scispace - formally typeset

Proceedings ArticleDOI

Password based remote authentication scheme using ECC for smart card

12 Feb 2011-pp 549-554

TL;DR: This paper proposes a Password based authentication scheme using ECC for smart card environment, without maintaining the password table by the server, which provides high security at a reasonable computational cost and restricts most of the current attacking mechanisms.
Abstract: Remote user authentication is a continual problem, particularly with mobile and handheld devices such as Personal Digital Assistants (PDAs), Smartcard, Laptops. Providing user authentication for safe access of precious, private information, or personalized services, for every system is difficult User authentication is the primary line of defence for a handheld device that falls into the hands of an unauthorized individual. Password or Personal Identification Number (PIN) based authentication is the leading mechanism for verifying the identity of actual device users. Remote authentication is the best solution for remote accessing in smart card environment. In this paper we propose a Password based authentication scheme using ECC for smart card environment, without maintaining the password table by the server. It provides high security at a reasonable computational cost. Furthermore it restricts most of the current attacking mechanisms. It is simple and can be adopted in any kind of lightweight devices.
Topics: Multi-factor authentication (69%), S/KEY (69%), One-time password (67%), Password policy (67%), Password (66%)
Citations
More filters

Journal Article
TL;DR: A new remote user authentication scheme which is the modified form of the Shen-Lin-Hwang's scheme which can withstand attack that similar to Chan and Cheng's attack and Chang and Hwang' attack in registration phase and authentication phase is presented.
Abstract: In 1981,Lamport proposed the first well-known remote password authentication scheme using smart cards.A number of remote password authentication schemes with smart cards have been present since then.Recently Shen,Lin and Hwang pointed out a different type of attack on this scheme and presented a modified scheme to remove these defects.In this paper we present a new remote user authentication scheme which is the modified form of the Shen-Lin-Hwang's scheme.In this scheme the password is controlled by the user,and at any time can be changer.The scheme can withstand attack that similar to Chan and Cheng's attack and Chang and Hwang' attack in registration phase and authentication phase.

78 citations



Journal ArticleDOI
Hasen Nicanfar1, Victor C. M. Leung1Institutions (1)
TL;DR: This paper aims at providing a key agreement protocol for smart grid to cope with access control of appliances/ devices located inside a Home Area Network by a set of controllers outside the HAN with an Elliptic Curve Cryptography approach.
Abstract: This paper aims at providing a key agreement protocol for smart grid to cope with access control of appliances/devices located inside a Home Area Network (HAN) by a set of controllers outside the HAN. The commands/packets initiated by the controllers in crisis cases should be delivered fast and immune from any interruption. The HAN controller, which acts as a gateway, should not cause any delay by decrypting and re-encrypting the packets, nor should it has any chance to modify them. Considering the required level of security and quality of service, we design our protocol with an Elliptic Curve Cryptography (ECC) approach. We improve and implement the Password Authenticated Key Exchange (PAKE) protocol in two steps. First, we propose an auxiliary mechanism that is an ECC version of PAKE, and then extend it to a multilayer consensus model. We reduce the number of hash functions to one, and utilize a primitive password shared between an appliance and HAN controller to construct four valid individual consensus and authenticated symmetric keys between the appliance and upstream controllers by exchanging only 12 packets. Security analysis presents that our protocol is resilient to various attacks. Furthermore, performance analysis shows that the delay caused by the security process is reduced by more than one half.

61 citations


Cites methods from "Password based remote authenticatio..."

  • ...Author of [22] provided a password based remote authentication scheme for SC based on ECDH....

    [...]



Journal ArticleDOI
Yung-Feng Lu1, Chin-Fu Kuo2Institutions (2)
TL;DR: A strong authentication with a key agreement scheme is proposed to establish the secure tunnel and the proposed framework also provides mutual authentication, session key renewal between the users and the cloud server.
Abstract: Private cloud is cloud infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally. It provides a flexible way to extend the working environment. Since the business process that working on them could be critical, it is important to provide a secure environment for organizations to execute those processes. While user mobility has become an important feature for many systems, technologies that provide users a lower cost and flexible way in joining a secure private cloud are in a strong demand. This paper exploits the key management mechanisms to have secured tunnels with private cloud for users who might move around dynamically without carrying the same machine. A strong authentication with a key agreement scheme is proposed to establish the secure tunnel. Furthermore, the proposed framework also provides mutual authentication, session key renewal between the users and the cloud server. Several related security properties of the proposed mechanism are also presented.

14 citations


References
More filters

Journal ArticleDOI
Taher Elgamal1Institutions (1)
23 Aug 1985-
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.

6,871 citations


Journal ArticleDOI
Leslie Lamport1Institutions (1)
TL;DR: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system.
Abstract: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system. The method assumes a secure one-way encryption function and can be implemented with a microcomputer in the user's terminal.

2,740 citations


"Password based remote authenticatio..." refers background or methods in this paper

  • ...The Lamport [1] scheme is not secure, due to some vulnerability....

    [...]

  • ...REFERENCES [1] L. Lamport (1981), Password authentication with insecure communication, Communication of the ACM, Vol. 24, No. 11, pp. 770-772, 1981....

    [...]

  • ...RELATED WORK In 1981, Lamport [1] proposed a remote password authentication scheme using a password table to achieve user authentication....

    [...]

  • ...RELATED WORK In 1981, Lamport [1] proposed a remote password authentication scheme using a password table to achieve user authentication....

    [...]


Book ChapterDOI
Taher Elgamal1Institutions (1)
19 Aug 1984-
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.

2,298 citations


Journal ArticleDOI
Min-Shiang Hwang1, Li-Hua Li1Institutions (1)
TL;DR: This work proposes a new remote user authentication scheme using smart cards based on the ElGamal's (1985) public key cryptosystem that can withstand message replaying attack.
Abstract: We propose a new remote user authentication scheme using smart cards. The scheme is based on the ElGamal's (1985) public key cryptosystem. Our scheme does not require a system to maintain a password table for verifying the legitimacy of the login users. In addition, our scheme can withstand message replaying attack.

843 citations


"Password based remote authenticatio..." refers methods in this paper

  • ...Later, Shen [14] analyzed impersonation attack of Chan [9] on Hwang Li’s [8] scheme, and suggested methods to repulse the attack....

    [...]

  • ...A remote user authentication scheme using smart card was proposed by Hwang–Li [8]....

    [...]


Journal ArticleDOI
Hung-Yu Chien1, Jinn-Ke Jan1, Yuh-Min Tseng2Institutions (2)
TL;DR: This work provides mutual authentication between the user and the server and achieves more functionality and requires much less computational cost than other smart card-based schemes.
Abstract: The smart card-based scheme is a very promising and practical solution to remote authentication. Compared with other smart card-based schemes, our solution achieves more functionality and requires much less computational cost. These important merits include: (1) there is no verification table; (2) users can freely choose their passwords; (3) the communication cost and the computational cost is very low; and (4) it provides mutual authentication between the user and the server.

462 citations


"Password based remote authenticatio..." refers background in this paper

  • ...Different types of password authentication schemes have been proposed in [4], [5], [6], [7], [9], [13], [11], [12], [10] and [20]....

    [...]

  • ...[11] scheme to prevent the above-mentioned weaknesses....

    [...]

  • ...[11] scheme is vulnerable and can be compromised....

    [...]


Performance
Metrics
No. of citations received by the Paper in previous years
YearCitations
20201
20181
20151
20141
20134
20122