Top

Published in:

2023 | OriginalPaper | Chapter

Cryptanalysis on “ESEAP: ECC-Based Secure and Efficient Mutual Authentication Protocol Using Smart Card”

Authors : Mohammad Abdussami, Ruhul Amin, Satyanarayana Vollala

Published in: Proceedings of Third International Conference on Computing, Communications, and Cyber-Security

Publisher: Springer Nature Singapore

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Very recently, ESEAP mutual authentication protocol was designed to avoid the drawbacks of Wang et al. protocol and highlights that the protocol is protecting all kind of security threats using informal analysis. This work investigates the ESEAP protocol in security point of view and notices that the scheme is not fully protected against stolen verifier attack and does not provide user anonymity. Furthermore, the same protocol has user identity issues, i.e., the server cannot figure out the user identity during the authentication phase. Later we discuss the inconsistencies in the security analysis of ESEAP presented by RESEAP.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter SPECIAL SESSION ON RECENT ADVANCES IN COMPUTATIONAL INTELLIGENCE & TECHNOLOGYS (SS_10_RACIT)

next chapter Modeling, Simulation, and Comparative Analysis of Flyback Inverter Using Different Techniques of PWM Generation

Amin, R., & Biswas, G. P. (2015). A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. Journal of Medical Systems, 39(3), 33–49.CrossRef

Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.CrossRef

Shimizu, A. (1991). A dynamic password authentication method using a one-way function. Systems and Computers in Japan, 22(7), 32–40.CrossRef

Shieh, S. P., Yang, W. H., & Sun, H. M. (1997). An authentication protocol without trusted third party. IEEE Communications Letters,1(3), 87–89.

Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEE Proceedings E (Computers and Digital Techniques),138(3), 165–168.

Fan, C. I., Chan, Y. C., & Zhang, Z. K. (2005). Robust remote authentication scheme with smart cards. Computers & Security, 24(8), 619–628.CrossRef

Juang, W. S., Chen, S. T., & Liaw, H. T. (2008). Robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 55(6), 2551–2556.

Sun, D. Z., Huai, J. P., Sun, J. Z., Li, J. X., Zhang, J. W., & Feng, Z. Y. (2009). Improvements of Juang’s password-authenticated key agreement scheme using smart cards. IEEE Transactions on Industrial Electronics, 56(6), 2284–2291.CrossRef

Li, X., Qiu, W., Zheng, D., Chen, K., & Li, J. (2009). Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 57(2), 793–800.CrossRef

10.

Huang, X., Chen, X., Li, J., Xiang, Y., & Xu, L. (2013). Further observations on smart-card-based password-authenticated key agreement in distributed systems. IEEE Transactions on Parallel and Distributed Systems, 25(7), 1767–1775.

11.

Wang, D., & Wang, P. (2014). On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions. Computer Networks, 73, 41–57.CrossRef

12.

Fan, R., He, D. J., Pan, X. Z., et al. (2011). An efficient and dos-resistant user authentication scheme for two-tiered wireless sensor networks. Journal of Zhejiang University (SCIENCE C), 12(7), 550–560.

13.

Xue, K., Ma, C., Hong, P., & Ding, R. (2013). A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. Journal of Network and Computer Applications, 36(1), 316–323.CrossRef

14.

Chuang, M. C., Lee, J. F., & Chen, M. C. (2012). Spam: A secure password authentication mechanism for seamless handover in proxy mobile ipv6 networks. IEEE Systems Journal, 7(1), 102–113.CrossRef

15.

Wang, D., He, D., Wang, P., & Chu, C.-H. (2014). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing,12(4), 428–442.

16.

Li, C.-T. (2013). A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Information Security, 7(1), 3–10.CrossRef

17.

Tsai, J. L., Lo, N. W., & Wu, T. C. (2012). Novel anonymous authentication scheme using smart cards. IEEE Transactions on Industrial Informatics, 9(4), 2004–2013.CrossRef

18.

Li, X., Niu, J., Khan, M. K., & Liao, J. (2013). An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 36(5), 1365–1371.CrossRef

19.

Kumari, S., & Khan, M. K. (2014). Cryptanalysis and improvement of a robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems, 27(12), 3939–3955.CrossRef

20.

Odelu, V., Das, A. K., & Goswami, A. (2015). An effective and robust secure remote user authenticated key agreement scheme using smart cards in wireless communication systems. Wireless Personal Communications, 84(4), 2571–2598.CrossRef

21.

Bin Muhaya, F. T. (2015). Cryptanalysis and security enhancement of Zhu’s authentication scheme for telecare medicine information system. Security and Communication Networks, 8(2), 149–158.

22.

Wang, D., Gu, Q., Cheng, H., & Wang, P. (2016). The request for better measurement: A comparative evaluation of two-factor authentication schemes. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (pp. 475–486).

23.

Luo, H., Wen, G., & Su, J. (2018). Lightweight three factor scheme for realtime data access in wireless sensor networks. Wireless Networks, 1–16.

24.

Amin, R., Islam, S. H., Gope, P., Choo, K. K. R., & Tapas, N. (2018). Anonymity preserving and lightweight multimedical server authentication protocol for telecare medical information system. IEEE Journal of Biomedical and Health Informatics, 23(4), 1749–1759.CrossRef

25.

Wang, C., Wang, D., Xu, G., & Guo, Y. (2017). A lightweight password-based authentication protocol using smart card. International Journal of Communication Systems, 30(16).

26.

Ma, C. G., Wang, D., & Zhao, S. D. (2014). Security flaws in two improved remote user authentication schemes using smart cards. International Journal of Communication Systems, 27(10), 2215–2227.CrossRef

27.

Madhusudhan, R., & Mittal, R. C. (2012). Dynamic ID-based remote user password authentication schemes using smart cards: A review. Journal of Network and Computer Applications, 35(4), 1235–1248.CrossRef

28.

Wang, D., He, D., Wang, P., & Chu, C. H. (2014). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428–442.

29.

Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Annual International Cryptology Conference (pp. 388–397).

30.

Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smartcard security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetCrossRef

31.

Kumari, A., Jangirala, S., Abbasi, M.Y., Kumar, V., & Alam, M. (2020). Eseap: Ecc based secure and efficient mutual authentication protocol using smart card. Journal of Information Security and Applications, 51, 2214–2126.

32.

Safkhani, M., Bagheri, N., Kumari, S., Tavakoli, H., Kumar, S., & Chen, J. (2020). RESEAP: An ECC based authentication and key agreement scheme for IoT applications. IEEE Access.

33.

Amin, R., & Biswas, G. P. (2015). An improved RSA based user authentication and session key agreement protocol usable in TMIS. Journal of Medical Systems, 39(8), 79–92.

Title: Cryptanalysis on “ESEAP: ECC-Based Secure and Efficient Mutual Authentication Protocol Using Smart Card”
Authors: Mohammad Abdussami
Ruhul Amin
Satyanarayana Vollala
Publisher: Springer Nature Singapore
Book: Proceedings of Third International Conference on Computing, Communications, and Cyber-Security
Print ISBN: 978-981-19-1141-5

Electronic ISBN: 978-981-19-1142-2

Copyright Year: 2023
DOI: https://doi.org/10.1007/978-981-19-1142-2_48

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"