Skip to main content
SpringerLink
Log in

Efficient Anonymous Password-Authenticated Key Exchange Scheme Using Smart Cards

  • Conference paper
  • First Online:
Proceedings of the Fourth Euro-China Conference on Intelligent Data Analysis and Applications (ECC 2017)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 682))

Abstract

Anonymous authentication is designed to hide the user’s identity from any verifiers during an authentication session. Since passwords prevail in many authentication systems, anonymous password-authenticated key exchange (APAKE) has become a candidate technique for privacy-enhancing applications. Recently, Shin and Kobara proposed an improved APAKE protocol using general devices such as public directories. However, we find that their scheme is vulnerable to a credential forgery attack. Then, we propose an efficient protocol using tamper resistant smart cards. The security and efficiency analysis shows that our protocol obtains high security and efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Chai, Z., Cao, Z., Lu, R.: Efficient password-based authentication and key exchange scheme preserving user privacy. In: International Conference on Wireless Algorithms, Systems, and Applications, pp. 467–477. Springer (2006)

    Google Scholar 

  2. Viet, D.Q., Yamamura, A., Tanaka, H.: Anonymous password-based authenticated key exchange. In: International Conference on Cryptology in India, pp. 244–257. Springer (2005)

    Google Scholar 

  3. Kim, S., Rhee, H.S., Chun, J.Y., Lee, D.H.: Anonymous and traceable authentication scheme using smart cards. In: International Conference on Information Security and Assurance, ISA 2008, pp. 162–165. IEEE (2008)

    Google Scholar 

  4. Liu, Y., Zhao, Z., Li, H., Luo, Q., Yang, Y.: An efficient remote user authentication scheme with strong anonymity. In: 2008 International Conference on Cyberworlds, pp. 180–185. IEEE (2008)

    Google Scholar 

  5. Shao, S., Li, H., Niu, X., Yang, Y.: A remote user authentication scheme preserving user anonymity and traceability. In: 5th International Conference on Wireless Communications, Networking and Mobile Computing, WiCom 2009, pp. 1–4. IEEE (2009)

    Google Scholar 

  6. Yang, Y., Zhou, J., Weng, J., Bao, F.: A new approach for anonymous password authentication. In: Annual Computer Security Applications Conference, ACSAC 2009, pp. 199–208. IEEE (2009)

    Google Scholar 

  7. Yang, Y., Zhou, J., Wong, J.W., Bao, F.: Towards practical anonymous password authentication. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 59–68. ACM (2010)

    Google Scholar 

  8. Qian, H., Gong, J., Zhou, Y.: Anonymous password-based key exchange with low resources consumption and better user-friendliness. Secur. Commun. Netw. 5(12), 1379–1393 (2012)

    Article  Google Scholar 

  9. Yang, Y., Lu, H., Liu, J.K., Weng, J., Zhang, Y., Zhou, J.: Credential wrapping: from anonymous password authentication to anonymous biometric authentication. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 141–151. ACM (2016)

    Google Scholar 

  10. Shin, S., Kobara, K.: Simple anonymous password-based authenticated key exchange (SAPAKE), reconsidered. IEICE Trans. Fundam. Electron. Commun. Compu. Sci. 100, 639–652 (2017)

    Article  Google Scholar 

  11. Shin, S., Kobara, K.: A secure anonymous password-based authentication protocol with control of authentication numbers. In: 2016 International Symposium on Information Theory and its Applications (ISITA), pp. 325–329. IEEE (2016)

    Google Scholar 

  12. Son, K., Han, D.G., Won, D.: Simple and provably secure anonymous authenticated key exchange with a binding property. IEICE Trans. Commun. 98(1), 160–170 (2015)

    Article  Google Scholar 

  13. Chen, C.M., Li, C.T., Liu, S., Wu, T.Y., Pan, J.S.: A provable secure private data delegation scheme for mountaineering events in emergency system. IEEE Access 5, 3410–3422 (2017)

    Article  Google Scholar 

  14. Chen, C.M., Fang, W., Wang, K.H., Wu, T.Y.: Comments on an improved secure and efficient password and chaos-based two-party key agreement protocol. Nonlinear Dyn. 87(3), 2073–2075 (2017)

    Article  Google Scholar 

  15. Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 2, 61–65 (2016)

    Google Scholar 

  16. Sun, H.M., He, B.Z., Chen, C.M., Wu, T.Y., Lin, C.H., Wang, H.: A provable authenticated group key agreement protocol for mobile environment. Inf. Sci. 321, 224–237 (2015)

    Article  MathSciNet  Google Scholar 

  17. Chen, C.M., Wang, K.H., Wu, T.Y., Pan, J.S., Sun, H.M.: A scalable transitive human-verifiable authentication protocol for mobile devices. IEEE Trans. Inf. Forensics Secur. 8(8), 1318–1330 (2013)

    Article  Google Scholar 

  18. Yang, J., Zhang, Z.: A new anonymous password-based authenticated key exchange protocol. In: International Conference on Cryptology in India, pp. 200–212. Springer (2008)

    Google Scholar 

  19. Shin, S.H., Kobara, K., Imai, H.: Very-efficient anonymous password-authenticated key exchange and its extensions. In: International Symposium on Applied Algebra, Algebraic Algorithms, and Error-Correcting Codes, pp. 149–158. Springer (2009)

    Google Scholar 

  20. Zhang, Z., Yang, K., Hu, X., Wang, Y.: Practical anonymous password authentication and TLS with anonymous client authentication. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1179–1191. ACM (2016)

    Google Scholar 

Download references

Acknowledgement

The work of Chien-Ming Chen was supported in part by the Project NSFC (National Natural Science Foundation of China) under Grant number 61402135 and in part by Shenzhen Technical Project under Grant number JCYJ20170307151750788. The work of Eric Ke Wang was supported in part by National Natural Science Foundation of China (No. 61572157), grant No. 2016A030313660 from Guangdong Province Natural Science Foundation, JCYJ20160608161351559 from Shenzhen Municipal Science and Technology Innovation Project.

Author information

Authors and Affiliations

  1. Fujian Provincial Key Laboratory of Big Data Mining and Applications, Fujian University of Technology, Fuzhou, 350118, China

    Tsu-Yang Wu

  2. National Demonstration Center for Experimental Electronic Information and Electrical Technology Education, Fujian University of Technology, Fuzhou, 350118, China

    Tsu-Yang Wu

  3. Harbin Institute of Technology Shenzhen Graduate School, Shenzhen, China

    Weicheng Fang, Chien-Ming Chen & Eric Ke Wang

Authors
  1. Tsu-Yang Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Weicheng Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chien-Ming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eric Ke Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tsu-Yang Wu .

Editor information

Editors and Affiliations

  1. Department of Computer Science, VÅ B-Technical University of Ostrava , Ostrava-Poruba, Czech Republic

    Pavel Krömer

  2. Dept. Lenguajes y Ciencias de la Computación, University of Málaga, Málaga, Spain

    Enrique Alba

  3. Fujian University of Technology, Fuzhou, Fujian, China

    Jeng-Shyang Pan

  4. Department of Computer Science, VÅ B-Technical University of Ostrava, Ostrava-Poruba, Czech Republic

    Václav Snášel

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Wu, TY., Fang, W., Chen, CM., Wang, E.K. (2018). Efficient Anonymous Password-Authenticated Key Exchange Scheme Using Smart Cards. In: Krömer, P., Alba, E., Pan, JS., Snášel, V. (eds) Proceedings of the Fourth Euro-China Conference on Intelligent Data Analysis and Applications. ECC 2017. Advances in Intelligent Systems and Computing, vol 682. Springer, Cham. https://doi.org/10.1007/978-3-319-68527-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68527-4_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68526-7

  • Online ISBN: 978-3-319-68527-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation