Password based remote authentication scheme using ECC for smart card
12 Feb 2011-pp 549-554
TL;DR: This paper proposes a Password based authentication scheme using ECC for smart card environment, without maintaining the password table by the server, which provides high security at a reasonable computational cost and restricts most of the current attacking mechanisms.
Abstract: Remote user authentication is a continual problem, particularly with mobile and handheld devices such as Personal Digital Assistants (PDAs), Smartcard, Laptops. Providing user authentication for safe access of precious, private information, or personalized services, for every system is difficult User authentication is the primary line of defence for a handheld device that falls into the hands of an unauthorized individual. Password or Personal Identification Number (PIN) based authentication is the leading mechanism for verifying the identity of actual device users. Remote authentication is the best solution for remote accessing in smart card environment. In this paper we propose a Password based authentication scheme using ECC for smart card environment, without maintaining the password table by the server. It provides high security at a reasonable computational cost. Furthermore it restricts most of the current attacking mechanisms. It is simple and can be adopted in any kind of lightweight devices.
Citations
More filters
01 Feb 2018
TL;DR: The purpose of this paper is to provide an extensive review on biometric factors for smart home environments that are intended for security, comfort, healthcare, and energy saving.
Abstract: The Internet of Things (IoT) have become significantly important in authentication mechanisms in which traditional authentication have shift to the biometric factors whereby biometric is said to offer more security and convenience to the users.The purpose of this paper is to provide an extensive review on biometric factors for smart home environments that are intended for security, comfort, healthcare, and energy saving.This paper also discusses the security authentication mechanisms, which are knowledge factor (password, PIN), ownership factor (ID card, passport), and inherent factor (fingerprint, iris, facial), known as biometric factors.Biometric factors can be used as authentications for smart home environments, which are more robust and reliable in terms of accuracy, convenience, and speed.
12 citations
01 Nov 2012
TL;DR: The proposed mechanism integrates URI fragment identifier with secure email token and identity-based remote mutual authentication scheme on ECC and supports flawless two-factor and mutual authentication of participants and agreement of session key.
Abstract: This paper presents a two-factor authentication with key agreement scheme for web-based collaborative systems. The proposed mechanism integrates URI fragment identifier with secure email token and identity-based remote mutual authentication scheme on ECC. It supports flawless two-factor and mutual authentication of participants and agreement of session key. The proposed mechanism does not require modifying the software of clients; thus, it is highly flexibly. We believe the proposed mechanism is usable for web-based applications.
7 citations
Cites background from "Password based remote authenticatio..."
...In [16], [5], secure access control approaches were proposed to manage the web accesses....
[...]
23 Oct 2012
TL;DR: A strong authentication with a key agreement scheme is proposed to establish the secure tunnel for users who might move around dynamically without carrying the same machine in a private cloud.
Abstract: A private cloud provides organizations a secure environment to run business process. It provides a flexible way to extend the working environment. While user mobility has become an important feature for many systems, technologies that provide users a lower cost and flexible way in joining a secure private cloud are in a strong demand. This paper exploits the extension of IPSec to have secured tunnels with private cloud for users who might move around dynamically without carrying the same machine. A strong authentication with a key agreement scheme is proposed to establish the secure tunnel. Besides, several related security properties of the proposed mechanism are presented.
1 citations
Cites background from "Password based remote authenticatio..."
..., password authentication [4, 15], ID-based authentication [9, 21], were...
[...]
01 Jan 2013
TL;DR: This paper surveys on different protocols implemented based on two password authentication and a brief review is given based on different techniques.
Abstract: Security in computers is information protection from unauthorized or accidental disclosure while the information is in transmission and while information is in storage. Authentication protocols provide two entities to ensure that the counterparty is the intended one whom he attempts to com- municate with over an insecure network. These protocols can be considered from three dimensions: type, efficiency and security. Password Authenticat- ed Key Exchange (PAKE) protocols facilitate two entities to consent on an ordinary session key based on a pre-shared human memorable password. The most important security goal of these protocols is providing security against password guessing attacks. Recently, In 2010 R. Song (1) proposed advanced smart card based password authentication protocol with such non-tamper resistant smart card based on symmetric key cryptosystem as well as modular exponentiation. R. Song et al method is defenseless to the offline password attack, forward secrecy, insider attack and denial of service at- tack are cryptanalysis by W B Horng (2). Here in this paper we will survey on different protocols implemented based on two password authentication and a brief review is given based on different techniques.
Cites background from "Password based remote authenticatio..."
...It is necessary to replace or alter the long term secret key [9]....
[...]
01 Jan 2013
TL;DR: A new efficient PAKE protocol with the concept of one time private key (OTPK) concept, which achieves fully two factor authentications and provide forward security of session keys.
Abstract: In earlier, two smart card based password authentication key exchange protocols were proposed by lee et al. and Hwang et al. respectively. But neither of them achieves two factor authentication fully since they would become complete insecure once one factor is broken. To overcome these two factor authentication problem in password authentication key exchange protocol (PAKE) proposed a new efficient PAKE protocol with the concept of one time private key (OTPK) concept, which achieves fully two factor authentications and provide forward security of session keys. And to generate more strong session keys using true random number generation method for key generation.
References
More filters
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
7,514 citations
TL;DR: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system.
Abstract: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system. The method assumes a secure one-way encryption function and can be implemented with a microcomputer in the user's terminal.
2,874 citations
"Password based remote authenticatio..." refers background or methods in this paper
...The Lamport [1] scheme is not secure, due to some vulnerability....
[...]
...REFERENCES [1] L. Lamport (1981), Password authentication with insecure communication, Communication of the ACM, Vol. 24, No. 11, pp. 770-772, 1981....
[...]
...RELATED WORK In 1981, Lamport [1] proposed a remote password authentication scheme using a password table to achieve user authentication....
[...]
...RELATED WORK In 1981, Lamport [1] proposed a remote password authentication scheme using a password table to achieve user authentication....
[...]
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
2,351 citations
TL;DR: This work proposes a new remote user authentication scheme using smart cards based on the ElGamal's (1985) public key cryptosystem that can withstand message replaying attack.
Abstract: We propose a new remote user authentication scheme using smart cards. The scheme is based on the ElGamal's (1985) public key cryptosystem. Our scheme does not require a system to maintain a password table for verifying the legitimacy of the login users. In addition, our scheme can withstand message replaying attack.
863 citations
"Password based remote authenticatio..." refers methods in this paper
...Later, Shen [14] analyzed impersonation attack of Chan [9] on Hwang Li’s [8] scheme, and suggested methods to repulse the attack....
[...]
...A remote user authentication scheme using smart card was proposed by Hwang–Li [8]....
[...]
TL;DR: This work provides mutual authentication between the user and the server and achieves more functionality and requires much less computational cost than other smart card-based schemes.
474 citations
"Password based remote authenticatio..." refers background in this paper
...Different types of password authentication schemes have been proposed in [4], [5], [6], [7], [9], [13], [11], [12], [10] and [20]....
[...]
...[11] scheme to prevent the above-mentioned weaknesses....
[...]
...[11] scheme is vulnerable and can be compromised....
[...]