Skip to main content
SpringerLink
Log in

A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications

  • Research Article
  • Published:
Networking Science

Abstract

In 2012, Li and Lee (C. T. Li and C. C. Lee, “A novel user authentication and privacy preserving scheme with smart cards for wireless communications,” Mathematical and Computer Modelling, vol. 55, nos. 1–2, pp. 35–44, 2012) proposed a novel user authentication and privacy preserving scheme with smart cards for wireless communications. However, in this paper, we show that Li-Lee’s scheme is vulnerable to three security weaknesses: (1) Li-Lee’s scheme fails to achieve strong authentication in login and authentication phases, (2) Li-Lee’s scheme fails to update the user’s password correctly in the password change phase, and (3) Li-Lee’s scheme fails strongly to protect replay attacks. In order to remedy those security flaws in Li-Lee’s scheme, we propose a secure and effective user authentication and privacy preserving scheme with smart cards for wireless communications. We show that our scheme is secure against various known types of attacks, such as user anonymity, perfect forward security, strong replay attack, impersonation and off-line password guessing attacks and parallel session attack, which makes our scheme more secure and practical for mobile wireless networking. Moreover, our scheme works without password table, provides correct password change locally by the mobile user, non-repudiation, user friendliness, fairness in key agreement, and session keys establishment between the mobile user and the foreign agent, between the mobile user and the home agent, and between the foreign agent and the home agent. Further, through the simulation results using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool we show that our improved scheme is secure against passive and active attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. C. C. Chang, J. S. Lee, and Y. F. Chang, “Efficient authentication protocols of GSM,” Comput. Commun., vol. 28, no. 8, pp. 921–928, May 2005.

    Article  Google Scholar 

  2. C. C. Lee, M. S. Hwang, and I. E. Liao, “A new authentication protocol based on pointer forwarding for mobile communications,” Wireless Commun. Mobile Comput., vol. 8, no. 5, pp. 661–672, Jun. 2008.

    Article  Google Scholar 

  3. C. C. Lee, M. S. Hwang, and W. P. Yang, “Extension of authentication protocol for GSM”, IEE Proc. Commun., vol. 150, no. 2, pp. 91–95, Apr. 2003.

    Article  Google Scholar 

  4. D. He, M. Ma, Y. Zhang, C. Chen, and J. Bu, “A strong user authentication scheme with smart cards for wireless communications,” Comput. Commun., vol. 34, no. 3, pp. 367–374, Mar. 2011.

    Article  Google Scholar 

  5. J. Zhu and J. Ma, “A new authentication scheme with anonymity for wireless environments,” IEEE Trans. Consum. Electron., vol. 51, no. 1, pp. 230–234, Feb. 2004.

    MathSciNet  Google Scholar 

  6. C. C. Lee, M. S. Hwang, and I. E. Liao, “Security enhancement on a new authentication scheme with anonymity for wireless environments,” IEEE Trans. Ind. Electron., vol. 53, no. 5, pp. 1683–1686, Oct. 2006.

    Article  Google Scholar 

  7. C. C. Wu, W. B. Lee, and W. J. Tsaur, “A secure authentication scheme with anonymity for wireless communications,” IEEE Commun. Lett., vol. 12, no. 10, pp. 722–723, Oct. 2008

    Article  Google Scholar 

  8. C. C. Chang, C. Y. Lee, and Y. C. Chiu, “Enhanced authentication scheme with anonymity for roaming service in global mobility networks,” Comput. Commun. vol. 32, no. 4, pp. 611–618, Mar. 2009.

    Article  Google Scholar 

  9. C. T. Li and C. C. Lee, “A novel user authentication and privacy preserving au]scheme with smart cards for wireless communications,” Math. Comput. Model., vol. 55, nos. 1–2, pp. 35–44, Jan. 2012.

    Article  MathSciNet  MATH  Google Scholar 

  10. W. Stallings, Cryptography and Network Security: Principles and Practices, 3rd ed. Upper Saddle River, USA: Prentice Hall, 2002.

    Google Scholar 

  11. Secure Hash Standard, FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, April 1995.

  12. J. P. Aumasson, L. Henzen, W. Meier, and M. N. Plasencia, “Quark: A lightweight hash,” in Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES 2010), LNCS, vol. 6225, pp. 1–15.

  13. A. K. Das, “Analysis and improvement on an efficient biometric- based remote user authentication scheme using smart cards,” IET Inform. Security, vol. 5, no. 3, pp. 145–151, Sept. 2011.

    Article  Google Scholar 

  14. A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, Y. Seurin, and C. Vikkelsoe, “PRESENT: An ultra-lightweight block cipher,” in Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES 2007), LNCS, vol. 4727, pp. 450–466.

  15. C. D. Canniere, O. Dunkelman, and M. Knezevic, “KATAN and KTANTAN-A family of small and efficient hardware-oriented block ciphers,” in Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES 2009), LNCS, vol. 5747, pp. 272–288.

  16. L. R. Knudsen, G. Leander, A. Poschmann, and M. J. B. Robshaw, “PRINTcipher: A block cipher for IC-printing,” in Proc. Workshop on Cryptographic Hardware and Embedded Systems (CHES 2010), LNCS, vol. 6225, pp. 16–32.

  17. Advanced Encryption Standard, FIPS PUB 197, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Nov. 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. Accessed Nov. 2010.

  18. C. T. Li and M. S. Hwang, “An efficient biometric-based remote user authentication scheme using smart cards,” J. Netw. Comput. Applicat., vol. 33, no. 1, pp. 1–5, Jan. 2010.

    Article  Google Scholar 

  19. A. K. Das, P. Sharma, S. Chatterjee, and J. K. Sing, “A dynamic password-based user authentication scheme for hierarchical wireless sensor networks,” J. Netw. Comput. Applicat., 2012, doi: 10.1016/j.jnca.2012.03.011.

  20. P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Proc. Advances Cryptology, LNCS, vol. 1666, 1999, pp. 388–397.

    Google Scholar 

  21. A. K. Das, N. R. Paul, and L. Tripathy, “Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem,” Information Sciences, vol. 209, pp. 80–92, Nov. 2012.

    Article  MathSciNet  MATH  Google Scholar 

  22. M. Bellare and P. Rogaway. (2005, May) “Number-theoretic primitives,” in Introduction to Modern Cryptography, ch. 10: Available: http://www.cs.ucsd.edu/~mihir/cse207/classnotes.html. Accessed Feb. 2012.

Download references

Author information

Authors and Affiliations

  1. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Ashok Kumar Das

Authors
  1. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashok Kumar Das.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Das, A.K. A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Netw.Sci. 2, 12–27 (2013). https://doi.org/10.1007/s13119-012-0009-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13119-012-0009-8

Keywords

Search

Navigation