Elsevier

Computer Networks

Volume 54, Issue 9, 17 June 2010, Pages 1520-1530
Computer Networks

An efficient user authentication and key exchange protocol for mobile client–server environment

https://doi.org/10.1016/j.comnet.2009.12.008Get rights and content

Abstract

Considering the low-power computing capability of mobile devices, the security scheme design is a nontrivial challenge. The identity (ID)-based public-key system with bilinear pairings defined on elliptic curves offers a flexible approach to achieve simplifying the certificate management. In the past, many user authentication schemes with bilinear pairings have been proposed. In 2009, Goriparthi et al. also proposed a new user authentication scheme for mobile client–server environment. However, these schemes do not provide mutual authentication and key exchange between the client and the server that are necessary for mobile wireless networks. In this paper, we present a new user authentication and key exchange protocol using bilinear pairings for mobile client–server environment. As compared with the recently proposed pairing-based user authentication schemes, our protocol provides both mutual authentication and key exchange. Performance analysis is made to show that our presented protocol is well suited for mobile client–server environment. Security analysis is given to demonstrate that our proposed protocol is provably secure against previous attacks.

Introduction

Nowadays, handheld devices (i.e., cellular phones and PDAs) are popularly and widely used by people and many mobile applications, such as wireless internet services, mobile access services and mobile e-commerce. Considering the low-power computing capability of mobile devices, the security scheme design based on traditional public-key systems [1], [2], [3] is a nontrivial challenge, because most cryptographic algorithms require many expensive computations. If the traditional public-key based cryptographic schemes are designed for mobile users with handheld devices, the computational cost on the user side is a critical issue in practical implementation because of their low-power computing capability [4], [5], [6], [7], [8], [9].

In 1984, Shamir [10] proposed an identity (ID)-based public-key cryptosystem. As compared with the traditional certificate-based public-key systems, the ID-based public-key system may simplify the certificate management. However, the system has a disadvantage that the user’s private key must be generated by the Key Generator Center (KGC). Because the security of Shamir’s system is based on the integer factorization problem, Shamir’s system is not easy to be realized in practice. Fortunately, Boneh and Franklin [11] proposed a practical ID-based encryption scheme from the Weil pairing defined on elliptic curves in 2001. The security of their scheme is based on the discrete logarithm problem. In this case, the user’s private key can be generated by several sub-centers using a threshold scheme. Afterwards, the ID-based cryptographic schemes based on bilinear pairings have received much attention from cryptographic researchers. There are many ID-based cryptographic schemes based on bilinear pairings have been proposed such as authenticated key agreement protocols [12], [13], [14], [15], [16], [17], [18] and signature schemes [19], [20], [21], [22], [23], [24].

Recently, many pairing-based remote user authentication schemes with smart cards were proposed in [25], [26], [27], [28], [29]. In which, two schemes [25], [26] have security flaws and the proposed scheme in [27] required more computation. The point is that these schemes [25], [26], [27], [28], [29] do not provide mutual authentication and key exchange between the client and the server. In wireless client–server networks, mobile devices adopt wireless mediums to communicate with the server. If a user authentication scheme does not provide mutual authentication and key exchange properties, an intruder is easy to intercept communications over the wireless networks. Thus, mutual authentication and key exchange properties are necessary for a user authentication scheme in mobile environment. This inspires us to propose a secure user authentication and key exchange protocol for mobile client–server environment.

In this paper, we propose a new user authentication and key exchange protocol with bilinear pairings. The client side is a low-power computing device and the server is regarded as a powerful one. We shift the computational burden to the powerful server and reduce the computational cost required by the client side. Based on the computational Diffie–Hellman (CDH) assumption [11] and in the random oracle model [30], we show that the proposed protocol is secure against impersonation attack and ID attack, as well as offers key agreement, mutual authentication, implicit key confirmation and partial forward secrecy. Performance analysis and experimental data are given to demonstrate that our protocol is well suited for mobile client–server environment with low-power computing devices.

The remainder of this paper is organized as follows. In Section 2, we present the related works. The preliminaries of bilinear pairings and related mathematical assumptions are given in Section 3. In Section 4, we propose our user authentication and key exchange protocol. Security analysis of our proposed protocol is presented in Section 5. In Section 6, we demonstrate performance analysis. Conclusions are given in Section 7.

Section snippets

Related works

Here, we discuss these recently proposed pairing-based remote user authentication schemes with smart cards [25], [26], [27], [28], [29].

In 2006, Das et al. [25] proposed a pairing-based remote user authentication scheme with smart cards. However, their scheme suffered from a forgery attack [31]. An adversary can intercept a valid login request message σ under a timestamp T, which is sent to the remote server. Then the adversary can use the valid message σ to compute another forgery message σ

Preliminaries

Bilinear pairings as Weil, Tate and Ate pairings defined on elliptic curves have been used to establish efficient ID-based cryptosystems [11], [32], [33], [34]. In this section, we introduce the concept of bilinear pairings and the related mathematical assumptions.

Proposed protocol

In this section, we present an ID-based user authentication and key exchange protocol using bilinear pairings. At first, we present the system environment and setup for our proposed protocol.

Security analysis

In this section, let us discuss the security analysis of the proposed protocol in the random oracle model [30]. The random oracle model is usually adopted to demonstrate the security of the key establishment protocol or the signature scheme. The random oracle model assumes that the hash function is actually a true random function and it produces a random value for each new query.

Performance analysis

For convenience to evaluate the computational cost, we define some notations as follows.

  • TGe: The time of executing a bilinear map operation e:G1×G1G2.

  • TGmul: The time of executing a scalar multiplication operation of point.

  • TGH: The time of executing a map-to-point hash function H2().

  • TGadd: The time of executing an addition operation of points.

  • Texp: The time of executing a modular exponentiation operation.

  • TH: The time of executing a one-way hash function H1().

As we all know, the time of

Conclusions

In this paper, we have proposed a new user authentication and key exchange protocol using bilinear pairings. Under the computational Diffie–Hellman (CDH) assumption and in the random oracle model, we have shown that the proposed protocol is secure against impersonation attack, knowing session key attack and ID attack, as well as offers key agreement, mutual authentication, implicit key confirmation and partial forward secrecy. We shift the computational burden to the powerful server and reduce

Acknowledgements

We would like to thank the anonymous referees for their valuable comments and constructive suggestions. This research is partially supported by National Science Council, Taiwan, ROC, under Contract No. NSC97-2221-E-018-010-MY3.

Tsu-Yang Wu received the B.S. and the M.S. degrees in Department of Applied Mathematics, Tatung University, Taiwan, in 2003 and 2005, respectively. He is currently a Ph.D. candidate in Department of Mathematics, National Changhua University of Education, Taiwan. His research interests include applied cryptography, pairing-based cryptography and network security.

References (44)

  • D.S. Wong, A.H. Chan, Efficient and mutually authenticated key exchange for low power computing devices, in:...
  • A. Shamir, Identity-based cryptosystems and signature schemes, in: Proceedings of the Advances in Cryptology –...
  • D. Boneh, M. Franklin, Identity-based encryption from the Weil pairing, SIAM J. Comput. (2003) 32(3) 586–615....
  • N.P. Smart

    An identity based authenticated key agreement protocol based on the Weil pairing

    Electron. Lett.

    (2002)
  • K. Shim

    Efficient ID-based authenticated key agreement protocol based on the Weil pairing

    Electron. Lett.

    (2003)
  • L. Chen, C. Kudla, Identity based authenticated key agreement from pairings, in: Proceedings of the 16th IEEE Computer...
  • Y.J. Choie et al.

    Efficient identity-based authenticated key agreement protocol from pairings

    Appl. Math. Comput.

    (2005)
  • K.Y. Choi, J.Y. Hwang, D.H. Lee, I.S. Seo, ID-based authenticated key agreement for low-power mobile devices, in:...
  • L. Chen et al.

    Identity-based key agreement protocols from pairings

    Int. J. Inform. Security

    (2007)
  • S. Wang et al.

    Efficient identity-based authenticated key agreement protocol with PKG forward secrecy

    Int. J. Network Security

    (2008)
  • K. Paterson

    ID-based signatures from pairings on elliptic curves

    Electron. Lett.

    (2002)
  • J.C. Cha, J.H. Cheon, An identity-based signature from gap Diffie–Hellman groups, in: Proceedings of the Public-Key...

    • Cited by (0)

    Tsu-Yang Wu received the B.S. and the M.S. degrees in Department of Applied Mathematics, Tatung University, Taiwan, in 2003 and 2005, respectively. He is currently a Ph.D. candidate in Department of Mathematics, National Changhua University of Education, Taiwan. His research interests include applied cryptography, pairing-based cryptography and network security.

    Yuh-Min Tseng is currently a Professor at the Department of Mathematics, National Changhua University of Education, Taiwan. He is members of IEEE Communications Society, IEICE Society, and the Chinese Cryptology and Information Security Association (CCISA). In 2006, his paper obtained the Wilkes Award from The British Computer Society. He is also editors of two international Journals: Computer Standards & Interfaces, and International Journal of Security and Its Applications. His research interests include cryptography, information security, network security and mobile communications.

    View full text
    Copyright © 2009 Elsevier B.V. All rights reserved.