Abstract
Authentication prevents any illegal access to system resources. An entity authentication scheme is a mechanism to solve the problem of authenticity in a wired or wireless network environment. A remote user authentication scheme proposed by Kim et al. (IEICE Trans Fundam Electron Commun Comput Sci 94(6):1426–1433, 2011) claims that this scheme is secure against the offline password guessing attack, unlimited online password guessing attack, server impersonation, user impersonation, and reply attacks. Tai et al. (2012 26th international conference on advanced information networking and applications workshops (WAINA), pp 160–164, 2012) report some fatal security flaws in the password change phase of the Kim et al.’s scheme. Though these two schemes have used the Rabin’s cryptosystem and claim their suitability for implementation, yet none of them describes the process of selecting one root out of four plaintexts from the single cipher text. In this paper, we use the Blum–Blum–Shub pseudo-random bit generator algorithm to select the original one among the four plaintexts. We also present the security analysis of our scheme. Our scheme is much secure and suitable for practical implementation.
Similar content being viewed by others
References
Debiao, H., Jianhua, C., & Rui, Z. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989–1995.
Yang, Y., Zhou, J., Weng, J., & Bao, F. (2009). A new approach for anonymous password authentication. In Annual computer security applications conference, 2009. ACSAC’09, pp. 199–208.
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. Computers and Digital Techniques, IEE Proceedings E, 138(3), 165–168.
Chang, C. C., & Hwang, S. J. (1993). Using smart cards to authenticate remote passwords. Computers & Mathematics with Applications, 26(7), 19–27.
Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.
Yang, W. H., & Shieh, S. P. (1999). Password authentication schemes with smart cards. Computers & Security, 18(8), 727–733.
Liao, I. E., Lee, C. C., & Hwang, M. S. (2006). A password authentication scheme over insecure networks. Journal of Computer and System Sciences, 72(4), 727–740.
Yang, G., Wong, D. S., Wang, H., & Deng, X. (2008). Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7), 1160–1172.
He, D., Padhye, S., & Chen, J. (2012). An efficient certificateless two-party authenticated key agreement protocol. Computers & Mathematics with Applications, 64(6), 1914–1926.
Luo, M., & Zhao, H. (2014). An authentication and key agreement mechanism for multi-domain wireless networks using certificateless public-key cryptography. Wireless Personal Communications, 81(2), 779–798.
Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 50(1), 231–235.
He, D. (2012). An efficient remote user authentication and key agreement protocol for mobile clientserver environment from pairings. Ad Hoc Networks, 10(6), 1009–1016.
He, D., Chen, Y., & Chen, J. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics, 69(3), 1149–1157.
He, D., Zhang, Y., & Chen, J. (2014). Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wireless Personal Communications, 74(2), 229–243.
He, D., Chan, S., Chen, C., Bu, J., & Fan, R. (2011). Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wireless Personal Communications, 61(2), 465–476.
Jiang, Q., Ma, J., Li, G., & Yang, L. (2013). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications, 68(4), 1477–1491.
Tseng, Y. M., Yang, C. C., & Su, J. H. (2004). Authentication and billing protocols for the integration of WLAN and 3G networks. Wireless Personal Communications, 29(3), 351–366.
Tsai, J. L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security, 27(3–4), 115–121.
Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378.
He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.
Tsai, J. L., Lo, N. W., & Wu, T. C. (2013). A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless personal communications, 71(3), 1977–1988.
Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.
Lee, S. W., Kim, H. S., & Yoo, K. Y. (2004). Improved efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(2), 565–567.
Yoon, E. J., & Yoo, K. Y. (2005). More efficient and secure remote user authentication scheme using smart cards. In 11th international conference on parallel and distributed systems, 2005. Proceedings (Vol. 2, pp. 73–77). IEEE.
Kim, S. K., & Chung, M. G. (2009). More secure remote user authentication scheme. Computer Communications, 32(6), 1018–1021.
Kim, J. Y., Choi, H. K., & Copeland, J. A. (2011). Further improved remote user authentication scheme. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 94(6), 1426–1433.
Rabin, M. O. (1979). Digitalized signatures and public-key functions as intractable as factorization. Technical Report MIT/LCS/TR-212, MIT Laboratory for Computer Science.
Tai, W. L., Chang, Y. F., Li, Y. F., & Pan, S. M. (2012). A security enhancement on a remote user authentication scheme based on the rabin cryptosystem with secure password updating. In 2012 26th international conference on advanced information networking and applications workshops (WAINA), pp. 160–164.
Liao, I. E., Lee, C. C., & Hwang, M. S. (2006). A password authentication scheme over insecure networks. Journal of Computer and System Sciences, 72(4), 727–740.
Cheng, Z. Y., Liu, Y., Chang, C. C., & Liu, C. X. (2013). A novel biometric-based remote user authentication scheme using quadratic residues. International Journal of Information and Electronics Engineering, 3(4), 419–422.
Yang, F. Y., Hsu, C. W., & Chiu, S. H. (2014). Password authentication scheme preserving identity privacy. In 2014 sixth international conference on measuring technology and mechatronics automation (ICMTMA), pp. 443–447.
Kim, Y., Choi, Y., & Won, D. (2014). Security improvement on smart card-based remote user authentication scheme using hash function. In 2014 international conference on information science and applications (ICISA), pp. 1–4.
Padma, B., & Chandravathi, D. (2012). Selecting plaintext in rabin cryptosystems using padding generated by pseudo-random bit generators. The IUP Journal of Computer Sciences, 6(1), 31–38.
Junod, P. (1999). Cryptographic secure pseudo-random bits generation: the blum-blum-shub generator. http://crypto.junod.info/bbs.pdf. Accessed 02 May 2016.
Blum, L., Blum, M., & Shub, M. (1986). A simple unpredictable pseudo-random number generator. SIAM Journal on computing, 15(2), 364–383.
Blum, L., Blum, M., & Shub, M. (1983). Comparison of two pseudo-random number generators. In Advances in Cryptology, pp. 61–78.
Lee, J. S., & Chang, C. C. (2007). Secure communications for cluster-based ad hoc networks using node identities. Journal of Network and Computer Applications, 30(4), 1377–1396.
Li, W., Wen, Q., Su, Q., & Jin, Z. (2012). An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Computer Communications, 35(2), 188–195.
Li, C. T., Hwang, M. S., & Chu, Y. P. (2008). A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Computer Communications, 31(12), 2803–2814.
Xu, L., & Wu, F. (2015). Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. Journal of Medical Systems, 39(2), 1–9.
Wang, X., Yin, Y. L., & Yu, H. (2005). Finding collisions in the full SHA-1. In Advances in Cryptology, CRYPTO, 2005, pp. 17–36.
Payne, W. H., Rabung, J. R., & Bogyo, T. P. (1969). Coding the Lehmer pseudo-random number generator. Communications of the ACM, 12(2), 85–86.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ranjan, P., Om, H. An Efficient Remote User Password Authentication Scheme based on Rabin’s Cryptosystem. Wireless Pers Commun 90, 217–244 (2016). https://doi.org/10.1007/s11277-016-3342-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3342-5