Password based remote authentication scheme using ECC for smart card
12 Feb 2011-pp 549-554
TL;DR: This paper proposes a Password based authentication scheme using ECC for smart card environment, without maintaining the password table by the server, which provides high security at a reasonable computational cost and restricts most of the current attacking mechanisms.
Abstract: Remote user authentication is a continual problem, particularly with mobile and handheld devices such as Personal Digital Assistants (PDAs), Smartcard, Laptops. Providing user authentication for safe access of precious, private information, or personalized services, for every system is difficult User authentication is the primary line of defence for a handheld device that falls into the hands of an unauthorized individual. Password or Personal Identification Number (PIN) based authentication is the leading mechanism for verifying the identity of actual device users. Remote authentication is the best solution for remote accessing in smart card environment. In this paper we propose a Password based authentication scheme using ECC for smart card environment, without maintaining the password table by the server. It provides high security at a reasonable computational cost. Furthermore it restricts most of the current attacking mechanisms. It is simple and can be adopted in any kind of lightweight devices.
Citations
More filters
Journal Article•
TL;DR: A new remote user authentication scheme which is the modified form of the Shen-Lin-Hwang's scheme which can withstand attack that similar to Chan and Cheng's attack and Chang and Hwang' attack in registration phase and authentication phase is presented.
Abstract: In 1981,Lamport proposed the first well-known remote password authentication scheme using smart cards.A number of remote password authentication schemes with smart cards have been present since then.Recently Shen,Lin and Hwang pointed out a different type of attack on this scheme and presented a modified scheme to remove these defects.In this paper we present a new remote user authentication scheme which is the modified form of the Shen-Lin-Hwang's scheme.In this scheme the password is controlled by the user,and at any time can be changer.The scheme can withstand attack that similar to Chan and Cheng's attack and Chang and Hwang' attack in registration phase and authentication phase.
78 citations
TL;DR: This paper aims at providing a key agreement protocol for smart grid to cope with access control of appliances/ devices located inside a Home Area Network by a set of controllers outside the HAN with an Elliptic Curve Cryptography approach.
Abstract: This paper aims at providing a key agreement protocol for smart grid to cope with access control of appliances/devices located inside a Home Area Network (HAN) by a set of controllers outside the HAN. The commands/packets initiated by the controllers in crisis cases should be delivered fast and immune from any interruption. The HAN controller, which acts as a gateway, should not cause any delay by decrypting and re-encrypting the packets, nor should it has any chance to modify them. Considering the required level of security and quality of service, we design our protocol with an Elliptic Curve Cryptography (ECC) approach. We improve and implement the Password Authenticated Key Exchange (PAKE) protocol in two steps. First, we propose an auxiliary mechanism that is an ECC version of PAKE, and then extend it to a multilayer consensus model. We reduce the number of hash functions to one, and utilize a primitive password shared between an appliance and HAN controller to construct four valid individual consensus and authenticated symmetric keys between the appliance and upstream controllers by exchanging only 12 packets. Security analysis presents that our protocol is resilient to various attacks. Furthermore, performance analysis shows that the delay caused by the security process is reduced by more than one half.
70 citations
Cites methods from "Password based remote authenticatio..."
...Author of [22] provided a password based remote authentication scheme for SC based on ECDH....
[...]
01 Apr 2003
46 citations
TL;DR: A strong authentication with a key agreement scheme is proposed to establish the secure tunnel and the proposed framework also provides mutual authentication, session key renewal between the users and the cloud server.
Abstract: Private cloud is cloud infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally. It provides a flexible way to extend the working environment. Since the business process that working on them could be critical, it is important to provide a secure environment for organizations to execute those processes. While user mobility has become an important feature for many systems, technologies that provide users a lower cost and flexible way in joining a secure private cloud are in a strong demand. This paper exploits the key management mechanisms to have secured tunnels with private cloud for users who might move around dynamically without carrying the same machine. A strong authentication with a key agreement scheme is proposed to establish the secure tunnel. Furthermore, the proposed framework also provides mutual authentication, session key renewal between the users and the cloud server. Several related security properties of the proposed mechanism are also presented.
14 citations
References
More filters
22 Jan 2009
TL;DR: A novel efficient remote user authentication scheme using smart cards based on Elliptic Curve Discrete Logarithm Problem (ECDLP) that does not require verifier table and allows the user to choose their passwords and withstands message replying attack.
Abstract: In this paper, a novel efficient remote user authentication scheme using smart cards based on Elliptic Curve Discrete Logarithm Problem (ECDLP) has been proposed. A remote user authentication scheme is a two-party protocol whereby an authentication server confirms the identity of a remote individual logging on to the server over an untrusted, unsecured network. The password based authentication schemes are commonly used for authenticating remote users. Many passwords based schemes both with and without smart card have been proposed; each scheme has its merits and demerits. Our proposed scheme does not require verifier table and allows the user to choose their passwords. The proposed scheme also withstands message replying attack.
8 citations
22 Apr 2008
TL;DR: It is proved that, Yang, Wang, and Chang's claim that their improved timestamp-based password authentication scheme is intractable is incorrect and it is shown that even an attack based on Sun et al.'s attack could be launched against their scheme.
Abstract: In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password authentication scheme in an attempt to overcome the flaws of Yang-Shieh's legendary timestamp-based remote authentication scheme using smart cards. After analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that their scheme is still insecure and vulnerable to four types of forgery attacks. Hence, in this paper, we prove that, their claim that their scheme is intractable is incorrect. Also, we show that even an attack based on Sun et al.'s attack could be launched against their scheme which they claimed to resolve with their proposal.
5 citations
"Password based remote authenticatio..." refers background in this paper
...Pathan-Hong [32], established that some kind of attacks are possible on Yang-WangChang [25] scheme....
[...]
Posted Content•
TL;DR: Wang et al. as mentioned in this paper proposed an improved timestamp-based password authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s legendary timestampbased remote authentication scheme using smart cards, but their scheme is still insecure and vulnerable to four types of forgery attacks.
Abstract: In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s legendary timestamp-based remote authentication scheme using smart cards. After analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that their scheme is still insecure and vulnerable to four types of forgery attacks. Hence, in this paper, we prove that, their claim that their scheme is intractable is incorrect. Also, we show that even an attack based on Sun et al._s attack could be launched against their scheme which they claimed to resolve with their proposal.
5 citations