Wireless Personal Communications

, Volume 84, Issue 4, pp 2571–2598 | Cite as

An Effective and Robust Secure Remote User Authenticated Key Agreement Scheme Using Smart Cards in Wireless Communication Systems

Article

Abstract

Authentication protocol in wireless communication systems is important to protect the sensitive information against a malicious adversary by means of providing a variety of services, such as user credentials’ privacy, session key security (we call it as SK-security), mutual authentication, and user revocation facility when a user’s credentials are unexpectedly revealed. Thus, understanding the security failures of authentication schemes is a key for both patching to the existing schemes and designing the future schemes. Recently, Li et al. showed security drawbacks of Chen et al.’s scheme and proposed an improvement. Later, Islam identified various security flaws in Li et al.’s scheme and proposed further enhancement to remedy these flaws. However, in this paper, we show that Islam’s enhancement has still some security pitfalls. In addition, all these schemes suffer from the time-synchronization problem. We then present a more secure and robust remote user authenticated key agreement scheme in order to remedy the security flaws found in Islam’s scheme. Through the formal security analysis using the widely-accepted Burrows–Abadi–Needham logic (BAN logic), we show that our scheme provides secure mutual authentication. Furthermore, the formal and informal security analysis show that our scheme is secure against various known attacks including the offline password guessing attack when smart card of a user is lost/stolen, and our scheme also provides SK-security, user anonymity, and avoids the time-synchronization problem. We further simulate our scheme for the formal security verification using the widely-accepted and widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results clearly indicate that the proposed scheme is safe. Thus, our scheme provides high security along with more functionality features as compared to Li et al.’s scheme and Islam’s scheme. As a result, our scheme is very suitable for practical applications.

Keywords

SK-security Credential privacy Secure mutual authentication Key establishment BAN logic Security 

References

  1. 1.
    Automated validation of internet security protocols and applications. http://www.avispa-project.org/package/usermanual. Accessed on March 2013.
  2. 2.
    Automated validation of internet security protocols and applications, avispa web tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed on October 2014.
  3. 3.
    Basin, D., Modersheim, S., & Vigano, L. (2005). OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 4(3), 181–208.CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Canetti, R., & Krawczyk, H. (1998). A modular approach to the design and analysis of authentication and key exchange protocols. In Proceedings of the thirtieth annual ACM symposium on theory of computing (pp. 419–428). ACM.Google Scholar
  5. 5.
    Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.CrossRefGoogle Scholar
  6. 6.
    Canetti, R., & Krawczyk, H. (2001). Analysis of key-exchange protocols and their use for building secure channels. Advances in Cryptology-EUROCRYPT 2001 (pp. 453–474). Heidelberg: Springer.CrossRefGoogle Scholar
  7. 7.
    Chatterjee, S., & Das, A. K. (2014). An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. Security and Communication Networks. doi:10.1002/sec.1140.
  8. 8.
    Chen, B. L., Kuo, W. C., & Wuu, L. C. (2014). Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems, 27(2), 377–389.CrossRefGoogle Scholar
  9. 9.
    Chen, T. H., Hsiang, H. C., & Shih, W. K. (2011). Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Generation Computer Systems, 27(4), 377–380.MATHCrossRefGoogle Scholar
  10. 10.
    Chien, H. Y., Jan, J. K., & Tseng, Y. M. (2002). An efficient and practical solution to remote authentication: Smart card. Computers and Security, 21(4), 372–375.CrossRefGoogle Scholar
  11. 11.
    Chuang, Y. H., & Tseng, Y. M. (2010). An efficient dynamic group key agreement protocol for imbalanced wireless networks. International Journal of Network Management, 20(4), 167–180.Google Scholar
  12. 12.
    Das, A. K. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 5(3), 145–151.CrossRefGoogle Scholar
  13. 13.
    Das, A. K., & Bruhadeshwar, B. (2013). An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. Journal of Medical Systems, 37(5), 1–17.CrossRefGoogle Scholar
  14. 14.
    Das, A. K., & Goswami, A. (2013). A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(3), 1–16.CrossRefGoogle Scholar
  15. 15.
    Das, A. K., Paul, N. R., & Tripathy, L. (2012). Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Information Sciences, 209(C), 80–92.MATHMathSciNetCrossRefGoogle Scholar
  16. 16.
    Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.MATHMathSciNetCrossRefGoogle Scholar
  17. 17.
    Goldwasser, S., & Bellare, M. (2008). Lecture notes on cryptography. Summer course “Cryptography and Computer Security” at MIT (pp. 1–289). http://cseweb.ucsd.edu/mihir/papers/gb.html. Accessed on September 2014.
  18. 18.
    Hsu, C. L. (2004). Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces, 26(3), 167–169.CrossRefGoogle Scholar
  19. 19.
    Huang, X., Chen, X., Li, J., Xiang, Y., & Xu, L. (2014). Further observations on smart-card-based password-authenticated key agreement in distributed systems. IEEE Transactions on Parallel and Distributed Systems, 25(7), 1767–1775.CrossRefGoogle Scholar
  20. 20.
    Islam, S. K. (2014). Design and analysis of an improved smartcard-based remote user password authentication scheme. International Journal of Communication Systems. doi:10.1002/dac.2793.
  21. 21.
    Katz, J., & Lindell, Y. (2007). Introduction to modern cryptography: Principles and protocols. CRC Press. http://www.cs.ucdavis.edu/rogaway/classes/227/fall03/book/index.html. Accessed on September 2014
  22. 22.
    Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. Advances in Cryptology-CRYPTO’99 (pp. 388–397). California: Springer.Google Scholar
  23. 23.
    Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.MathSciNetCrossRefGoogle Scholar
  24. 24.
    Lee, N. Y., & Chiu, Y. C. (2005). Improved remote authentication scheme with smart card. Computer Standards and Interfaces, 27(2), 177–180.CrossRefGoogle Scholar
  25. 25.
    Lee, S. W., Kim, H. S., & Yoo, K. Y. (2005). Improvement of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces, 27(2), 181–183.CrossRefGoogle Scholar
  26. 26.
    Li, X., Niu, J., Khan, M. K., & Liao, J. (2013). An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 36(5), 1365–1371.CrossRefGoogle Scholar
  27. 27.
    Lin, H. Y. (2014). Efficient mobile dynamic id authentication and key agreement scheme without trusted servers. International Journal of Communication Systems. doi:10.1002/dac.2818.
  28. 28.
    Lv, C., Ma, M., Li, H., Ma, J., & Zhang, Y. (2013). An novel three-party authenticated key exchange protocol using one-time key. Journal of Network and Computer Applications, 36(1), 498–503.CrossRefGoogle Scholar
  29. 29.
    Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetCrossRefGoogle Scholar
  30. 30.
    Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Networking and Applications 1–22.Google Scholar
  31. 31.
    Odelu, V., Das, A. K., & Goswami, A. (2014). A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks. Security and Communication Networks. doi:10.1002/sec.1139.
  32. 32.
    Odelu, V., Das, A. K., & Goswami, A. (2014). A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Information Sciences, 269(C), 270–285.MathSciNetCrossRefGoogle Scholar
  33. 33.
    von Oheimb, D. (2005). The high-level protocol specification language HLPSL developed in the EU project AVISPA. In Proceedings of APPSEM 2005 Workshop (pp. 1–17). Tallinn.Google Scholar
  34. 34.
    Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security, 13(4), 33.CrossRefGoogle Scholar
  35. 35.
    Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards and Interfaces, 32(5), 321–325.CrossRefGoogle Scholar
  36. 36.
    Sood, S. K., Sarje, A. K., & Singh, K. (2010). An improvement of Xu et al.’s authentication scheme using smart cards. In Proceedings of the third annual ACM Bangalore conference (p. 15). ACM.Google Scholar
  37. 37.
    Stallings, W. (2003). Cryptography and network security: Principles and practices (3rd ed.). New Delhi: Pearson Education.Google Scholar
  38. 38.
    Tsai, J. L., Lo, N. W., & Wu, T. C. (2013). Novel anonymous authentication scheme using smart cards. IEEE Transactions on Industrial Informatics, 9(4), 2004–2013.CrossRefGoogle Scholar
  39. 39.
    Wang, D., He, D., Wang, P., & Chu, C. (2014). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing. doi:10.1109/TDSC.2014.2355850.
  40. 40.
    Wang, D., & Ma, C. G. (2013). Cryptanalysis of a remote user authentication scheme for mobile client–server environment based on ECC. Information Fusion, 14(4), 498–503.CrossRefGoogle Scholar
  41. 41.
    Wu, L., Zhang, Y., & Wang, F. (2009). A new provably secure authentication and key agreement protocol for sip using ECC. Computer Standards and Interfaces, 31(2), 286–291.CrossRefGoogle Scholar
  42. 42.
    Wu, S. T., & Chieu, B. C. (2003). A user friendly remote authentication scheme with smart cards. Computers and Security, 22(6), 547–550.CrossRefGoogle Scholar
  43. 43.
    Xu, J., Zhu, W. T., & Feng, D. G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Department of MathematicsIndian Institute of TechnologyKharagpurIndia
  2. 2.Center for Security, Theory and Algorithmic ResearchInternational Institute of Information TechnologyHyderabadIndia

Personalised recommendations