Abstract
One of the cryptographic services i.e., authentication is very essential for the servers to identify authorized users and to neglect unauthorized users. In this work, we have considered Awasthi’s scheme and shown that the same scheme is vulnerable to several serious attacks. This paper not only describes the security pitfalls of Awasthi’s scheme but also designs a new scheme using bilinear pairing to protect the system from existing security drawbacks with other attractive features like strong mutual authentication, smart card stolen threat protection. Strong security of eUASBP is ensured through security analysis of eUASBP based on BAN logic. eUASBP reaches the BAN logic goals by the application of BAN rules. Our informal security analysis shows that proposed eUASBP provides security against attacks possible with smart card based applications. In addition to that eUASBP provides mutual authentication, session key agreement, and early wrong password detection. Bayat et al. authentication scheme also provides security against possible attacks of smart card based applications but doesn’t support session key agreement and early wrong password detection. Computation cost of eUASBP is less when compared with other authentication schemes. Since eUASBP uses less number of bilinear operations when compared with other related authentication schemes. The performance analysis shows that our protocol is more secure in comparison with state of the art and also better in terms of storage, computation and communication overheads.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abadi M, Tuttle MR (1990) A logic of authentication. ACM Trans Compute Syst 8:18–36
Amin R, Biswas G (2015a) An improved RSA based user authentication and session key agreement protocol usable in TMIS. J Med Syst 39(8):79
Amin R, Biswas G (2015b) A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity. J Med Syst 39(8):78
Awasthi AK (2012) An improved remote user authentication scheme with smart cards using bilinear pairings. Int J Appl Math Comput 4(4):382–389
Bayat M, Sabzinejad M, Movahed A (2010) A novel secure bilinear pairing based remote user authentication scheme with smart card. In: 2010 IEEE/IFIP 8th international conference on embedded and ubiquitous computing (EUC). IEEE, pp 578–582
Bond M, Choudary MO, Murdoch SJ, Skorobogatov S, Anderson R (2015) Be prepared: the emv preplay attack. IEEE Secur Priv 13(2):56–64
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc Lond A 426(1871):233–271
Chou JS, Chen Y, Lin JY (2005) Improvement of Manik et al.’s remote user authentication scheme. IACR Cryptol ePrint Arch 2005:450
Das ML, Saxena A, Gulati VP (2004) A dynamic id-based remote user authentication scheme. IEEE Trans Consum Electron 50(2):629–631
Das ML, Saxena A, Gulati VP, Phatak DB (2006) A novel remote user authentication scheme using bilinear pairings. Comput Secur 25(3):184–189
Fang G, Huang G (2006) Improvement of recently proposed remote user authentication schemes. IACR Cryptol ePrint Arch 2006:200
Giri D, Srivastava P (2006) An improved remote user authentication scheme with smart cards using bilinear pairings. IACR Cryptol ePrint Arch 2006:274
Goriparthi T, Das ML, Negi A, Saxena A (2006) Cryptanalysis of recently proposed remote user authentication schemes. IACR Cryptol ePrint Arch 2006:28
Goriparthi T, Das ML, Saxena A (2009) An improved bilinear pairing based remote user authentication scheme. Comput Stand Interfaces 31(1):181–185
He D, Chen J, Zhang R (2011) An efficient identity-based blind signature scheme without bilinear pairings. Comput Electr Eng 37(4):444–450
Jia Z, Zhang Y, Shao H, Lin Y, Wang J (2006) A remote user authentication scheme using bilinear pairings and ECC. In: Sixth international conference on intelligent systems design and applications, 2006. ISDA’06, vol 2. IEEE, pp 1091–1094
Katz J, Menezes AJ, Van Oorschot PC, Vanstone SA (1996) Handbook of applied cryptography. CRC Press, Boca Raton, pp 41–42
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual international cryptology conference. Springer, pp 388–397
Li X, Niu J, Bhuiyan MZA, Wu F, Karuppiah M, Kumari S (2018a) A robust ECC-based provable secure authentication protocol with privacy preserving for industrial internet of things. IEEE Trans Ind Inform 14(8):3599–3609
Li X, Peng J, Niu J, Wu F, Liao J, Choo KKR (2018b) A robust and energy efficient authentication protocol for industrial internet of things. IEEE Internet Things J 5(3):1606–1615
Li X, Peng J, Obaidat MS, Wu F, Khan MK, Chen C (2019) A secure three-factor user authentication protocol with forward secrecy for wireless medical sensor network systems. IEEE Syst J. https://doi.org/10.1109/JSYST.2019.2899580
Maletsky K (2015) RSA vs ECC comparison for embedded systems. White paper. Atmel, San Jose, p 5
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Nicanfar H, Jokar P, Beznosov K, Leung VC (2014) Efficient authentication and key management mechanisms for smart grid communications. IEEE Syst J 8(2):629–640
Potlapally NR, Ravi S, Raghunathan A, Jha NK (2006) A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Trans Mobile Comput 5(2):128–143
Saxena N, Choi BJ (2016) Authentication scheme for flexible charging and discharging of mobile vehicles in the v2g networks. IEEE Trans Inf Forensics Secur 11(7):1438–1452
Stallings W (2006) Cryptography and Network Security, 4/E. Pearson Education India, Chennai, pp 1–700
Summers WC, Bosworth E (2004) Password policy: the good, the bad, and the ugly. In: Proceedings of the winter international synposium on information and communication technologies. Trinity College Dublin, pp 1–6
Sun HM, Leu MC (2009) An efficient authentication scheme for access control in mobile pay-tv systems. IEEE Trans Multimed 11(5):947–959
Tsai JL, Lo NW (2015) A privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J 9(3):805–815
Tsai JL, Wu TC, Tsai KY (2010) New dynamic id authentication scheme using smart cards. Int J Commun Syst 23(12):1449–1462
Tseng YM, Wu TY, Wu JD (2008) A pairing-based user authentication scheme for wireless clients with smart cards. Informatica 19(2):285–302
Ur B, Segreti SM, Bauer L, Christin N, Cranor LF, Komanduri S, Kurilova D, Mazurek ML, Melicher W, Shay R (2015) Measuring real-world accuracies and biases in modeling password guessability. In: USENIX security symposium, pp 463–481
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Rajaram, S., Maitra, T., Vollala, S. et al. eUASBP: enhanced user authentication scheme based on bilinear pairing. J Ambient Intell Human Comput 11, 2827–2840 (2020). https://doi.org/10.1007/s12652-019-01388-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-019-01388-x