An Effective and Robust Secure Remote User Authenticated Key Agreement Scheme Using Smart Cards in Wireless Communication Systems
Authentication protocol in wireless communication systems is important to protect the sensitive information against a malicious adversary by means of providing a variety of services, such as user credentials’ privacy, session key security (we call it as SK-security), mutual authentication, and user revocation facility when a user’s credentials are unexpectedly revealed. Thus, understanding the security failures of authentication schemes is a key for both patching to the existing schemes and designing the future schemes. Recently, Li et al. showed security drawbacks of Chen et al.’s scheme and proposed an improvement. Later, Islam identified various security flaws in Li et al.’s scheme and proposed further enhancement to remedy these flaws. However, in this paper, we show that Islam’s enhancement has still some security pitfalls. In addition, all these schemes suffer from the time-synchronization problem. We then present a more secure and robust remote user authenticated key agreement scheme in order to remedy the security flaws found in Islam’s scheme. Through the formal security analysis using the widely-accepted Burrows–Abadi–Needham logic (BAN logic), we show that our scheme provides secure mutual authentication. Furthermore, the formal and informal security analysis show that our scheme is secure against various known attacks including the offline password guessing attack when smart card of a user is lost/stolen, and our scheme also provides SK-security, user anonymity, and avoids the time-synchronization problem. We further simulate our scheme for the formal security verification using the widely-accepted and widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results clearly indicate that the proposed scheme is safe. Thus, our scheme provides high security along with more functionality features as compared to Li et al.’s scheme and Islam’s scheme. As a result, our scheme is very suitable for practical applications.
KeywordsSK-security Credential privacy Secure mutual authentication Key establishment BAN logic Security
- 1.Automated validation of internet security protocols and applications. http://www.avispa-project.org/package/usermanual. Accessed on March 2013.
- 2.Automated validation of internet security protocols and applications, avispa web tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed on October 2014.
- 4.Bellare, M., Canetti, R., & Krawczyk, H. (1998). A modular approach to the design and analysis of authentication and key exchange protocols. In Proceedings of the thirtieth annual ACM symposium on theory of computing (pp. 419–428). ACM.Google Scholar
- 7.Chatterjee, S., & Das, A. K. (2014). An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. Security and Communication Networks. doi:10.1002/sec.1140.
- 11.Chuang, Y. H., & Tseng, Y. M. (2010). An efficient dynamic group key agreement protocol for imbalanced wireless networks. International Journal of Network Management, 20(4), 167–180.Google Scholar
- 17.Goldwasser, S., & Bellare, M. (2008). Lecture notes on cryptography. Summer course “Cryptography and Computer Security” at MIT (pp. 1–289). http://cseweb.ucsd.edu/mihir/papers/gb.html. Accessed on September 2014.
- 20.Islam, S. K. (2014). Design and analysis of an improved smartcard-based remote user password authentication scheme. International Journal of Communication Systems. doi:10.1002/dac.2793.
- 21.Katz, J., & Lindell, Y. (2007). Introduction to modern cryptography: Principles and protocols. CRC Press. http://www.cs.ucdavis.edu/rogaway/classes/227/fall03/book/index.html. Accessed on September 2014
- 22.Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. Advances in Cryptology-CRYPTO’99 (pp. 388–397). California: Springer.Google Scholar
- 27.Lin, H. Y. (2014). Efficient mobile dynamic id authentication and key agreement scheme without trusted servers. International Journal of Communication Systems. doi:10.1002/dac.2818.
- 30.Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Networking and Applications 1–22.Google Scholar
- 31.Odelu, V., Das, A. K., & Goswami, A. (2014). A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks. Security and Communication Networks. doi:10.1002/sec.1139.
- 33.von Oheimb, D. (2005). The high-level protocol specification language HLPSL developed in the EU project AVISPA. In Proceedings of APPSEM 2005 Workshop (pp. 1–17). Tallinn.Google Scholar
- 36.Sood, S. K., Sarje, A. K., & Singh, K. (2010). An improvement of Xu et al.’s authentication scheme using smart cards. In Proceedings of the third annual ACM Bangalore conference (p. 15). ACM.Google Scholar
- 37.Stallings, W. (2003). Cryptography and network security: Principles and practices (3rd ed.). New Delhi: Pearson Education.Google Scholar
- 39.Wang, D., He, D., Wang, P., & Chu, C. (2014). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing. doi:10.1109/TDSC.2014.2355850.