Skip to main content
SpringerLink
Log in

Remote user authentication and key agreement for mobile client–server environments on elliptic curve cryptography

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

In recent years, with the rapid advance of wireless mobile networks, secure and efficient authentication mechanisms that can operate over insecure wireless channels have become increasingly essential. To improve the efficiency in the energy-limited mobile devices, many authentication schemes using elliptic curve cryptography (ECC) have been presented. However, these schemes are still inefficient in terms of computation cost and communication overhead. Moreover, they suffer from various attacks, making them impractical due to their inherent design. To address their weaknesses, we propose a more efficient ID-based authentication scheme on ECC for mobile client–server environments with considering security requirements. The proposed scheme not only provides mutual authentication but also achieves session key agreement between the client and the server. Through a rigorous formal security proof under random oracle model, it has been indicated that the proposed protocol is secure against security threats. The informal security analysis shows that our scheme can resist well-known attacks and provides user anonymity. Performance analysis and comparison results demonstrate that our scheme outperforms the related competitive works and is more suitable for practical application in mobile client–server environments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Shamir A (1984) Identity-based cryptosystems and signature schemes. Lect Notes Comput Sci 21:47–53

    MATH  Google Scholar 

  2. Ammayappan K, Saxena A, Negi A (2006) Mutual authentication and key agreement based on elliptic curve cryptography for GSM. In: International Conference on Advanced Computing and Communications, pp 183–186

  3. Abichar PE, Mhamed A, Elhassan B (2007) A fast and secure elliptic curve based authenticated key agreement protocol for low power mobile communications. In: International Conference on Next Generation Mobile Applications, Services and Technologies, pp 235–240

  4. Yang JH, Chang CC (2009) An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. J Syst Softw 82:1497–1502

    Article  Google Scholar 

  5. Liu T, Zhu H (2010) An ID-based multi-server authentication with key agreement scheme without verification table on elliptic curve cryptosystem. In: International Conference on Computational Aspects of Social Networks, pp 61–64

  6. Reddy AG, Das AK, Yoon EJ, Yoo KY (2016) A secure anonymous authentication protocol for mobile services on elliptic curve cryptography. IEEE Access 4:4394–4407

    Article  Google Scholar 

  7. Lee CI, Chien HY (2015) An elliptic curve cryptography-based RFID authentication securing e-health system. Int J Distrib Sens Netw 11:642425

    Article  Google Scholar 

  8. Chien HY (2017) Elliptic curve cryptography-based RFID authentication resisting active tracking. Wirel Pers Commun 94:2925–2936

    Article  Google Scholar 

  9. Scott M, Costigan N, Abdulwahab W (2006) Implementing cryptographic pairings on smartcards. In: International Conference on Cryptographic Hardware and Embedded Systems, pp 134–147

    Google Scholar 

  10. Hou H, Ji X, Liu G (2008) A novel access authentication scheme based on ECC for 3G-WLAN interworking network. In: International Conference on Computer Science and Software Engineering, pp 1237–1241

  11. Yang JH, Chang CC (2009) An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Comput Secur 28:138–143

    Article  Google Scholar 

  12. Yoon EJ, Yoo KY (2009) Robust ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In: International Conference on Computational Science and Engineering, pp 633–640

  13. Islam SKH, Biswas GP (2011) A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84:1892–1898. https://doi.org/10.1016/j.jss.2011.06.061

    Article  Google Scholar 

  14. Truong TT, Tran MT, Duong AD (2012) Improvement of the more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In: International Conference on Advanced Information Networking and Applications Workshops, pp 698–703

  15. He D, Chen J, Jin H (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf Fusion 13:223–230

    Article  Google Scholar 

  16. Islam SH, Biswas GP (2012) An improved ID-based client authentication with key agreement scheme on ECC for mobile client–server environments. Theor Appl Inform 24:293–312

    Google Scholar 

  17. Sun H, Wen Q, Zhang H, Jin Z (2013) A novel remote user authentication and key agreement scheme for mobile client–server environment. Appl Math Inf Sci 7:1365–1374

    Article  MathSciNet  Google Scholar 

  18. Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J Supercomput 69:395–411

    Article  Google Scholar 

  19. Chou CH, Tsai KY, Lu CF (2013) Two ID-based authenticated schemes with key agreement for mobile environments. J Supercomput 66:973–988

    Article  Google Scholar 

  20. Han W, Zhu Z (2015) An ID-based mutual authentication with key agreement protocol for multiserver environment on elliptic curve cryptosystem. Int J Commun Syst 27:1173–1185

    Article  Google Scholar 

  21. Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Electr Eng 45:274–285. https://doi.org/10.1016/j.compeleceng.2015.02.015

    Article  Google Scholar 

  22. Kaul SD, Awasthi AK (2016) Security enhancement of an improved remote user authentication scheme with key agreement. Wirel Pers Commun 89:621–637

    Article  Google Scholar 

  23. Kumari S, Khan MK, Li X (2014) An improved remote user authentication scheme with key agreement. Comput Electr Eng 40:1997–2012. https://doi.org/10.1016/j.compeleceng.2014.05.007

    Article  Google Scholar 

  24. He D, Zeadally S, Kumar N, Wu W (2016) Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures. IEEE Trans Inf Forensics Secur 11:2052–2064

    Article  Google Scholar 

  25. Tsai JL, Lo NW (2017) A privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J 9:805–815

    Article  Google Scholar 

  26. Chaudhry SA, Kim IL, Rho S et al (2017) An improved anonymous authentication scheme for distributed mobile cloud computing services. Cluster Comput. https://doi.org/10.1007/s10586-017-1088-9

    Article  Google Scholar 

  27. Islam SH, Biswas GP (2017) A pairing-free identity-based two-party authenticated key agreement protocol for secure and efficient communication. J King Saud University Comput Inf Sci 29(1):63–73

    Google Scholar 

  28. Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp 62–73

  29. Cao X, Kou W, Yu Y, Sun R (2008) Identity-based authenticated key agreement protocols without bilinear pairings. IEICE Trans Fundam Electron Commun Comput Sci 91-A:3833–3836

    Article  Google Scholar 

  30. Wu TY, Tseng YM (2010) An efficient user authentication and key exchange protocol for mobile client–server environment. Comput Netw 54:1520–1530

    Article  Google Scholar 

  31. Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Des Codes Cryptogr 19:173–193

    Article  MathSciNet  Google Scholar 

  32. Irshad A, Sher M, Ahmad HF et al (2016) An improved multi-server authentication scheme for distributed mobile cloud computing services. KSII Trans Internet Inf Syst 10:5529–5552

    Google Scholar 

  33. Luo M, Zhang Y, Khan MK, He D (2017) A secure and efficient identity-based mutual authentication scheme with smart card using elliptic curve cryptography. Int J Commun Syst 30(16):e3333

    Article  Google Scholar 

  34. Odelu V, Kumar A, Kumari S et al (2017) Provably secure authenticated key agreement scheme for distributed mobile cloud computing services. Futur Gener Comput Syst 68:74–88. https://doi.org/10.1016/j.future.2016.09.009

    Article  Google Scholar 

  35. Wang Z, Ma Z, Luo S, Gao H (2018) Enhanced instant message security and privacy protection scheme for mobile social network systems. IEEE Access 6:13706–13715

    Article  Google Scholar 

  36. Al-Turjman F, Ever YK, Ever E et al (2017) Seamless key agreement framework for mobile-sink in IoT based cloud-centric secured public safety sensor networks. IEEE Access 5:24617–24631

    Article  Google Scholar 

  37. Reddy AG, Yoon EJ, Das AK et al (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639

    Article  Google Scholar 

Download references

Acknowledgements

This research was supported by the Science and Technology Innovation Guidance Project 2017 of the Zhaoqing Science and Technology Bureau under Grant No 201704030605.

Author information

Authors and Affiliations

  1. School of Computer Science and Software, Zhaoqing University, Zhaoqing, 526061, China

    Jiaqing Mo & Zhongwang Hu

  2. Education Technology and Computer Center, Zhaoqing University, Zhaoqing, 526061, China

    Yuhua Lin

Authors
  1. Jiaqing Mo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhongwang Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuhua Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jiaqing Mo.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mo, J., Hu, Z. & Lin, Y. Remote user authentication and key agreement for mobile client–server environments on elliptic curve cryptography. J Supercomput 74, 5927–5943 (2018). https://doi.org/10.1007/s11227-018-2507-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-018-2507-2

Keywords

Search

Navigation