Skip to main content
SpringerLink
Log in

An Improved Remote User Authentication Scheme Using Elliptic Curve Cryptography

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Internet of Things has drastically expanded the global network for information exchange, because thousands of communication devices are becoming part of the global network. Besides the numerous benefits of global network expansion, secure communication and authentication among the comprising elements of the global network is also posing great challenges. Recently, Huang et al. proposed a key agreement scheme in order to facilitate user authenticity using elliptic curve cryptography. Huang et al. further emphasized the scheme is secure. Nevertheless, comprehensive analysis in this paper, demonstrates that Huang et al. scheme has correctness issues and is prone to impersonation/forgery attack. Then an improved scheme is presented to tenacity the said glitches existent in Huang et al.’s scheme. The security analysis of proposed scheme is substantiated in random oracle model. Furthermore, a simulation of proposed scheme is carried out by automated formal tool ProVerif. The performance and security assessments show that the scheme presented in this paper withstand impersonation attack and offers adequate security while reducing significant computation cost as compared with Huang et al.’s scheme. Hence, due to better performance and security, the proposed scheme is the appropriate one for security sensitive and resource constrained environments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  2. Sun, D.-Z., Huai, J.-P., Sun, J.-Z., Li, J.-X., Zhang, J.-W., & Feng, Z.-Y. (2009). Improvements of Juang’s password-authenticated key agreement scheme using smart cards. IEEE Transactions on Industrial Electronics, 56(6), 2284–2291.

    Article  Google Scholar 

  3. Lu, R., Lin, X., Liang, X., & Shen, X. (2012). A dynamic privacy-preserving key management scheme for location-based services in vanets. IEEE Transactions on Intelligent Transportation Systems, 13(1), 127–139.

    Article  Google Scholar 

  4. Zhao, D., Peng, H., Li, L., & Yang, Y. (2014). A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 78(1), 247–269.

    Article  Google Scholar 

  5. Lu, Y., Li, L., Peng, H., & Yang, Y. (2015). An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. Journal of medical systems, 39(3), 1–8.

    Article  Google Scholar 

  6. He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multi-server environment. IEEE Systems Journal, 9(3), 816–823.

    Article  Google Scholar 

  7. He, D., & Zeadally, S. (2015). Authentication protocol for an ambient assisted living system. IEEE Communications Magazine, 53(1), 71–77.

    Article  Google Scholar 

  8. He, D. (2012). An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings. Ad Hoc Networks, 10(6), 1009–1016.

    Article  Google Scholar 

  9. Farash, M. S., & Attari, M. A. (2014). A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. The Journal of Supercomputing, 69(1), 395–411.

    Article  Google Scholar 

  10. Farash, M. S., & Attari, M. A. (2016). An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. International Journal of Communication Systems, 29(13), 1956–1967.

    Article  Google Scholar 

  11. Farash, M. S., & Attari, M. A. (2014). Cryptanalysis and improvement of a chaotic map-based key agreement protocol using chebyshev sequence membership testing. Nonlinear Dynamics, 76(2), 1203–1213.

    Article  MathSciNet  MATH  Google Scholar 

  12. Irshad, A., Sher, M., Rehman, E., Ch, S. A., Hassan, M. U., & Ghani, A. (2015). A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications, 74(11), 3967–3984.

    Article  Google Scholar 

  13. Wu, L., Zhang, Y., Li, L., & Shen, J. (2016). Efficient and anonymous authentication scheme for wireless body area networks. Journal of Medical Systems, 40(6), 1–12. doi:10.1007/s10916-016-0491-8.

    Article  Google Scholar 

  14. Jin, C., Xu, C., Zhang, X., & Li, F. (2015). A secure ECC-based RFID mutual authentication protocol to enhance patient medication safety. Journal of Medical Systems, 40(1), 1–6. doi:10.1007/s10916-015-0362-8.

    Google Scholar 

  15. Jiang, Q., Ma, J., & Tian, Y. (2014). Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. International Journal of Communication Systems. doi:10.1002/dac.2767.

    Google Scholar 

  16. Zhang, L., Tang, S., & Cai, Z. (2014). Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications. IET Communications, 8(1), 83–91.

    Article  Google Scholar 

  17. Chiou, S.-Y., Ying, Z., & Liu, J. (2016). Improvement of a privacy authentication scheme based on cloud for medical environment. Journal of Medical Systems, 40(4), 1–15. doi:10.1007/s10916-016-0453-1.

    Article  Google Scholar 

  18. Tsai, J.-L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3), 115–121.

    Article  Google Scholar 

  19. Lu, R., Lin, X., Zhu, H., Liang, X., & Shen, X. (2012). Becan: a bandwidth-efficient cooperative authentication scheme for filtering injected false data in wireless sensor networks. IEEE Transactions on Parallel and Distributed Systems, 23(1), 32–43.

    Article  Google Scholar 

  20. Liao, Y.-P., & Wang, S.-S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.

    Article  Google Scholar 

  21. Lee, C.-C., Lin, T.-H., & Chang, R.-X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

    Google Scholar 

  22. Wang, D., & Wang, P. (2014). On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions. Computer Networks, 73, 41–57.

    Article  Google Scholar 

  23. Wang, D., He, D., Wang, P., & Chu, C. (2015). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428–442.

    Article  Google Scholar 

  24. Juang, W.-S., Chen, S.-T., & Liaw, H.-T. (2008). Robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 55(6), 2551–2556.

    Article  Google Scholar 

  25. Xu, J., Zhu, W.-T., & Feng, D.-G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728.

    Article  Google Scholar 

  26. Lee, S.-W., Kim, H.-S., & Yoo, K.-Y. (2005). Improvement of Chien et al’.s remote user authentication scheme using smart cards. Computer Standards and Interfaces, 27(2), 181–183.

    Article  Google Scholar 

  27. Lee, N.-Y., & Chiu, Y.-C. (2005). Improved remote authentication scheme with smart card. Computer Standards and Interfaces, 27(2), 177–180.

    Article  Google Scholar 

  28. Sood, S. K., Sarje, A. K., & Singh, K. (2010). An improvement of Xu et al.’s authentication scheme using smart cards. In Proceedings of the third annual ACM Bangalore conference, ACM (p. 15).

  29. Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards and Interfaces, 32(5), 321–325.

    Article  Google Scholar 

  30. Chen, B.-L., Kuo, W.-C., & Wuu, L.-C. (2014). Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems, 27(2), 377–389.

    Article  Google Scholar 

  31. Qu, J., & Tan, X.-L. (2014). Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem. Journal of Electrical and Computer Engineering, 2014, 16.

    Article  Google Scholar 

  32. Huang, B., Khan, M. K., Wu, L., Muhaya, F. T. B., & He, D. (2015). An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wireless Personal Communications, 85(1), 225–240.

    Article  Google Scholar 

  33. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. (2008). On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In D. Wagner (Ed.), Advances in cryptology, CRYPTO 2008, Vol. 5157, lecture notes in computer science (pp. 203–220). Berlin: Springer. doi:10.1007/978-3-540-85174-5_12.

    Google Scholar 

  34. Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208. doi:10.1109/TIT.1983.1056650.

    Article  MathSciNet  MATH  Google Scholar 

  35. Cao, X., & Zhong, S. (2006). Breaking a remote user authentication scheme for multi-server architecture. IEEE Communications Letters, 10(8), 580–581. doi:10.1109/LCOMM.2006.1665116.

    Article  Google Scholar 

  36. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of the advances in cryptology (pp. 388–397). Santa Barbara.

  37. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  38. Huang, B., Khan, M., Wu, L., Muhaya, F., & He, D. (2015). An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wireless Personal Communications. doi:10.1007/s11277-015-2735-1.

    Google Scholar 

  39. Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.

    Article  Google Scholar 

  40. Mir, O., & Nikooghadam, M. (2015). A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wireless Personal Communications, 83(4), 2439–2461.

    Article  Google Scholar 

  41. Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., & Khan, M. K. (2015). An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks. doi:10.1002/sec.1299.

    Google Scholar 

  42. Xie, Q., Hu, B., Dong, N., & Wong, D. S. (2014). Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PLoS One, 9(7), 1–6.

    Google Scholar 

  43. Abadi, M., & Rogaway, P. (2000). Reconciling two views of cryptography. In Proceedings of the IFIP International Conference on Theoretical Computer Science (pp. 3–22). Springer.

Download references

Acknowledgments

Authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16). Authors would also like to thank Mr. Shahzad Siddique Chaudhry, anonymous reviewers and the guest editors for their valuable and constructive comments.

Author information

Authors and Affiliations

  1. Department of Computer Science & Software Engineering, International Islamic University, Islamabad, Pakistan

    Shehzad Ashraf Chaudhry, Husnain Naqvi & Khalid Mahmood

  2. College of Computer Sciences and Information Technology (CCSIT), King Faisal University, Alahssa, 31982, Kingdom of Saudi Arabia

    Hafiz Farooq Ahmad

  3. Center of Excellence in Information Assurance, King Saud University, Riyadh, Kingdom of Saudi Arabia

    Muhammad Khurram Khan

Authors
  1. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Husnain Naqvi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Khalid Mahmood
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hafiz Farooq Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shehzad Ashraf Chaudhry.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chaudhry, S.A., Naqvi, H., Mahmood, K. et al. An Improved Remote User Authentication Scheme Using Elliptic Curve Cryptography. Wireless Pers Commun 96, 5355–5373 (2017). https://doi.org/10.1007/s11277-016-3745-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3745-3

Keywords

Search

Navigation