vol. 16, no. 8, article 1299, 2016.
View at: Publisher Site | Google Scholar
M. Luo, Y. Zhang, M. K. Khan, and D. He, “A secure and efficient identity-based mutual authentication scheme with smart card using elliptic curve cryptography,” International Journal of Communication Systems, vol. 30, no. 16, p. e3333, 2017.
View at: Publisher Site | Google Scholar
L. Xiong, D. Peng, T. Peng, H. Liang, and Z. Liu, “A lightweight anonymous authentication scheme with perfect forward secrecy for wireless sensor networks,” Sensors, vol. 17, no. 11, 2016.
View at: Publisher Site | Google Scholar
Q. Xie, D. S. Wong, G. Wang, X. Tan, K. Chen, and L. Fang, “Provably secure dynamic ID-based anonymous two-factor authenticated key exchange scheme with extended security model,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 6, pp. 1382–1392, 2017.
View at: Publisher Site | Google Scholar
R. Amin, T. Maitra, D. Giri, and P. D. Srivastava, “Cryptanalysis and improvement of an RSA based remote user authentication scheme using smart card,” Wireless Personal Communications, vol. 96, no. 3, pp. 4629–4659, 2017.
View at: Publisher Site | Google Scholar
D. Wang, Z. Zhang, P. Wang, J. Yan, and X. Huang, “Targeted online password guessing: An underestimated threat,” in Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS '16), pp. 1242–1254, Vienna, Austria, 2016.
View at: Google Scholar
T. Maitra, M. S. Obaidat, R. Amin, S. H. Islam, S. A. Chaudhry, and D. Giri, “A robust ElGamal‐based password‐authentication scheme using smart card for client‐server communication,” International Journal of Communication Systems, vol. 30, no. 11, 2016.
View at: Google Scholar
T. Maitra, M. S. Obaidat, S. H. Islam, D. Giri, and R. Amin, “Security analysis and design of an efficient ECC based two factor password authentication scheme,” Security and Communication Networks, vol. 9, no. 17, pp. 4166–4181, 2016.
View at: Publisher Site | Google Scholar
S. H. Islam, “Design and analysis of an improved smartcard-based remote user password authentication scheme,” International Journal of Communication Systems, vol. 29, no. 11, pp. 1708–1719, 2016.
View at: Publisher Site | Google Scholar
P. Chandrakar and H. Om, “A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC,” Computer Communications, vol. 110, pp. 26–34, 2017.
View at: Publisher Site | Google Scholar
O. Mir, J. Munilla, and S. Kumari, “Efficient anonymous authentication with key agreement scheme for wireless medical sensor networks,” Peer-to-Peer Networking and Applications, vol. 10, no. 1, pp. 79–91, 2017.
View at: Publisher Site | Google Scholar
D. He, S. Zeadally, N. Kumar, and W. Wu, “Efficient and anonymous mobile user authentication scheme using self-certified public key cryptography for multi-server architectures,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 9, pp. 2052–2064, 2016.
View at: Publisher Site | Google Scholar
S. Kumari, M. K. Khan, X. Li, and F. Wu, “Design of a user anonymous password authentication scheme without smart card,” International Journal of Communication Systems, vol. 29, no. 3, pp. 441–458, 2016.
View at: Publisher Site | Google Scholar
K.-H. Yeh, “A lightweight authentication scheme with user untraceability,” Frontiers of Information Technology and Electronic Engineering, vol. 16, no. 4, pp. 259–271, 2015.
View at: Publisher Site | Google Scholar
D. Kang, J. Jung, J. Mun, D. Lee, Y. Choi, and D. Won, “Efficient and robust user authentication scheme that achieve user anonymity with a Markov chain,” Security and Communication Networks, vol. 9, no. 11, pp. 1462–1476, 2016.
View at: Publisher Site | Google Scholar
B. Djellali, K. Belarbi, A. Chouarfia, and P. Lorenz, “User authentication scheme preserving anonymity for ubiquitous devices,” Security and Communication Networks, vol. 8, no. 17, pp. 3131–3141, 2015.
View at: Publisher Site | Google Scholar
Y. Lu, L. Li, H. Peng, and Y. Yang, “Robust anonymous two-factor authenticated key exchange scheme for mobile client-server environment,” Security and Communication Networks, vol. 9, no. 11, pp. 1331–1339, 2016.
View at: Publisher Site | Google Scholar
D. Mishra, A. K. Das, and S. Mukhopadhyay, “A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card,” Peer-to-Peer Networking and Applications, vol. 9, no. 1, pp. 171–192, 2016.
View at: Publisher Site | Google Scholar
W.-B. Hsieh and J.-S. Leu, “Anonymous authentication protocol based on elliptic curve Diffie-Hellman for wireless access networks,” Wireless Communications and Mobile Computing, vol. 14, no. 10, 2014.
View at: Publisher Site | Google Scholar
D. Wang and P. Wang, “Two birds with one stone: two-factor authentication with security beyond conventional bound,” IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 4, pp. 708–722, 2016.
View at: Google Scholar
S. Halevi and H. Krawczyk, “Public-key cryptography and password protocols,” ACM Transactions on Information and System Security, vol. 2, no. 3, pp. 230–268, 1998.
View at: Publisher Site | Google Scholar
H. Kilinc and T. Yanik, “A survey of SIP authentication and key agreement schemes,” IEEE Communications Surveys & Tutorials, vol. 16, no. 2, pp. 1005–1023, 2014.
View at: Publisher Site | Google Scholar
M. Burrows, M. Abadi, and M. Needham, “Logic of authentication,” ACM Transactions on Computer Systems, vol. 8, no. 1, pp. 18–36, 1990.
View at: Google Scholar

Copyright

Copyright © 2019 Feifei Wang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1889

Downloads

1193

Citations