An Effective and Robust Secure Remote User Authenticated Key Agreement Scheme Using Smart Cards in Wireless Communication Systems
详细信息 查看全文
- 作者:Vanga Odelu ; Ashok Kumar Das ; Adrijit Goswami
- 关键词:SK ; security ; Credential privacy ; Secure mutual authentication ; Key establishment ; BAN logic ; Security
- 刊名:Wireless Personal Communications
- 出版年:2015
- 出版时间:October 2015
- 年:2015
- 卷:84
- 期:4
- 页码:2571-2598
- 全文大小:1,290 KB
- 参考文献:1.Automated validation of internet security protocols and applications. http://?www.?avispa-project.?org/?package/?usermanual . Accessed on March 2013.
2.Automated validation of internet security protocols and applications, avispa web tool. http://?www.?avispa-project.?org/?web-interface/?expert.?php/-/span> . Accessed on October 2014.
3.Basin, D., Modersheim, S., & Vigano, L. (2005). OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 4(3), 181-08.CrossRef
4.Bellare, M., Canetti, R., & Krawczyk, H. (1998). A modular approach to the design and analysis of authentication and key exchange protocols. In Proceedings of the thirtieth annual ACM symposium on theory of computing (pp. 419-28). ACM.
5.Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18-6.CrossRef
6.Canetti, R., & Krawczyk, H. (2001). Analysis of key-exchange protocols and their use for building secure channels. Advances in Cryptology-EUROCRYPT 2001 (pp. 453-74). Heidelberg: Springer.CrossRef
7.Chatterjee, S., & Das, A. K. (2014). An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. Security and Communication Networks. doi:10.-002/?sec.-140 .
8.Chen, B. L., Kuo, W. C., & Wuu, L. C. (2014). Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems, 27(2), 377-89.CrossRef
9.Chen, T. H., Hsiang, H. C., & Shih, W. K. (2011). Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Generation Computer Systems, 27(4), 377-80.MATH CrossRef
10.Chien, H. Y., Jan, J. K., & Tseng, Y. M. (2002). An efficient and practical solution to remote authentication: Smart card. Computers and Security, 21(4), 372-75.CrossRef
11.Chuang, Y. H., & Tseng, Y. M. (2010). An efficient dynamic group key agreement protocol for imbalanced wireless networks. International Journal of Network Management, 20(4), 167-80.
12.Das, A. K. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 5(3), 145-51.CrossRef
13.Das, A. K., & Bruhadeshwar, B. (2013). An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. Journal of Medical Systems, 37(5), 1-7.CrossRef
14.Das, A. K., & Goswami, A. (2013). A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(3), 1-6.CrossRef
15.Das, A. K., Paul, N. R., & Tripathy, L. (2012). Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Information Sciences, 209(C), 80-2.MATH MathSciNet CrossRef
16.Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198-08.MATH MathSciNet CrossRef
17.Goldwasser, S., & Bellare, M. (2008). Lecture notes on cryptography. Summer course “Cryptography and Computer Security-at MIT (pp. 1-89). http://?cseweb.?ucsd.?edu/?mihir/?papers/?gb.?html . Accessed on September 2014.
18.Hsu, C. L. (2004). Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces, 26(3), 167-69.CrossRef
19.Huang, X., Chen, X., Li, J., Xiang, Y., & Xu, L. (2014). Further observations on smart-card-based password-authenticated key agreement in distributed systems. IEEE Transactions on Parallel and Distributed Systems, 25(7), 1767-775.CrossRef
20.Islam, S. K. (2014). Design and analysis of an improved smartcard-based remote user password authentication scheme. International Journal of Communication Systems. doi:10.-002/?dac.-793 .
21.Katz, J., & Lindell, Y. (2007). Introduction to modern cryptography: Principles and protocols. CRC Press. http://?www.?cs.?ucdavis.?edu/?rogaway/?classes/-27/?fall03/?book/?index.?html . Accessed on September 2014
22.Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. Advances in Cryptology-CRYPTO-9 (pp. 388-97). California: Springer.
23.Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770-72.MathSciNet CrossRef
24.Lee, N. Y., & Chiu, Y. C. (2005). Improved remote authentication scheme with smart card. Computer Standards and Interfaces, 27(2), 177-80.CrossRef
25.Lee, S. W., Kim, H. S., & Yoo, K. Y. (2005). Improvement of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces, 27(2), 181-83.CrossRef
26.Li, X., Niu, J., Khan, M. K., & Liao, J. (2013). An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 36(5 - 作者单位:Vanga Odelu (1)
Ashok Kumar Das (2)
Adrijit Goswami (1)
1. Department of Mathematics, Indian Institute of Technology, Kharagpur, 721 302, India
2. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India - 刊物类别:Engineering
- 刊物主题:Electronic and Computer Engineering
Signal,Image and Speech Processing
Processor Architectures - 出版者:Springer Netherlands
- ISSN:1572-834X
文摘
Authentication protocol in wireless communication systems is important to protect the sensitive information against a malicious adversary by means of providing a variety of services, such as user credentials-privacy, session key security (we call it as SK-security), mutual authentication, and user revocation facility when a user’s credentials are unexpectedly revealed. Thus, understanding the security failures of authentication schemes is a key for both patching to the existing schemes and designing the future schemes. Recently, Li et al. showed security drawbacks of Chen et al.’s scheme and proposed an improvement. Later, Islam identified various security flaws in Li et al.’s scheme and proposed further enhancement to remedy these flaws. However, in this paper, we show that Islam’s enhancement has still some security pitfalls. In addition, all these schemes suffer from the time-synchronization problem. We then present a more secure and robust remote user authenticated key agreement scheme in order to remedy the security flaws found in Islam’s scheme. Through the formal security analysis using the widely-accepted Burrows–Abadi–Needham logic (BAN logic), we show that our scheme provides secure mutual authentication. Furthermore, the formal and informal security analysis show that our scheme is secure against various known attacks including the offline password guessing attack when smart card of a user is lost/stolen, and our scheme also provides SK-security, user anonymity, and avoids the time-synchronization problem. We further simulate our scheme for the formal security verification using the widely-accepted and widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results clearly indicate that the proposed scheme is safe. Thus, our scheme provides high security along with more functionality features as compared to Li et al.’s scheme and Islam’s scheme. As a result, our scheme is very suitable for practical applications. Keywords SK-security Credential privacy Secure mutual authentication Key establishment BAN logic Security