Information Systems Frontiers

, Volume 16, Issue 1, pp 113–127 | Cite as

Enhanced Dynamic Authentication Scheme (EDAS)

  • Toan-Thinh Truong
  • Minh-Triet Tran
  • Anh-Duc Duong
Article

Abstract

With non-stop growth in network environments, communication security is necessary. A strong protocol guarantees that users and service providers are secure against many kinds of attacks, such as impersonation and replay attack. Sood et al. proposed an authentication scheme based on dynamic identity to prevent transactions from being intercepted by malicious users. Although they claimed that their scheme has advantages over previous schemes with the same approach, we prove that their scheme is vulnerable to impersonation attack and stolen verification attack, and can be affected by clock synchronization. Therefore we propose a novel authentication scheme to enhance security and overcome limitations existing in Sood’s scheme. Our security analysis shows that our proposed method can efficiently resist known types of attacks. Experimental results also show that the method can be implemented and processed in real-time thus applicable for not only regular computers but also mobile devices.

Keywords

Mutual authentication Smartcard Identity-based scheme Security protocol Dynamic identity Session key agreement Hash function Password Cryptography Network communication 

References

  1. Boyd, C., & Choo, K. (2005). Security of two-party identity-based key agreement. Expert Systems with Applications, 3715, 229–243.Google Scholar
  2. Burrows, M., Abadi, M., Needham, R. (1990). A logic of authentication. ACM Transactions on Computer System, 8, 18–36.CrossRefGoogle Scholar
  3. Canetti, R., & Krawczyk, H. (2001). Analysis of key exchange schemes and their use for building secure channels. In Advances in cryptology-eurocrypt (pp. 451–472) Verlag: Springer.Google Scholar
  4. Cao, X., Kou, W., Dang, L., Zhao, B. (2008). Identity-based multi-user broadcast authentication in wireless sensor networks. Computer Communications, 31, 659667.CrossRefGoogle Scholar
  5. Chen, C.-L., Lee, C.-C., Hsu, C.-Y. (2011). Mobile device integration of a fingerprint biometric remote authentication scheme. International Journal of Communication Systems. doi:10.1002/dac.1277.
  6. Cheng, Z., Nistazakis, M., Comley, R., Vasiu, L. (2005). On the indistinguishability-based security model of key agreement schemes-simple cases. In Cryptology ePrint Archive, Report.Google Scholar
  7. Cheng, Z.-Y., Liu, Y., Chang, C.-C., Chang, S.-C. (2012). A smart card based authentication scheme for remote user login and verification. International Journal of Innovative Computing, Information and Control, 8(8), 5499–5511.Google Scholar
  8. Das, M.L., Saxena, A., Gulati, V.P. (2004). A dynamic id-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.CrossRefGoogle Scholar
  9. Debiao, H., Jianhua, C., Jin, H. (2011). An id-based client authentication with key agreement protocol for mobile clientserver environment on ecc with provable security. Information Fusion.Google Scholar
  10. ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information, 31, 469–472.CrossRefGoogle Scholar
  11. Hankerson, D., Menezes, A.J., Vanstone, S. (2003). Guide to Elliptic Curve Cryptography. Secaucus: Springer-Verlag.Google Scholar
  12. Hwang, M.S., Lee, C.C., Tang, Y.L. (2002). A simple remote user authentication scheme. Mathematical and Computer Modelling, 36, 103–107.CrossRefGoogle Scholar
  13. Islam, S.H., & Biswas, G.P. (2011). A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software, 84(11), 1892–1898.CrossRefGoogle Scholar
  14. Khan, M.K., & Zhang, J. (2007). Improving the security of ’a flexible biometrics remote user authentication scheme. Computer Standards and Interfaces, 29(1), 82–85.CrossRefGoogle Scholar
  15. Khana, M.K., Kimb, S.-K., Alghathbara, K. (2010). Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Computer Communications, 34(3), 305–309.CrossRefGoogle Scholar
  16. Koblitz, N. (1987). Elliptic curve cryptosystem. Mathematics of Computation, 48, 203–209.CrossRefGoogle Scholar
  17. Kocher, P., Jaffe, J., Jun, B. (1999). Differential power analysis. In Proceddings CRYPTO (pp. 388–397). Springer Verlag.Google Scholar
  18. Ku, W., & Chang, S. (2005). Impersonation attack on a dynamic id-based remote user authentication scheme using smart cards. IEICE Transactions on Communications, E88-B(5), 2165–2167.CrossRefGoogle Scholar
  19. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24, 770–772.CrossRefGoogle Scholar
  20. Lee, C.C., Hwang, M.S., Yang, W.P. (2002). Flexible remote user authentication scheme using smart cards. IEEE Transactions on Neural Network, 36(3), 46–52.Google Scholar
  21. Lee, C.-C., Lin, T.-H., Chang, R.-X. (2011). A secure dynamic id based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13 863–13 870.Google Scholar
  22. Lee, J.K., Ryu, S.R., Yoo, K.Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38, 554–555.CrossRefGoogle Scholar
  23. Li, C.-T., & Hwang, M.-S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.CrossRefGoogle Scholar
  24. Li, F., Xin, X., Hu, Y. (2008). Indentity-based broadcast signcryption. Computer Standards and Interfaces, 30(12), 89–94.CrossRefGoogle Scholar
  25. Li, L.H., Lin, I.C., Hwang, M.S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Network, 12(6), 1498–1504.CrossRefGoogle Scholar
  26. Li, X., Niu, J., Ma, J., Wang, W., Liu, C.-L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal Network and Computer Applications, 34(1), 73–79.CrossRefGoogle Scholar
  27. Liao, I.E., Lee, C.C., Hwang, M.S. (2005). Security enhancement for a dynamic id-based remote user authentication scheme. International Conference on Next Generation Web Services Practices, 6(2), 517–522.Google Scholar
  28. Lin, C.-H., & Lai, Y.-Y. (2004). A flexible biometrics remote user authentication scheme. Computer Standards and Interfaces, 27(1), 19–23.CrossRefGoogle Scholar
  29. Liou, Y., Lin, J., Wang, S. (2006). A new dynamic id-based remote user authentication scheme using smart cards. In Proceedings of 16th information security conference (pp. 198–205).Google Scholar
  30. Messerges, T.S., Dabbish, E.A., Sloan, R.H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.CrossRefGoogle Scholar
  31. Miller, V.S. (1986). Use of elliptic curves in cryptography. Proceedings of CRYPTO85, 218, 417–426.Google Scholar
  32. Oh, J.-B., Yoon, E.-J., Yoo, K.-Y. (2007). An efficient id-based authenticated key agreement protocol with pairings. 4742, 446–456. doi:10.1007/978-3-540-74742-0_41.
  33. Rivest, R.L., Shamir, A., Adleman, L. (1978). A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21(2), 120–126.CrossRefGoogle Scholar
  34. Ryu, E., Yoon, E., Yoo, K. (2004). An efficient id-based authenticated key agreement protocol. NETWORKING, 3042.Google Scholar
  35. Shamir, A. (1984). Identity based cryptosystems and signature schemes. Proceedings of CRYPTO84 (pp. 47–53). LNCS, Springer-Verlag.Google Scholar
  36. Shen, J.-J., Lin, C.-W., Hwang, M.-S. (2003). A modified remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 49(2), 414–416.CrossRefGoogle Scholar
  37. Shih, H. (2008). Cryptanalysis on two password authentication schemes. Master Thesis.Google Scholar
  38. Shim, K. (2003). Efficient id-based authenticated key agreement protocol based on the weil pairing. Electron, 39(8), 653–654.Google Scholar
  39. Sood, S.K., Sarje, A.K., Singh, K. (2010). An improvement of liou et al.s authentication scheme using smart cards. International Journal of Computer Applications, 1(8), 16–23.CrossRefGoogle Scholar
  40. Sun, H., & Hsieh, B. (2003). Security analysis of shims authenticated key agreement protocols from parings. Cryptology ePrint Archive, Report 2003/113.Google Scholar
  41. Tsai, J.-L., Wu, T.-C., Tsai, K.-Y. (2010). New dynamic id authentication scheme using smart cards. International Journal Communication Systems, 23(12), 1449–1462.CrossRefGoogle Scholar
  42. Yang, J.-H., & Chang, C.-C. (2009). An id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers and Security, 28(3–4), 138–143.CrossRefGoogle Scholar
  43. Yoon, E.J., & Yoo, K.Y. (2006). Improving the dynamic id-based remote mutual authentication scheme. First International Workshop on Information Security, 4277, 499–507.Google Scholar
  44. Yoon, E.-J., & Yoo, K.-Y. (2009). Robust id-based remote mutual authentication with key agreement scheme for mobile devices on ecc. IEEE International Conference on Computational Science and Engineering, 2, 633–640.Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Toan-Thinh Truong
    • 1
  • Minh-Triet Tran
    • 1
  • Anh-Duc Duong
    • 2
  1. 1.University of Science, VNU-HCMHo Chi MinhVietnam
  2. 2.University of Information Technology, VNU-HCMHo Chi MinhVietnam

Personalised recommendations