Skip to main content
SpringerLink
Log in

An Efficient Remote User Password Authentication Scheme based on Rabin’s Cryptosystem

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Authentication prevents any illegal access to system resources. An entity authentication scheme is a mechanism to solve the problem of authenticity in a wired or wireless network environment. A remote user authentication scheme proposed by Kim et al. (IEICE Trans Fundam Electron Commun Comput Sci 94(6):1426–1433, 2011) claims that this scheme is secure against the offline password guessing attack, unlimited online password guessing attack, server impersonation, user impersonation, and reply attacks. Tai et al. (2012 26th international conference on advanced information networking and applications workshops (WAINA), pp 160–164, 2012) report some fatal security flaws in the password change phase of the Kim et al.’s scheme. Though these two schemes have used the Rabin’s cryptosystem and claim their suitability for implementation, yet none of them describes the process of selecting one root out of four plaintexts from the single cipher text. In this paper, we use the Blum–Blum–Shub pseudo-random bit generator algorithm to select the original one among the four plaintexts. We also present the security analysis of our scheme. Our scheme is much secure and suitable for practical implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Debiao, H., Jianhua, C., & Rui, Z. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989–1995.

    Article  Google Scholar 

  2. Yang, Y., Zhou, J., Weng, J., & Bao, F. (2009). A new approach for anonymous password authentication. In Annual computer security applications conference, 2009. ACSAC’09, pp. 199–208.

  3. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  4. Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. Computers and Digital Techniques, IEE Proceedings E, 138(3), 165–168.

    Article  Google Scholar 

  5. Chang, C. C., & Hwang, S. J. (1993). Using smart cards to authenticate remote passwords. Computers & Mathematics with Applications, 26(7), 19–27.

    Article  MATH  Google Scholar 

  6. Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.

    Article  Google Scholar 

  7. Yang, W. H., & Shieh, S. P. (1999). Password authentication schemes with smart cards. Computers & Security, 18(8), 727–733.

    Article  Google Scholar 

  8. Liao, I. E., Lee, C. C., & Hwang, M. S. (2006). A password authentication scheme over insecure networks. Journal of Computer and System Sciences, 72(4), 727–740.

    Article  MathSciNet  MATH  Google Scholar 

  9. Yang, G., Wong, D. S., Wang, H., & Deng, X. (2008). Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7), 1160–1172.

    Article  MathSciNet  MATH  Google Scholar 

  10. He, D., Padhye, S., & Chen, J. (2012). An efficient certificateless two-party authenticated key agreement protocol. Computers & Mathematics with Applications, 64(6), 1914–1926.

    Article  MathSciNet  MATH  Google Scholar 

  11. Luo, M., & Zhao, H. (2014). An authentication and key agreement mechanism for multi-domain wireless networks using certificateless public-key cryptography. Wireless Personal Communications, 81(2), 779–798.

    Article  Google Scholar 

  12. Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 50(1), 231–235.

    Article  MathSciNet  Google Scholar 

  13. He, D. (2012). An efficient remote user authentication and key agreement protocol for mobile clientserver environment from pairings. Ad Hoc Networks, 10(6), 1009–1016.

    Article  Google Scholar 

  14. He, D., Chen, Y., & Chen, J. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics, 69(3), 1149–1157.

    Article  MathSciNet  MATH  Google Scholar 

  15. He, D., Zhang, Y., & Chen, J. (2014). Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wireless Personal Communications, 74(2), 229–243.

    Article  Google Scholar 

  16. He, D., Chan, S., Chen, C., Bu, J., & Fan, R. (2011). Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wireless Personal Communications, 61(2), 465–476.

    Article  Google Scholar 

  17. Jiang, Q., Ma, J., Li, G., & Yang, L. (2013). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications, 68(4), 1477–1491.

    Article  Google Scholar 

  18. Tseng, Y. M., Yang, C. C., & Su, J. H. (2004). Authentication and billing protocols for the integration of WLAN and 3G networks. Wireless Personal Communications, 29(3), 351–366.

    Article  Google Scholar 

  19. Tsai, J. L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security, 27(3–4), 115–121.

    Article  Google Scholar 

  20. Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378.

    Article  Google Scholar 

  21. He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.

    Article  Google Scholar 

  22. Tsai, J. L., Lo, N. W., & Wu, T. C. (2013). A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless personal communications, 71(3), 1977–1988.

    Article  Google Scholar 

  23. Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.

    Article  Google Scholar 

  24. Lee, S. W., Kim, H. S., & Yoo, K. Y. (2004). Improved efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(2), 565–567.

    Article  Google Scholar 

  25. Yoon, E. J., & Yoo, K. Y. (2005). More efficient and secure remote user authentication scheme using smart cards. In 11th international conference on parallel and distributed systems, 2005. Proceedings (Vol. 2, pp. 73–77). IEEE.

  26. Kim, S. K., & Chung, M. G. (2009). More secure remote user authentication scheme. Computer Communications, 32(6), 1018–1021.

    Article  Google Scholar 

  27. Kim, J. Y., Choi, H. K., & Copeland, J. A. (2011). Further improved remote user authentication scheme. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 94(6), 1426–1433.

    Article  Google Scholar 

  28. Rabin, M. O. (1979). Digitalized signatures and public-key functions as intractable as factorization. Technical Report MIT/LCS/TR-212, MIT Laboratory for Computer Science.

  29. Tai, W. L., Chang, Y. F., Li, Y. F., & Pan, S. M. (2012). A security enhancement on a remote user authentication scheme based on the rabin cryptosystem with secure password updating. In 2012 26th international conference on advanced information networking and applications workshops (WAINA), pp. 160–164.

  30. Liao, I. E., Lee, C. C., & Hwang, M. S. (2006). A password authentication scheme over insecure networks. Journal of Computer and System Sciences, 72(4), 727–740.

    Article  MathSciNet  MATH  Google Scholar 

  31. Cheng, Z. Y., Liu, Y., Chang, C. C., & Liu, C. X. (2013). A novel biometric-based remote user authentication scheme using quadratic residues. International Journal of Information and Electronics Engineering, 3(4), 419–422.

    Google Scholar 

  32. Yang, F. Y., Hsu, C. W., & Chiu, S. H. (2014). Password authentication scheme preserving identity privacy. In 2014 sixth international conference on measuring technology and mechatronics automation (ICMTMA), pp. 443–447.

  33. Kim, Y., Choi, Y., & Won, D. (2014). Security improvement on smart card-based remote user authentication scheme using hash function. In 2014 international conference on information science and applications (ICISA), pp. 1–4.

  34. Padma, B., & Chandravathi, D. (2012). Selecting plaintext in rabin cryptosystems using padding generated by pseudo-random bit generators. The IUP Journal of Computer Sciences, 6(1), 31–38.

    Google Scholar 

  35. Junod, P. (1999). Cryptographic secure pseudo-random bits generation: the blum-blum-shub generator. http://crypto.junod.info/bbs.pdf. Accessed 02 May 2016.

  36. Blum, L., Blum, M., & Shub, M. (1986). A simple unpredictable pseudo-random number generator. SIAM Journal on computing, 15(2), 364–383.

    Article  MathSciNet  MATH  Google Scholar 

  37. Blum, L., Blum, M., & Shub, M. (1983). Comparison of two pseudo-random number generators. In Advances in Cryptology, pp. 61–78.

  38. Lee, J. S., & Chang, C. C. (2007). Secure communications for cluster-based ad hoc networks using node identities. Journal of Network and Computer Applications, 30(4), 1377–1396.

    Article  Google Scholar 

  39. Li, W., Wen, Q., Su, Q., & Jin, Z. (2012). An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Computer Communications, 35(2), 188–195.

    Article  Google Scholar 

  40. Li, C. T., Hwang, M. S., & Chu, Y. P. (2008). A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Computer Communications, 31(12), 2803–2814.

    Article  Google Scholar 

  41. Xu, L., & Wu, F. (2015). Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. Journal of Medical Systems, 39(2), 1–9.

    Article  Google Scholar 

  42. Wang, X., Yin, Y. L., & Yu, H. (2005). Finding collisions in the full SHA-1. In Advances in Cryptology, CRYPTO, 2005, pp. 17–36.

  43. Payne, W. H., Rabung, J. R., & Bogyo, T. P. (1969). Coding the Lehmer pseudo-random number generator. Communications of the ACM, 12(2), 85–86.

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian School of Mines, Dhanbad, India

    Pratik Ranjan & Hari Om

Authors
  1. Pratik Ranjan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hari Om
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pratik Ranjan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ranjan, P., Om, H. An Efficient Remote User Password Authentication Scheme based on Rabin’s Cryptosystem. Wireless Pers Commun 90, 217–244 (2016). https://doi.org/10.1007/s11277-016-3342-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3342-5

Keywords

Search

Navigation