Skip to main content
SpringerLink
Log in

A lightweight authentication and key agreement protocol preserving user anonymity

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Nowadays with widespread employment of the Internet, servers provide various services for legal users. The vital issue in client/server connections is authentication protocols that make the communication channel safe and secure against famous attacks. Recently, Kumari et al. and Chaudhry et al. proposed two authentication and key agreement protocols and illustrated that their proposed protocols are secure against various security attacks. However, in this paper we demonstrate that both protocols are vulnerable to off-line password guessing attacks. Moreover, we show that Kumari et al.’s protocol does not provide the property of user anonymity. In order to overcome these weaknesses, we propose a lightweight authentication and key agreement protocol. The correctness of the proposed protocol is proved using BAN logic. Security analysis demonstrates that the proposed protocol resists various security attacks and provides user anonymity. Furthermore, performance analysis confirms that the computation cost of the proposed protocol is acceptable.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Amin R, Islam SH, Biswas GP, Khan MK, Li X (2015) Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J Med Syst 39(11):1–21

    Google Scholar 

  2. An Y (2013) Security improvements of dynamic id-based remote user authentication scheme with session key agreement. 15th International Conference on Advanced Communication Technology (ICACT)

  3. Arshad H, Nikooghadam M (2014) Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J Med Syst 38(12):1–12

    Article  Google Scholar 

  4. Arshad H, Nikooghadam M (2015) Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol. J Supercomput 71(8):3163–3180

    Article  Google Scholar 

  5. Arshad H, Nikooghadam M (2016) An efficient and secure authentication and key agreement scheme for session protocol using ECC. Multimed Tools Appl 75(1):181–197

    Article  Google Scholar 

  6. Arshad H, Teymoori V, Nikooghadam M, Abbassi H (2015) On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. J Med Syst 39(8):1–10. doi:10.1007/s10916-015-0259-6

    Article  Google Scholar 

  7. Awasthi A, Srivastava K, Mittal R (2011) An improved timestamp-based remote user authentication scheme. Comput Electr Eng 37(6):869–874

    Article  Google Scholar 

  8. Bonneau J (2012) The science of guessing: analyzing an anonymized corpus of 70 million passwords. In Security and Privacy (SP), 2012 I.E. Symposium on, p 538–552. IEEE

  9. Burrows M, Abadi M, Needham R (1989) A logic of authentication. Proc R Soc Lond A Math Phys Sci 426(1871):233–271, London

    Article  MathSciNet  MATH  Google Scholar 

  10. Chan C-K, Cheng L-M (2000) Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):992–993

    Article  Google Scholar 

  11. Chang Y, Tai W, Chang H (2013) Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int J Commun Syst. doi:10.1002/dac.2552

    Google Scholar 

  12. Chaudhry SA (2015) A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed Tools Appl:1–21

  13. Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Secur Commun Netw 8(18):3782–3795

    Article  Google Scholar 

  14. Chaudhry SA, Mahmood K, Naqvi H, Khan MK (2015) An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J Med Syst 39(11):1–12

    Article  Google Scholar 

  15. Chaudhry SA, Naqvi H, Farash MS, Shon T, Sher M (2015) An improved and robust biometrics-based three factor authentication scheme for multi-server environments. J Supercomput:1–17

  16. Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU (2015) An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Netw Appl:1–15

  17. Chen BL, Kuo WC, Wuu LC (2012) Robust smart-card-based remote user password authentication scheme. Int J Commun Syst 27:377–389. doi:10.1002/dac.2368

    Article  Google Scholar 

  18. Chien H-Y, Jan J-K, Tseng Y-M (2002) An efficient and practical solution to remote authentication: smart card. Comput Secur 21(4):372–375

    Article  Google Scholar 

  19. Chou J, Huang C, Huang Y, Chen Y (2013) Efficient two-pass anonymous identity authentication using smart card. IACR Cryptology ePrint Archive. Retrieved from eprint.iacr.org/2013/402.pdf

  20. Hsieh W, Leu J (2012) Exploiting hash functions to intensify the remote user authentication scheme. Comput Secur 31(6):791–798

    Article  Google Scholar 

  21. Hwang M, Li L (2000) A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(1):28–30

    Article  Google Scholar 

  22. Islam SH (2014) Design and analysis of an improved smartcard‐based remote user password authentication scheme. Int J Commun Syst

  23. Jiang Q, Ma J, Li G, Li X (2015) Improvement of robust smart-card-based password authentication scheme. Int J Commun Syst 28:383–393. doi:10.1002/dac.2644

    Article  Google Scholar 

  24. Kilinc H, Yanik T (2014) A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutorials 16(2):1005–1023

    Article  Google Scholar 

  25. Klein DV (1990) Foiling the cracker: a survey of, and improvements to, password security. Proceedings of the 2nd USENIX Security Workshop, Anaheim, CA, USA

  26. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Proc Adv Cryptol, Santa Barbara, CA, USA, 1666:788–797

  27. Ku W, Chen C, Lee H (2003) Cryptanalysis of a variant of peyravian-zunic’s password authentication scheme. IEICE Trans Commun E86-B(5):1682–1684

    Google Scholar 

  28. Kumari S, Chaudhry SA, Wu F, Li X, Farash MS, Khan MK (2015) An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl:1–14

  29. Kumari S, Gupta M, Khan M, Bin Muhaya F (2012) Cryptanalysis of ‘an improved timestamp-based remote user authentication scheme. Proceedings of 2012 international conference on quality

  30. Kumari S, Gupta MK, Khan MK, Li X (2014) An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur Commun Netw 7(11):1921–1932

    Article  Google Scholar 

  31. Kumari S, Khan M, Li X (2014) An improved remote user authentication scheme with key agreement. Comput Electr Eng 40(6):1997–2012

    Article  Google Scholar 

  32. Kumari S, Li X, Wu F, Das AK, Arshad H, Khan MK (2016) A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Futur Gener Comput Syst. doi:10.1016/j.future.2016.04.016

    Google Scholar 

  33. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Article  MathSciNet  Google Scholar 

  34. Lennon R, Matyas S, Mayer C (1981) Cryptographic authentication of time-invariant quantities. IEEE Trans Commun 6:773–777

    Article  Google Scholar 

  35. Li CT (2013) A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. Inf Secur IET 7(1):3–10

    Article  Google Scholar 

  36. Lu Y, Li L, Peng H, Yang Y (2015) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl:1–11

  37. Ma C-G, Wang D, Zhao S-D (2014) Security flaws in two improved remote user authentication schemes using smart cards. Int J Commun Syst 27:2215–2227. doi:10.1002/dac.2468

    Article  Google Scholar 

  38. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  39. Mir O, Munilla J, Kumari S (2015) Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks. Peer-to-Peer Netw Appl. doi:10.1007/s12083-015-0408-1

    Google Scholar 

  40. Mir O, Nikooghadam M (2015) A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wirel Pers Commun 83(4):2439–2461

    Article  Google Scholar 

  41. Mir O, van der Weide T, Lee CC (2015) A secure user anonymity and authentication scheme using AVISPA for telecare medical information systems. J Med Syst 39(9):1–16

    Article  Google Scholar 

  42. Mishra D, Das AK, Chaturvedi A, Mukhopadhyay S (2015) A secure password-based authentication and key agreement scheme using smart cards. J Inf Secur Appl 23:28–43

    Google Scholar 

  43. Odelu V, Das AK, Goswami A (2014) Cryptanalysis on robust biometrics-based authentication scheme for multiserver environment. Cryptology ePrint Archive, eprint.iacr.org/2014/715.pdf

  44. Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. Inf Forensics Secur IEEE Trans 10(9):1953–1966

    Article  Google Scholar 

  45. Odelu V, Das AK, Goswami A (2015) An efficient biometric‐based privacy‐preserving three‐party authentication with key agreement protocol using smart cards. Secur Commun Netw

  46. Odelu V, Das AK, Goswami A (2015) An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card. J Inf Secur Appl 21:1–19

    Google Scholar 

  47. Sun H-M (2000) An efficient remote use authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961

    Article  Google Scholar 

  48. Von Ahn L, Blum M, Langford J (2004) Telling humans and computers apart automatically. Commun ACM 47(2):56–60

    Article  Google Scholar 

  49. Wang Y-Y, Liu J-Y, Xiao F-X, Dan J (2009) A more efficient and secure dynamic ID-based remote user authentication scheme. Comput Commun 32(4):583–585

    Article  Google Scholar 

  50. Wang D, Ma C, Wang P, Chen Z (2012) Robust smart card based password authentication scheme against smart card security breach. IACR Cryptology ePrint Archive. Retrieved from eprint.iacr.org/2012/439.pdf

  51. Wang D, Wang P (2014) Understanding security failures of two factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw 20:1–15

    Article  Google Scholar 

  52. Wang D, Wang N, Wang P, Qing S (2015) Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf Sci 321:162–178

    Article  Google Scholar 

  53. Wang X, Zhang W, Zhang J, Khan M (2007) Cryptanalysis and improvement on two efficient remote user authentication scheme using cards. Comput Stand Interfaces 29(5):507–512

    Article  Google Scholar 

  54. Wen F, Li X (2011) An improved dynamic id-based remote user authentication with key agreement scheme. Comput Electr Eng 38(2):381–387

    Article  MathSciNet  Google Scholar 

  55. Yen S, Liao K (1997) Shared authentication token secure against replay and weak key attack. Inf Process Lett:78–80

  56. Yoon E, Ryu E, Yoo K (2004) Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(2):612–614

    Article  Google Scholar 

  57. Zhang L, Tang S, Zhu S (2014) A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP. Peer-to-Peer Netw Appl:1–19

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran

    Morteza Nikooghadam & Reza Jahantigh

  2. Department of Computer Engineering, Ferdowsi University of Mashhad, Mashhad, Iran

    Hamed Arshad

Authors
  1. Morteza Nikooghadam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Reza Jahantigh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hamed Arshad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Morteza Nikooghadam.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nikooghadam, M., Jahantigh, R. & Arshad, H. A lightweight authentication and key agreement protocol preserving user anonymity. Multimed Tools Appl 76, 13401–13423 (2017). https://doi.org/10.1007/s11042-016-3704-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-016-3704-8

Keywords

Search

Navigation