Abstract
Anonymous authentication is designed to hide the user’s identity from any verifiers during an authentication session. Since passwords prevail in many authentication systems, anonymous password-authenticated key exchange (APAKE) has become a candidate technique for privacy-enhancing applications. Recently, Shin and Kobara proposed an improved APAKE protocol using general devices such as public directories. However, we find that their scheme is vulnerable to a credential forgery attack. Then, we propose an efficient protocol using tamper resistant smart cards. The security and efficiency analysis shows that our protocol obtains high security and efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chai, Z., Cao, Z., Lu, R.: Efficient password-based authentication and key exchange scheme preserving user privacy. In: International Conference on Wireless Algorithms, Systems, and Applications, pp. 467–477. Springer (2006)
Viet, D.Q., Yamamura, A., Tanaka, H.: Anonymous password-based authenticated key exchange. In: International Conference on Cryptology in India, pp. 244–257. Springer (2005)
Kim, S., Rhee, H.S., Chun, J.Y., Lee, D.H.: Anonymous and traceable authentication scheme using smart cards. In: International Conference on Information Security and Assurance, ISA 2008, pp. 162–165. IEEE (2008)
Liu, Y., Zhao, Z., Li, H., Luo, Q., Yang, Y.: An efficient remote user authentication scheme with strong anonymity. In: 2008 International Conference on Cyberworlds, pp. 180–185. IEEE (2008)
Shao, S., Li, H., Niu, X., Yang, Y.: A remote user authentication scheme preserving user anonymity and traceability. In: 5th International Conference on Wireless Communications, Networking and Mobile Computing, WiCom 2009, pp. 1–4. IEEE (2009)
Yang, Y., Zhou, J., Weng, J., Bao, F.: A new approach for anonymous password authentication. In: Annual Computer Security Applications Conference, ACSAC 2009, pp. 199–208. IEEE (2009)
Yang, Y., Zhou, J., Wong, J.W., Bao, F.: Towards practical anonymous password authentication. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 59–68. ACM (2010)
Qian, H., Gong, J., Zhou, Y.: Anonymous password-based key exchange with low resources consumption and better user-friendliness. Secur. Commun. Netw. 5(12), 1379–1393 (2012)
Yang, Y., Lu, H., Liu, J.K., Weng, J., Zhang, Y., Zhou, J.: Credential wrapping: from anonymous password authentication to anonymous biometric authentication. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 141–151. ACM (2016)
Shin, S., Kobara, K.: Simple anonymous password-based authenticated key exchange (SAPAKE), reconsidered. IEICE Trans. Fundam. Electron. Commun. Compu. Sci. 100, 639–652 (2017)
Shin, S., Kobara, K.: A secure anonymous password-based authentication protocol with control of authentication numbers. In: 2016 International Symposium on Information Theory and its Applications (ISITA), pp. 325–329. IEEE (2016)
Son, K., Han, D.G., Won, D.: Simple and provably secure anonymous authenticated key exchange with a binding property. IEICE Trans. Commun. 98(1), 160–170 (2015)
Chen, C.M., Li, C.T., Liu, S., Wu, T.Y., Pan, J.S.: A provable secure private data delegation scheme for mountaineering events in emergency system. IEEE Access 5, 3410–3422 (2017)
Chen, C.M., Fang, W., Wang, K.H., Wu, T.Y.: Comments on an improved secure and efficient password and chaos-based two-party key agreement protocol. Nonlinear Dyn. 87(3), 2073–2075 (2017)
Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 2, 61–65 (2016)
Sun, H.M., He, B.Z., Chen, C.M., Wu, T.Y., Lin, C.H., Wang, H.: A provable authenticated group key agreement protocol for mobile environment. Inf. Sci. 321, 224–237 (2015)
Chen, C.M., Wang, K.H., Wu, T.Y., Pan, J.S., Sun, H.M.: A scalable transitive human-verifiable authentication protocol for mobile devices. IEEE Trans. Inf. Forensics Secur. 8(8), 1318–1330 (2013)
Yang, J., Zhang, Z.: A new anonymous password-based authenticated key exchange protocol. In: International Conference on Cryptology in India, pp. 200–212. Springer (2008)
Shin, S.H., Kobara, K., Imai, H.: Very-efficient anonymous password-authenticated key exchange and its extensions. In: International Symposium on Applied Algebra, Algebraic Algorithms, and Error-Correcting Codes, pp. 149–158. Springer (2009)
Zhang, Z., Yang, K., Hu, X., Wang, Y.: Practical anonymous password authentication and TLS with anonymous client authentication. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1179–1191. ACM (2016)
Acknowledgement
The work of Chien-Ming Chen was supported in part by the Project NSFC (National Natural Science Foundation of China) under Grant number 61402135 and in part by Shenzhen Technical Project under Grant number JCYJ20170307151750788. The work of Eric Ke Wang was supported in part by National Natural Science Foundation of China (No. 61572157), grant No. 2016A030313660 from Guangdong Province Natural Science Foundation, JCYJ20160608161351559 from Shenzhen Municipal Science and Technology Innovation Project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Wu, TY., Fang, W., Chen, CM., Wang, E.K. (2018). Efficient Anonymous Password-Authenticated Key Exchange Scheme Using Smart Cards. In: Krömer, P., Alba, E., Pan, JS., Snášel, V. (eds) Proceedings of the Fourth Euro-China Conference on Intelligent Data Analysis and Applications. ECC 2017. Advances in Intelligent Systems and Computing, vol 682. Springer, Cham. https://doi.org/10.1007/978-3-319-68527-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-68527-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68526-7
Online ISBN: 978-3-319-68527-4
eBook Packages: EngineeringEngineering (R0)