A novel remote user authentication scheme using bilinear pairings

doi:10.1016/j.cose.2005.09.002

Computers & Security

Volume 25, Issue 3, May 2006, Pages 184-189

https://doi.org/10.1016/j.cose.2005.09.002 Get rights and content

Abstract

The paper presents a remote user authentication scheme using the properties of bilinear pairings. In the scheme, the remote system receives user login request and allows login to the remote system if the login request is valid. The scheme prohibits the scenario of many logged in users with the same login-ID, and provides a flexible password change option to the registered users without any assistance from the remote system.

Introduction

Password authentication is an important technique to verify the legitimacy of a user. The technique is regarded as one of the most convenient methods for remote user authentication. Based on the computation complexity, password-based authentication schemes are classified into two broad categories, viz. hash-based (Menezes et al., 1996) authentication and public-key based authentication (IEEE P1363.2 Draft D12, 2003).

In 1981, Lamport introduced the first well-known hash-based password authentication scheme. Lamport's scheme suffers from high hash overhead and password resetting problems. Later, Shimizu et al. (1998) overcome the weakness of Lamport (1981) and proposed a modified scheme. Thereafter, many schemes and improvements (Lee et al., 2002, Peyravian and Zunic, 2000, Ku et al., 2003, Ku, 2004) on hash-based remote user authentication, have been proposed. These schemes take low computation cost and are computationally viable for implementation in a handheld device like smart card; however, the schemes primarily suffer from password guessing, stolen-verifier and denial-of-service attacks (Ku et al., 2003, Hsieh et al., 2003). In contrast, public-key based authentication schemes require high computation cost for implementation, but meet higher security requirements. So far, several research works on public-key based remote user authentication (Chang and Wu, 1993, Chang and Liao, 1994, Hwang and Yeh, 2002, Shen et al., 2003) have been done. Unfortunately, many times, a paper typically breaks a previous scheme and proposes a new one (Ku et al., 2003, Hsieh et al., 2003), which someone breaks later and, in turn, proposes a new one, and so on. Most of such work, though quite important and useful, essentially provides an incremental advance to the same basic theme (Peyravian and Zunic, 2000).

Recently, the bilinear pairings (Boneh and Franklin, 2001), namely the Weil pairing and the Tate pairing of algebraic curves have been found as important applications (Boneh and Franklin, 2001, Hess, 2003) in cryptography and allowed us to construct identity (ID) based cryptographic schemes. In 1984, Shamir introduced the concept of ID-based cryptosystem; however, the practical ID-based schemes (Boneh and Franklin, 2001, Cocks, 2001) were found in 2001.

In this paper, we present a remote user authentication scheme using the properties of bilinear pairings. In our scheme, the user is assigned a smart card, which is being personalized by some parameters during the user registration process. The use of smart card not only makes the scheme secure but also prevents the users from distribution of their login-IDs, which effectively prevents the scenario of many logged in users with the same login-ID. The characteristics of our scheme are summarised as follows:

-
The user's smart card generates a dynamic login request and sends it to the remote system for login to the system. The login request is computed by the smart card internally without any human intervention and the login request is composed by the user system's timestamp. Thus, an adversary cannot predict the next login request with the help of current login request.
-
The users can choose and change their preferred passwords freely without any assistance from the remote system. During the user registration process, the remote system stores a secret component and other parameters in a smart card, and then sends it to the user securely. With the help of the smart card and its secret component the user can change his password without any assistance from remote system.
-
The remote system does not maintain any password or verifier table for the verification of user login request. The login request verification requires user identity, remote system public-key corresponding to the remote system's secret key.
-
The scheme prevents the scenario of many logged in users with the same login-ID. Typically, a registered user can share his password or secret component with others, thus all who know the password or secret component with respect to the user's login-ID, can login to the remote system. This generally happens in digital library, where a subscriber can share his login-ID and password with others, and many users (who knows login-ID and password) can download or view the digital document. In our scheme, the login request is generated by the smart card using its stored secret component without any human intervention. It is extremely difficult to extract the secret component from the smart card, and thus the user cannot share it with others. Even if the legitimate user's password is shared with others, the other person cannot login to the system without the smart card. Once a valid user logs into the remote system, his smart card will be inside the terminal until the user logs out. If the user pulls out the card from the terminal after login the remote system, the login session will be immediately expired. Thus, the scheme can successfully prevent the scenario of many logged in users with the same login-ID.
-
The scheme can resist the replay, forgery and insider attacks.

The rest of the paper is organised as follows. In the next section, we give some preliminaries of bilinear pairings. In the section following that, we propose our scheme and analyse the scheme in Section Correctness, performance and security. Finally we conclude the paper in last section.

Section snippets

Bilinear pairings

Suppose G₁ is an additive cyclic group generated by P, whose order is a prime q, and G₂ is a multiplicative cyclic group of the same order. A map $\hat{e} : G_{1} \times G_{1} \to G_{2}$ is called a bilinear mapping if it satisfies the following properties:

1.
Bilinear: $\hat{e} (a P, b Q) = \hat{e} {(P, Q)}^{a b}$ for all P, Q ∈ G₁ and a, $b \in Z_{q}^{*} .$
2.
Non-degenerate: there exist P, Q ∈ G₁ such that $\hat{e} (P, Q) \neq 1 .$
3.
Computable: there is an efficient algorithm to compute $\hat{e} (P, Q)$ for all P, Q ∈ G₁.

We note that G₁ is the group of points on an elliptic curve and G₂ is a

Proposed scheme

There are three entities in the proposed scheme, namely the user, user's smart card and the remote system. The scheme consists of mainly three phases – the setup phase, the registration phase and the authentication phase.

Correctness

The verification step (V2) of a login request is verified by the following:

$\begin{matrix} \hat{e} ({DID}_{i} - V_{i}, P) = \hat{e} (T \cdot {Reg}_{{ID}_{i}} - V_{i}, P) \\ = \hat{e} ((T (s \cdot H ({ID}_{i}) + H ({PW}_{i})) - T \cdot H ({PW}_{i})), P) \\ = \hat{e} {(s \cdot H ({ID}_{i}), P)}^{T} [as \hat{e} (a P, Q) = \hat{e} {(P, Q)}^{a}, bilinearity of \hat{e}] \\ = \hat{e} {(H ({ID}_{i}), {Pub}_{RS})}^{T} [as \hat{e} (b P, Q) = \hat{e} (P, b Q) and {Pub}_{RS} = s P] \end{matrix}$

Performance

In order to compare the performance of our scheme with the existing public-key based remote user authentication schemes, we consider the schemes (Chang and Liao, 1994, Shen et al., 2003) which are based on ElGamal's (1985) signature scheme and used smart

Conclusion

We proposed a remote user authentication scheme using the properties of bilinear pairings. The scheme prevents the adversary from forgery attacks by employing a dynamic login request in every login session. The use of smart card not only makes the scheme secure but also prevents the users from distribution of their login-IDs, which effectively prohibits the scenario of many logged in users with the same login-ID. Moreover, the scheme provides a flexible password change option, where the users

Manik Lal Das received his M. Tech. degree in 1998. He is working in Institute for Development and Research in Banking Technology, Hyderabad as Research Officer and pursuing his Ph.D. degree in K. R. School of Information Technology, Indian Institute of Technology, Bombay, India. He has published over 15 research articles in refereed Journal Conferences. He is a member of Cryptology Research Society of India and Indian Society for Technical Education. His research interests include Cryptography

References (21)

C.C. Chang et al.
A remote password authentication scheme based upon ElGamal's signature scheme
Computers & Security
(1994)
M. Peyravian et al.
Methods for protecting password transmission
Computers & Security
(2000)
P.S.L.M. Barreto et al.
Efficient algorithms for pairing-based cryptosystems
D. Boneh et al.
Identity-based encryption from the Weil pairing
C.C. Chang et al.
Remote password authentication with smart cards
IEE Proceedings – E
(1993)
C. Cocks
An identity based encryption scheme based on quadratic residues
T. ElGamal
A public key cryptosystem and signature scheme based on the discrete logarithms
IEEE Transaction on Information Theory
(1985)
G. Frey et al.
A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves
Mathematics of Computation
(1994)
F. Hess
Efficient identity based signature schemes based on pairings
B.T. Hsieh et al.
On the security of some password authentication protocols
Informatica
(2003)

There are more references available in the full text version of this article.

Cited by (114)

An efficient anonymous mutual authentication technique for providing secure communication in mobile cloud computing for smart city applications
2019, Sustainable Cities and Society
Citation Excerpt :
But, the authentication procedure of Hughes (2004) did not offer user secrecy and user untraceability. As more authentication methods depend on bilinear pairing or ECC (Ahmad et al., 2017; Chen, Yeh, & Shih, 2011; Das, Saxena, Gulati, & Phafstak, 2006; Goriparthia, Das, & Saxena, 2009; Khan Pathan, Hong, & Hee, 2009; Sun, Wen, Zhang, & Jin, 2013), they are mainly intended for client–server atmosphere. However, bilinear pairing or ECC are not fit for disseminated services atmosphere wherein the various service providers battle with other to provide various services.
Nowadays, the number of mobile users has considerably increased in recent years. The users can utilize several cloud computing services through their mobile devices during their mobility. However, providing secure access to these services is difficult due to the open nature of the wireless communication medium. In this paper, we proposed an efficient anonymous mutual authentication technique for mobile cloud computing in smart city applications. In this technique, both the mobile user $(U_{i})$ and the service provider $(S_{j})$ are required to prove their legitimacy to each other, and hence the legitimate $U_{i}$ can utilize all the cloud computing services in an efficient and secure way. The security analysis part shows the security strength of the proposed anonymous mutual authentication technique against various security attacks and the performance analysis part shows that the proposed method is efficient in terms of computational overhead in comparison with the existing schemes.
An efficient provably-secure identity-based authentication scheme using bilinear pairings for Ad hoc network
2017, Journal of Information Security and Applications
Citation Excerpt :
These schemes are generally built using elliptic curve cryptography (ECC) and bilinear pairings [14,25–27], due to their capability to offer short key size and achieve high performance [28,29]. Das et al.[30] presented a remote client authentication protocol using bilinear pairings for smart card application. However, the scheme was later shown to be insecure against forgery attack [31].
Designing an efficient and secure authentication scheme to ensure secure communication between parties in an ad hoc network remains challenging. Recently in 2017, Shaghayegh and Mehdi proposed an identity-based authentication scheme using bilinear pairings for Ad hoc networks. The scheme is claimed to be secure against a number of known attacks and provides non-repudiation property not found in most other authentication protocols. However, we demonstrate that their scheme is vulnerable to man-in-the-middle and forgery attacks, two previously unknown flaws. We then propose an improved mutual authentication scheme based on identity-based encryption (IBE) for Ad hoc networks. Our security analysis and experimental results demonstrate that the proposed scheme is secure and highly efficient.
An improved authentication protocol for distributed mobile cloud computing services
2017, International Journal of Critical Infrastructure Protection
Citation Excerpt :
However, the authentication protocol of Li et al. [18] does not provide user untraceability and user anonymity [15,37]. Furthermore, most authentication schemes based on elliptic curve or identity-based cryptosystems [5,6,13,16,34] are designed for client–server environments and are, therefore, inappropriate for distributed service environments. In an attempt to address these security and implementation challenges, Tsai and Lo [35] have proposed an authentication protocol based on bilinear pairing for distributed mobile cloud computing services that can execute with highly-constrained computational resources.
Cloud computing is a popular network access model for the transparent and ubiquitous sharing of services and computing resources among customers by service providers. In the critical infrastructure domain, cloud computing is used by governments for applications such as revenue collection to improve operations and achieve cost savings. Although cloud computing systems promise convenience, they threaten the privacy of users who transfer their applications to the cloud. In order to prevent illegal access, it is imperative that cloud providers implement secure authentication schemes.
Tsai and Lo have recently proposed an efficient authentication protocol based on a bilinear pairing cryptosystem for use in distributed mobile cloud computing services. They claim that the protocol provides mutual authentication and privacy to users, and also generates and exchanges session keys for each pair of communicating parties. This paper analyzes the security of the authentication protocol and demonstrates that the protocol is vulnerable to impersonation attacks and does not provide user anonymity and untraceability to users. The improved protocol presented in this paper prevents impersonation attacks and provides user anonymity and untraceability with only slight performance degradation.
Computationally efficient and secure anonymous authentication scheme for cloud users
2024, Personal and Ubiquitous Computing
Cluster optimization using metaheuristic JAYA algorithm for secure VANETs
2022, Autonomous Vehicles: Smart Vehicles for Communication
Secure transmission technique for data in IoT edge computing infrastructure
2022, Complex and Intelligent Systems

View all citing articles on Scopus

Ashutosh Saxena received his M.Sc. (1990), M. Tech. (1992) and Ph.D. in Computer Science (1999) from Devi Ahilya University, Indore. Presently, he is working as Associate Professor in Institute for Development and Research in Banking Technology, Hyderabad. He is on the Editorial Committees of various International Journals and Conferences, and is a Life Member of Computer Society of India and Cryptology Research Society of India and Member of IEEE Computer Society. He has authored and co-authored more than 50 research paper published in National/International Journals and Conferences. His main research interest is in the areas of Authentication Technologies, Smart Cards, Key Management and Security Issues in Banking.

Ved P. Gulati received his Ph.D. degree from Indian Institute of Technology, Kanpur, India. Presently, he is a consultant advisor in Tata Consultancy Services, Hyderabad, India. He was Director of Institute for Development and Research in Banking Technology, Hyderabad, India from 1997 to 2004. He is a member of IEEE, Cryptology Research Society of India and Computer Society of India. His research Interests include Payment Systems, Security Technologies, and Financial Networks.

Deepak B. Phatak received his Ph.D. degree from Indian Institute of Technology, Bombay, India. He is Subrao M. Nilekani Chair Professor with K. R. School of Information Technology, Indian Institute of Technology Bombay, India. His research interests include Data Bases, System performance evaluation, Smart Cards and Information Systems.

View full text

A novel remote user authentication scheme using bilinear pairings

Abstract

Introduction

Section snippets

Bilinear pairings

Proposed scheme

Correctness

Performance

Conclusion

Computers & Security

Computers & Security

Efficient algorithms for pairing-based cryptosystems

Identity-based encryption from the Weil pairing

Remote password authentication with smart cards

IEE Proceedings – E

An identity based encryption scheme based on quadratic residues

A public key cryptosystem and signature scheme based on the discrete logarithms

IEEE Transaction on Information Theory

A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves

Mathematics of Computation

Efficient identity based signature schemes based on pairings

On the security of some password authentication protocols

Informatica