Abstract
Recently, Manik et al. proposed a remote user authentication scheme using bilinear pairings, in which the user can login to a remote system with his own smart card. Some security flaws and improvements of Manik et al.’s scheme were investigated and proposed by researchers. One of the most comprehensive studies of this type was conducted by Fang and Huang in the same year. Fang and Huang showed types of potential attacks on Manik et al.’s scheme and further proposed an improved scheme. In this paper, we demonstrated that both Manik et al.’s and the Fang–Huang schemes are vulnerable to a range of attacks to show the claimed security requirements cannot be achieved. Therefore, we proposed a novel remote user authentication scheme from bilinear pairings via Internet, which can withstand the types of attacks that would threaten the previous schemes. The proposed scheme not only enhances the security of the remote user authentication scheme but also achieves high levels of performance.
Similar content being viewed by others
References
Boneh, D., & Franklin, M. (2001). Identity-based encryption from the weil pairing. Advances in Cryptology Crypto’01, 2139, 213–229.
Chan, C. K., & Cheng, L. M. (2002). Cryptanalysis of a timestamp-based password authentication scheme. Computers and Security, 21(1), 74–76.
Chang, C. C., & Wu, T. C. (1993). Remote password authentication with smart cards. IEE Proceedings-E, 138(3), 165–168.
Chien, H. Y., Jan, J. K., & Tseng, Y. H. (2002). An efficient and practical solution to remote authentication: Smart card. Computers and Security, 21(4), 372–375.
Chou, J. S., Chen, Y., Lin, J. Y. (2005). Improvement of Manik et al.'s remote user authentication scheme. From: http://eprint.iacr.org/2005/450
Fang, G. F., Huang, G. X. (2006). Improvement of recently proposed remote user authentication schemes. From: http://eprint.iacr.org/2006/200
Giruka, V. C., Chakrabarti, S., & Singhal, M. (2006). A distributed multi-party key agreement protocol for dynamic collaborative groups using ECC original research article. Journal of Parallel and Distributed Computing, 66(7), 959–970.
Hess, F. (2003). Efficient identity based signature schemes based on pairings. Selected Areas in Cryptography’02, 2595, 310–324.
Hsu, C. L. (2004). Security of Chien et al.’s remote user authentication scheme using smart card. Computer Standards and Interfaces, 26(3), 167–169.
Islam, S. H., & Biswas, G. P. (2011). A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software, 84(11), 1892–1898.
Juang, W. S. (2004). Efficient password authenticated key agreement using smart cards. Computers and Security, 23(2), 167–173.
Khedr, W. I. (2013). SRFID: A hash-based security scheme for low cost RFID systems. Egyptian Informatics Journal, 14(1), 89–98.
Ku, W. C., Chuang, H. M., & Chiang, M. H. (2005). Cryptanalysis of a multi-server password authenticated key agreement scheme using smart cards. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E88–A(11), 3235–3238.
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Liaw, H. T., Lin, J. F., & Wu, W. C. (2007). A new electronic traveler’s check scheme based on one-way hash function original research article. Electronic Commerce Research and Applications, 6(4), 499–508.
Manik, L. D., Saxena, A., Gulati, V. P., & Phatak, D. B. (2006). A novel remote user authentication scheme using bilinear pairings. Computers and Security, 25(3), 184–189.
Paterson, K. G. (2002). ID-based signature from pairings on elliptic curves. IEEE Communications Letters, 38(18), 1025–1026.
Shamir, A. (1984). Identity-based cryptosystems and signature schemes. Advances in Cryptology Crypto’84, 196, 47–53.
Shieh, W. G., & Wang, J. M. (2005). Efficient remote mutual authentication and key agreement. Computers and Security, 25(1), 72–77.
Sun, H. M., Hsieh, B. T., & Tseng, S. M. (2005). On the security of some proxy blind signature schemes. Journal of Systems and Software, 74(3), 297–302.
Tan, K., & Zhu, H. (1999). Remote password authentication scheme based on cross-product. Computer Communications, 1(18), 390–393.
Thulasi, G., Manik, L. D., Saxena, A. (2006). Cryptanalysis of recently proposed remote user authentication schemes. From: http://eprint.iacr.org/2006/028
Tsai, J. L. (2009). Convertible multi-authenticated encryption scheme with one-way hash function. Computer Communications, 32(5), 783–786.
Wang, S. J., & Chang, J. F. (1996). Smart card based secure password authentication scheme. Computers and Security, 15(3), 231–237.
Wu, T. C. (1995). Remote login authentication scheme based on a geometric approach. Computer Communications, 18(12), 959–963.
Yang, W. H., & Shieh, S. P. (1999). Password authentication schemes with smart cards. Computers and Security, 18(8), 727–733.
Acknowledgments
We would like to thank anonymous referees for their valuable suggestions. We thank Healthy Aging Research Center (HARC) of Chang Gung University for excellent technical assistance. This work was supported in part by the Chang Gung University Grant CMRPD3D0041 and in part by National Science Council under the grant NARPD3D0071.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hsu, CL., Chuang, YH. & Kuo, Cl. A Novel Remote User Authentication Scheme from Bilinear Pairings Via Internet. Wireless Pers Commun 83, 163–174 (2015). https://doi.org/10.1007/s11277-015-2386-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-2386-2