Abstract
In recent years, with the rapid advance of wireless mobile networks, secure and efficient authentication mechanisms that can operate over insecure wireless channels have become increasingly essential. To improve the efficiency in the energy-limited mobile devices, many authentication schemes using elliptic curve cryptography (ECC) have been presented. However, these schemes are still inefficient in terms of computation cost and communication overhead. Moreover, they suffer from various attacks, making them impractical due to their inherent design. To address their weaknesses, we propose a more efficient ID-based authentication scheme on ECC for mobile client–server environments with considering security requirements. The proposed scheme not only provides mutual authentication but also achieves session key agreement between the client and the server. Through a rigorous formal security proof under random oracle model, it has been indicated that the proposed protocol is secure against security threats. The informal security analysis shows that our scheme can resist well-known attacks and provides user anonymity. Performance analysis and comparison results demonstrate that our scheme outperforms the related competitive works and is more suitable for practical application in mobile client–server environments.
Similar content being viewed by others
References
Shamir A (1984) Identity-based cryptosystems and signature schemes. Lect Notes Comput Sci 21:47–53
Ammayappan K, Saxena A, Negi A (2006) Mutual authentication and key agreement based on elliptic curve cryptography for GSM. In: International Conference on Advanced Computing and Communications, pp 183–186
Abichar PE, Mhamed A, Elhassan B (2007) A fast and secure elliptic curve based authenticated key agreement protocol for low power mobile communications. In: International Conference on Next Generation Mobile Applications, Services and Technologies, pp 235–240
Yang JH, Chang CC (2009) An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. J Syst Softw 82:1497–1502
Liu T, Zhu H (2010) An ID-based multi-server authentication with key agreement scheme without verification table on elliptic curve cryptosystem. In: International Conference on Computational Aspects of Social Networks, pp 61–64
Reddy AG, Das AK, Yoon EJ, Yoo KY (2016) A secure anonymous authentication protocol for mobile services on elliptic curve cryptography. IEEE Access 4:4394–4407
Lee CI, Chien HY (2015) An elliptic curve cryptography-based RFID authentication securing e-health system. Int J Distrib Sens Netw 11:642425
Chien HY (2017) Elliptic curve cryptography-based RFID authentication resisting active tracking. Wirel Pers Commun 94:2925–2936
Scott M, Costigan N, Abdulwahab W (2006) Implementing cryptographic pairings on smartcards. In: International Conference on Cryptographic Hardware and Embedded Systems, pp 134–147
Hou H, Ji X, Liu G (2008) A novel access authentication scheme based on ECC for 3G-WLAN interworking network. In: International Conference on Computer Science and Software Engineering, pp 1237–1241
Yang JH, Chang CC (2009) An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Comput Secur 28:138–143
Yoon EJ, Yoo KY (2009) Robust ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In: International Conference on Computational Science and Engineering, pp 633–640
Islam SKH, Biswas GP (2011) A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84:1892–1898. https://doi.org/10.1016/j.jss.2011.06.061
Truong TT, Tran MT, Duong AD (2012) Improvement of the more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In: International Conference on Advanced Information Networking and Applications Workshops, pp 698–703
He D, Chen J, Jin H (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf Fusion 13:223–230
Islam SH, Biswas GP (2012) An improved ID-based client authentication with key agreement scheme on ECC for mobile client–server environments. Theor Appl Inform 24:293–312
Sun H, Wen Q, Zhang H, Jin Z (2013) A novel remote user authentication and key agreement scheme for mobile client–server environment. Appl Math Inf Sci 7:1365–1374
Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J Supercomput 69:395–411
Chou CH, Tsai KY, Lu CF (2013) Two ID-based authenticated schemes with key agreement for mobile environments. J Supercomput 66:973–988
Han W, Zhu Z (2015) An ID-based mutual authentication with key agreement protocol for multiserver environment on elliptic curve cryptosystem. Int J Commun Syst 27:1173–1185
Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Electr Eng 45:274–285. https://doi.org/10.1016/j.compeleceng.2015.02.015
Kaul SD, Awasthi AK (2016) Security enhancement of an improved remote user authentication scheme with key agreement. Wirel Pers Commun 89:621–637
Kumari S, Khan MK, Li X (2014) An improved remote user authentication scheme with key agreement. Comput Electr Eng 40:1997–2012. https://doi.org/10.1016/j.compeleceng.2014.05.007
He D, Zeadally S, Kumar N, Wu W (2016) Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures. IEEE Trans Inf Forensics Secur 11:2052–2064
Tsai JL, Lo NW (2017) A privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J 9:805–815
Chaudhry SA, Kim IL, Rho S et al (2017) An improved anonymous authentication scheme for distributed mobile cloud computing services. Cluster Comput. https://doi.org/10.1007/s10586-017-1088-9
Islam SH, Biswas GP (2017) A pairing-free identity-based two-party authenticated key agreement protocol for secure and efficient communication. J King Saud University Comput Inf Sci 29(1):63–73
Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp 62–73
Cao X, Kou W, Yu Y, Sun R (2008) Identity-based authenticated key agreement protocols without bilinear pairings. IEICE Trans Fundam Electron Commun Comput Sci 91-A:3833–3836
Wu TY, Tseng YM (2010) An efficient user authentication and key exchange protocol for mobile client–server environment. Comput Netw 54:1520–1530
Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Des Codes Cryptogr 19:173–193
Irshad A, Sher M, Ahmad HF et al (2016) An improved multi-server authentication scheme for distributed mobile cloud computing services. KSII Trans Internet Inf Syst 10:5529–5552
Luo M, Zhang Y, Khan MK, He D (2017) A secure and efficient identity-based mutual authentication scheme with smart card using elliptic curve cryptography. Int J Commun Syst 30(16):e3333
Odelu V, Kumar A, Kumari S et al (2017) Provably secure authenticated key agreement scheme for distributed mobile cloud computing services. Futur Gener Comput Syst 68:74–88. https://doi.org/10.1016/j.future.2016.09.009
Wang Z, Ma Z, Luo S, Gao H (2018) Enhanced instant message security and privacy protection scheme for mobile social network systems. IEEE Access 6:13706–13715
Al-Turjman F, Ever YK, Ever E et al (2017) Seamless key agreement framework for mobile-sink in IoT based cloud-centric secured public safety sensor networks. IEEE Access 5:24617–24631
Reddy AG, Yoon EJ, Das AK et al (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639
Acknowledgements
This research was supported by the Science and Technology Innovation Guidance Project 2017 of the Zhaoqing Science and Technology Bureau under Grant No 201704030605.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mo, J., Hu, Z. & Lin, Y. Remote user authentication and key agreement for mobile client–server environments on elliptic curve cryptography. J Supercomput 74, 5927–5943 (2018). https://doi.org/10.1007/s11227-018-2507-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-018-2507-2