Password based remote authentication scheme using ECC for smart card
12 Feb 2011-pp 549-554
TL;DR: This paper proposes a Password based authentication scheme using ECC for smart card environment, without maintaining the password table by the server, which provides high security at a reasonable computational cost and restricts most of the current attacking mechanisms.
Abstract: Remote user authentication is a continual problem, particularly with mobile and handheld devices such as Personal Digital Assistants (PDAs), Smartcard, Laptops. Providing user authentication for safe access of precious, private information, or personalized services, for every system is difficult User authentication is the primary line of defence for a handheld device that falls into the hands of an unauthorized individual. Password or Personal Identification Number (PIN) based authentication is the leading mechanism for verifying the identity of actual device users. Remote authentication is the best solution for remote accessing in smart card environment. In this paper we propose a Password based authentication scheme using ECC for smart card environment, without maintaining the password table by the server. It provides high security at a reasonable computational cost. Furthermore it restricts most of the current attacking mechanisms. It is simple and can be adopted in any kind of lightweight devices.
Citations
More filters
Journal Article•
TL;DR: A new remote user authentication scheme which is the modified form of the Shen-Lin-Hwang's scheme which can withstand attack that similar to Chan and Cheng's attack and Chang and Hwang' attack in registration phase and authentication phase is presented.
Abstract: In 1981,Lamport proposed the first well-known remote password authentication scheme using smart cards.A number of remote password authentication schemes with smart cards have been present since then.Recently Shen,Lin and Hwang pointed out a different type of attack on this scheme and presented a modified scheme to remove these defects.In this paper we present a new remote user authentication scheme which is the modified form of the Shen-Lin-Hwang's scheme.In this scheme the password is controlled by the user,and at any time can be changer.The scheme can withstand attack that similar to Chan and Cheng's attack and Chang and Hwang' attack in registration phase and authentication phase.
78 citations
TL;DR: This paper aims at providing a key agreement protocol for smart grid to cope with access control of appliances/ devices located inside a Home Area Network by a set of controllers outside the HAN with an Elliptic Curve Cryptography approach.
Abstract: This paper aims at providing a key agreement protocol for smart grid to cope with access control of appliances/devices located inside a Home Area Network (HAN) by a set of controllers outside the HAN. The commands/packets initiated by the controllers in crisis cases should be delivered fast and immune from any interruption. The HAN controller, which acts as a gateway, should not cause any delay by decrypting and re-encrypting the packets, nor should it has any chance to modify them. Considering the required level of security and quality of service, we design our protocol with an Elliptic Curve Cryptography (ECC) approach. We improve and implement the Password Authenticated Key Exchange (PAKE) protocol in two steps. First, we propose an auxiliary mechanism that is an ECC version of PAKE, and then extend it to a multilayer consensus model. We reduce the number of hash functions to one, and utilize a primitive password shared between an appliance and HAN controller to construct four valid individual consensus and authenticated symmetric keys between the appliance and upstream controllers by exchanging only 12 packets. Security analysis presents that our protocol is resilient to various attacks. Furthermore, performance analysis shows that the delay caused by the security process is reduced by more than one half.
70 citations
Cites methods from "Password based remote authenticatio..."
...Author of [22] provided a password based remote authentication scheme for SC based on ECDH....
[...]
01 Apr 2003
46 citations
TL;DR: A strong authentication with a key agreement scheme is proposed to establish the secure tunnel and the proposed framework also provides mutual authentication, session key renewal between the users and the cloud server.
Abstract: Private cloud is cloud infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally. It provides a flexible way to extend the working environment. Since the business process that working on them could be critical, it is important to provide a secure environment for organizations to execute those processes. While user mobility has become an important feature for many systems, technologies that provide users a lower cost and flexible way in joining a secure private cloud are in a strong demand. This paper exploits the key management mechanisms to have secured tunnels with private cloud for users who might move around dynamically without carrying the same machine. A strong authentication with a key agreement scheme is proposed to establish the secure tunnel. Furthermore, the proposed framework also provides mutual authentication, session key renewal between the users and the cloud server. Several related security properties of the proposed mechanism are also presented.
14 citations
References
More filters
TL;DR: A cryptanalysis of a remote user authentication scheme proposed by Hwang and Li is presented and it is shown that Hwang-Li's scheme is breakable.
Abstract: We present a cryptanalysis of a remote user authentication scheme proposed by Hwang and Li (see ibid., vol.46, no.1, p.28-31, 2000). We show that Hwang-Li's scheme is breakable. A legitimate user can impersonate other legal users and pass the system authentication.
206 citations
TL;DR: This paper proposes a new remote login scheme using smart cards to satisfy the low-computation requirement for smart cards, but also it can withstand the replay and the offline dictionary attacks as well.
176 citations
"Password based remote authenticatio..." refers background or methods in this paper
...Fan Chan Zhang [24] proposed a robust remote authentication scheme with smart card....
[...]
...Fan Chan Zhang [24] proposed a robust remote authentication scheme with smart card....
[...]
...The major contribution of Fan Chan Zhang [24] scheme is a method for preventing the offline dictionary attack even if the secret information stored in a smart card is compromised....
[...]
...The major contribution of Fan Chan Zhang [24] scheme is a method for preventing the offline dictionary attack even if the secret information stored in a smart card is compromised....
[...]
TL;DR: An enhancement to Chien et al.'s scheme enables users to change their passwords freely and securely without the help of a remote server, while also providing secure mutual authentication.
Abstract: Recently, Ku-Chen proposed an improvement to Chien et al.'s scheme to prevent from some weaknesses. However, the improved scheme is not only still susceptible to parallel session attack, but also insecure for changing the user's password in password change phase. Accordingly, the current paper presents an enhancement to resolve such problems. As a result, the proposed scheme enables users to change their passwords freely and securely without the help of a remote server, while also providing secure mutual authentication.
175 citations
"Password based remote authenticatio..." refers background in this paper
...Yoon Ryu Yoo[22] citing Awasthi Lal [14] proposed a hash based authentication scheme based on the work of Chien et.al[11]....
[...]
...Yoon Ryu Yoo [21], presents an enhancement to resolve the problems in above-mentioned scheme....
[...]
...Yoon Ryu Yoo [21], presents an enhancement to resolve the problems in above-mentioned scheme....
[...]
...[30] show that Yoon et al scheme [21] is subject to forgery attacks if the information stored in the smart card is stolen....
[...]
TL;DR: This paper proposes a robust and efficient user authentication and key agreement scheme using smart cards that can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised.
Abstract: User authentication and key agreement is an important security primitive for creating a securely distributed information system. Additionally, user authentication and key agreement is very useful for providing identity privacy to users. In this paper, we propose a robust and efficient user authentication and key agreement scheme using smart cards. The main merits include the following: 1) the computation and communication cost is very low; 2) there is no need for any password or verification table in the server; 3) a user can freely choose and change his own password; 4) it is a nonce-based scheme that does not have a serious time-synchronization problem; 5) servers and users can authenticate each other; 6) the server can revoke a lost card and issue a new card for a user without changing his identity; 7) the privacy of users can be protected; 8) it generates a session key agreed upon by the user and the server; and 9) it can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised.
173 citations
Additional excerpts
...[35] 4 1 h S Encry T T 3 1 h S Encry T T 1 4 1 EC M h S Encry T T T ...
[...]
TL;DR: A survey through all currently available password-authentication-related schemes and gets them classified in terms of several crucial criteria to see how different password authentication schemes compare in different situations.
Abstract: Password authentication is one of the simplest and the most convenient authentication mechanisms to deal with secret data over insecure networks. It is more frequently required in areas such as computer networks, wireless networks, remote login systems, operation systems, and database management systems. In this paper, we shall present the result of our survey through all currently available password-authentication-related schemes and get them classified in terms of several crucial criteria. To be critical, most of the existing schemes are vulnerable to various attacks and fail to serve all the purposes an ideal password authentication scheme should. In order to see how different password authentication schemes compare in different situations, we define all possible attacks and goals that an ideal password authentication scheme should withstand and achieve. We should hope that the attacks and goals we offer here can also help future researchers develop better schemes.
168 citations
"Password based remote authenticatio..." refers background or methods in this paper
...Later, Shen [14] analyzed impersonation attack of Chan [9] on Hwang Li s [8] scheme, and suggested methods to repulse the attack....
[...]
...Tsai, Lee and Hwang [27] present the survey of all currently available password–authentication–related schemes and get them classified in terms of several crucial criteria....
[...]
...The proposed scheme removes the pitfalls in the already mentioned schemes [27]....
[...]
...[14] J. J. Shen, C. W. Lin and M. S. Hwang (2003), A modified Remote User Authentication Scheme using Smart Card, IEEE Transactions on Consumer Electronics, Vol. 49, No. 2, pp. 414-416, 2003....
[...]
...The major drawbacks of their scheme are the higher computation and communication costs, because of using Rabin’ s public-key cryptosystem [27]....
[...]