Top

Wireless Personal Communications

Published in:

01-12-2014

A Provably Secure ID-Based Mutual Authentication and Key Agreement Scheme for Mobile Multi-Server Environment Without ESL Attack

Author: SK Hafizul Islam

Published in: Wireless Personal Communications | Issue 3/2014

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In mobile multi-server authentication, a client can access different servers over an insecure channel like Internet and wireless networks for numerous online applications. In the literature, several multi-server authentication schemes for mobile clients have been devised. However, most of them are insecure against ephemeral secret leakage (ESL) attack and other vulnerabilities. For mutual authentication and key agreement, mobile client and server used ephemeral secrets (random numbers) and leakage of these secrets may be possible in practice. Since these are generated by an external source that may be controlled by an adversary. Also they are generally pre-computed and stored in insecure devices. Thus, if the secrets are leaked then the session key would turn out to be known and the private keys of client and server may be compromised from the eavesdropped messages. This phenomenon is called ESL attack. To defeat the weaknesses, in this paper, we design an ESL attack-free identity-based mutual authentication and key agreement scheme for mobile multi-server environment. The proposed scheme is analyzed and proven to be provably secure in the random oracle model under the Computational Diffie–Hellman assumption.

previous article Typed VoIP Silence Prediction for Smartphone Energy Savings

next article A Novel 2.5–3.1 GHz Wide-Band Low-Noise Amplifier in 0.18 CMOS

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

He, D. (2012). Cryptanalysis of an authenticated key agreement protocol for wireless mobile communications. ETRI Journal, 34(3), 482–484.CrossRef

He, D. (2012). An efficient remote user authentication and key exchange protocol for mobile client-server environment from pairings. Ad Hoc Networks, 10(6), 1009–1016.CrossRef

He, D., Chen, J., & Hu, J. (2012). An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Information Fusion, 13(3), 223–230.CrossRef

He, D., Chen, J., & Zhang, R. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989–1995.CrossRef

He, D., Chen, J., & Hu, J. (2011). Further improvement of Juang et al. ’s password-authenticated key agreement scheme using smart cards. Kuwait Journal of Science & Engineering, 38(2A), 55–68.MathSciNet

He, D., Chen, J., & Hu, J. (2012). Improvement on a smart card based password authentication scheme. Journal of Internet Technology, 13(3), 405–410.

He, D., Chen, J., & Chen, Y. (2012). A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks. doi:10.1002/sec.506.

He, D., Chen, Y., & Chen, J. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics, 69(3), 1149–1157.CrossRefMATHMathSciNet

Tsai, J. L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3–4), 115–121.CrossRef

10.

Geng, J., & Zhang, L. (2008). A dynamic ID-based user authentication and key agreement scheme for multi-server environment using bilinear pairings. In Proceedings of the power electronics and intelligent transportation system, pp. 33–37.

11.

Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.CrossRef

12.

Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123.CrossRef

13.

Lee, C.-C., Lin, T.-H., & Chang, R.-X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38, 13863–13870.

14.

Lee, S. G. (2009). Cryptanalysis of multiple-server password-authenticated key agreement scheme using smart cards. Cryptology ePrint Archive 2009; Report 2009/490.

15.

Chuang, Y. H., & Tseng, Y. M. (2009). Security weaknesses of two dynamic ID-based user authentication and key agreement schemes for multi-server environment. In Proceedings of the national computer symposium (NCS2009), vol. 5, pp. 250–257.

16.

Sood, S. K., Sarje, A., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34, 609–618.CrossRef

17.

Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and secure dynamic identity based authentication protocol for multi-server architecture using smartcards. Journal of Network and Computer Applications, 35, 763–769.CrossRef

18.

Han, W. (2012). Weaknesses of a dynamic identity based authentication protocol for multi-server architecture. arXiv preprint archive 2012. http://arxiv.org/ftp/arxiv/papers/1201/1201.0883.pdf.

19.

Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58, 85–95.CrossRef

20.

Zhaoa, D., Peng, H., Li, S., & Yang, Y. (2013). An efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment. arXiv preprint archive 2013. http://arxiv.org/pdf/1305.6350.pdf.

21.

Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68, 361–378.CrossRef

22.

He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70, 323–329.CrossRef

23.

Chuang, Y.-H., & Tseng, Y.-M. (2013). Towards generalized ID-based user authentication for mobile multi-server environment. Intrnational Journal of Communication Systems, 25, 447–406.CrossRef

24.

Han, W., & Zhu, Z. (2013). An ID-based mutual authentication with key agreement protocol for multi-server environment on elliptic curve cryptosystem. Intrnational Journal of Communication Systems. doi:10.1002/dac.2405.

25.

Cao, X., & Zhong, S. (2006). Breaking a remote user authentication scheme for multi-server architecture. IEEE Communications Letters, 10(8), 580–581.CrossRef

26.

Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Proceedings of the advances in cryptology (CRYPTO’84), LNCS 196, Springer, Berlin, pp. 47–53.

27.

Boneh, D., & Franklin, M. (2003). Identity-based encryption from the Weil pairing. SIAM Journal on Computing, 32, 586–615.CrossRefMATHMathSciNet

28.

Tseng, Y.-M., Tsai, T.-T., & Huang, S.-S. (2013). Leakage-free ID-based signature. The Computer Journal. doi:10.1093/comjnl/bxt116.

29.

Canetti, R., & Krawczyk, H. (2001). Analysis of key exchange protocols and their use for building secure channels. In Proceedings of advances in cryptology (Eurocrypt’01), LNCS, pp. 453–474.

30.

Cheng, Z., Nistazakis, M., Comley, R., & Vasiu, L. (2005). On the indistinguishability-based security model of key agreement protocols-simple cases, Cryptology ePrint Archieve, Report 2005/129.

31.

Mandt, T., & Tan, C. (2008). Certificateless authenticated two-party key agreement protocols. In Proceedings of the ASIAN’08, LNCS 4435, pp. 37–44.

32.

Islam, S. H., & Biswas, G. P. (2011). Comments on ID-based client authentication with key agreement protocol on ECC for mobile client-server environment. In Proceedings of the international conference on advanced in computing and communications (ACC 2011), CCIS 191, Springer, Berlin, pp. 628–635.

33.

Islam, S. H., & Bisws, G. P. (2011). A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software, 84, 1892–1898.CrossRef

34.

LaMacchia, B., Lauter, K., & Mityagin, A. (2007). Stronger security of authenticated key exchange. In Proceeding of the ProvSec’07, pp. 1–16.

35.

Swanson, C. M. (2008). Security in key agreement: Two-party certificateless schemes. Master’s thesis, University of Waterloo, Canada.

36.

Islam, S. H., & Biswas, G. P. (2013). Design of improved password authentication and update scheme based on elliptic curve cryptography. Mathematical and Computer Modelling, 57, 2703–2717.CrossRefMATHMathSciNet

37.

Islam, S. H., & Biswas, G. P. (2012). A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks. Annals of Telecommunications, 67(11–12), 547–558.CrossRef

38.

Hou, M., Xu, Q., Shanqing, G., & Jiang, H. (2010). Cryptanalysis of identity-based authenticated key agreement protocols from parings. Journal of Networks, 5(7), 826–855.CrossRef

39.

Ballare, M., & Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on computer and communications security (CCS’93), pp. 62–73.

40.

Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72, 729–745.CrossRef

41.

Tsai, J.-L., Lo, N.-W., & Wu, T.-C. (2013). A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless Personal Communications, 71, 1977–1988.CrossRef

42.

Miller, V. S. (1985). Use of elliptic curves in cryptography. In Proceeding of the advances in cryptology (Crypto’85), pp. 417–426.

43.

Koblitz, N. (1987). Elliptic curve cryptosystem. Journal of Mathematics of Computation, 48(177), 203–209.CrossRefMATHMathSciNet

44.

Pointcheval, D., & Stern, J. (2000). Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13, 361–396.CrossRefMATH

Title: A Provably Secure ID-Based Mutual Authentication and Key Agreement Scheme for Mobile Multi-Server Environment Without ESL Attack
Author: SK Hafizul Islam
Publication date: 01-12-2014
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 3/2014
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-014-1968-8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2014

Resource allocation based on dynamic hybrid overlay/underlay for heterogeneous services of cognitive radio networks

Mobility Models and their Affect on Data Aggregation and Dissemination in Vehicular Networks

Compressed Channel Sensing using Designated Null Subcarriers in Full Duplex Wireless OFDM Systems

Analysis of Radio Resource Allocation in LTE Uplink

A Learning Automata-Based Solution to the Priority-Based Target Coverage Problem in Directional Sensor Networks

An Integration of Source and Jammer for a Decode-and-Forward Two-way Scheme Under Physical Layer Security