Abstract
Wearable devices not only are the advancement in reduction of computation-systems, but also convenient for indirect interactions. Financial or medical data are exchanged between these devices through unreliable networks must be kept secret. Hence, lightweight and secure user authentication schemes always receive special attentions of many works in information security. Recently, Saleem et al. and Kandar et al. proposed a provable biometrics-based scheme providing the users with guarantee of secure authentication. Although elliptic curve crypto-system-based combined with cryptographic-hash function, their schemes fail to satisfy session-key perfect forward secrecy and not applicable in practice. In this paper, we provide an improved version of their scheme to overcome these limitations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lamport, L.: Password authentication with insecure communication. Commun. ACM 3468, 770–772 (1981)
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) Advances in Cryptology, CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1984). https://doi.org/10.1007/3-540-39568-7_5
Tsaur, W.J.: A flexible user authentication scheme for multi-server internet services. In: Lorenz, P. (ed.) ICN 2001. LNCS, vol. 2093, pp. 174–183. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-47728-4_18
Hwang, M., Lee, C., Tang, Y.: A simple remote user authentication scheme. Math. Comput. Model. 36, 103–107 (2002)
Shen, J., Lin, C., Hwang, M.: A modified remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 49(2), 414–416 (2003)
Lee, C., Hwang, M., Yang, W.: Flexible remote user authentication scheme using smart cards. IEEE Trans. Neural Netw. 36(3), 46–52 (2002)
Yoon, E., Yoo, K.: A flexible user authentication for multi-server internet services. In: Debruyne, C., et al. (eds.) OTM Workshops. LNCS, vol. 4277, pp. 499–507. Springer, Cham (2006)
Sood, S., Sarje, A., Singh, K.: A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2), 609–618 (2011)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key crypto-systems. Commun. ACM 21(2), 120–126 (1978)
Elgamal, T.: A public key crypto-system and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_31
Koblitz, N.: Elliptic curve crypto-systems. Math. Comput. 48(177), 203–209 (1987)
Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography, 1st edn. Springer, New York (2004). https://doi.org/10.1007/b97644
Yang, J., Chang, C.: An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Comput. Secur. 28(3–4), 138–143 (2009)
Yoon, E., Yoo, K.: Robust ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In: International Conference on Computational Science and Engineering, pp. 633–640 (2009)
Islam, S.H., Biswas, G.: A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve crypto-system. J. Syst. Softw. 84(11), 1892–1898 (2011)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 451–472. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_28
Wu, H., Chang, C., Zheng, Y., Chen, L., Chen, C.: A secure IoT-based authentication system in cloud computing environment. Sensors 20(19), 5604 (2020)
Saleem, M., Islam, S., Ahmed, S., Mahmood, K., Hussain, M.: Provably secure biometric-based client-server secure communication over unreliable networks. J. Inf. Secur. Appl. 58, 102769 (2021)
Kandar, S., Pal, S., Dhara, B.C.: A biometric based remote user authentication technique using smart card in multi-server environment. Wireless Pers. Commun. 2021(120), 1003–1026 (2021)
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25
Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0024447
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)
Tsai, J., Wu, T., Tsai, K.: New dynamic id authentication scheme using smart cards. Int. J. Commun. Syst. 23(12), 1449–1462 (2010)
Acknowledgements
This study was funded by Vietnam National University, Ho Chi Minh City (VNU-HCM) under grant number C2021-18-21
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Truong, TT., Tran, MT., Duong, AD., Tran, AD. (2022). A Provably Secure User Authentication Scheme Over Unreliable Networks. In: Barolli, L., Hussain, F., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2022. Lecture Notes in Networks and Systems, vol 449. Springer, Cham. https://doi.org/10.1007/978-3-030-99584-3_52
Download citation
DOI: https://doi.org/10.1007/978-3-030-99584-3_52
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-99583-6
Online ISBN: 978-3-030-99584-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)