Abstract
In order to equip the technical fraternity with smart technologies, the past few years have witnessed increasing usage of Cyber-Physical Systems (CPS) in different critical infrastructures. The abrupt surge in the advancement of CPS has brought in several cybersecurity issues. To address the issue of cybersecurity and to protect the CPS from attackers, authentication schemes have been designed and implemented. One such authentication scheme is two-factor authentication (2FA) which is considered to be a straightforward and coherent authentication mechanism that ensures secure communication in an unprotected network environment. Over the past few decades, several 2FA schemes using smart card have been proposed by Wang et al., Wang et al., WenLis et al., Chou et al., Ans et al., and Chang et al. with each scheme trying to overcome the shortcomings of the previous schemes. Subsequently, S.Kumari et al. pointed out the various loopholes of the previous schemes and proposed a new scheme on 2FA that was asserted to be both secure and efficient. In this article, we have explained how the different 2FA schemes as proposed in the previous papers are susceptible to various security attacks. Later on, an effective and user-friendly 2FA scheme is proposed in this article which can be implemented on CPS. The proposed scheme works on the principles of bilinear pairing and can overcome the loopholes of the previously proposed schemes. As a proof of our claim, the security analysis of the proposed scheme against all the common attacks has also been done in detail. The comparison of the security analysis and performance of the proposed scheme with the previous schemes has also been carried out in this paper.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Code Availability
Due to sensitive nature of the work done, codes or any other application can not be shared.
References
(2012) NIST, Cyber-physical systems: situation analysis of current trends, technologies, and challenges, Natl. Inst. Stand. Technol (NIST), Columbia, Maryland
An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem Jen-Ho Yanga, Chin-Chen Changa
An YH (2013) Security improvements of dynamic id-based remote user authentication scheme with session key agreement. In: 15th International conference on advanced communication technology (ICACT)
Barreto Paulo SLM, Libert B, McCullagh N, Quisquater J-J Efficient and provably-secure identity-based signatures and sign encryption from bilinear maps. Advances in Cryptology - ASIACRYPT 2005; Volume 3788 of the series Lecture Notes in Computer Science; pp 515–532
Chou JS, Huang CH, Huang YS, Chen Y (2013) Efficient two-pass anonymous identity authentication using smart card. IACR Cryptology ePrint Archive; [eprint.iacr.org/2013/402.pdf]
Chang YF, Tai WL, Chang HC (2013) Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int J Commun Syst. https://doi.org/10.1002/dac.2552
Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22:644–654
ElGamal T (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inf Theory Vol IT 31:469–472
Jacobsen MJ Jr., Koblitz N, Silverman JH, Stein A, Teske E (2000) Analysis of the Xedni calculus attack. Des Codes Crypt, vol 19. Available from http://www.cacr.math.uwaterloo.ca
Jing Q, Vasilakos AV, Wan J (2014) Security of the internet of things:perspectives and challenges. Wirel Netw 20(8):2481–501
Joye M, Olivier F (2005) Side-channel analysis: Encyclopedia of cryptography and security. Kluwer (Academic) Publishers: Springer, USA, pp 571–576
Kumari S, Khan MK, Li X (2014) An improved remote user authentication scheme with key agreement. Comput Electr Eng 40(6):1997–2012
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209
Kocher P, Jaffe J, Jun B (1999) Differential power analysis; Proceedings of Advances in Cryptology (Crypto’99), LNCS. Springer, Berlin Heidelberg, pp 388–397
Li X, Niu J, Khan MK, Liao J An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl. https://doi.org/10.1016/j.jnca.2013.02.034
Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11)
Lynn B PBC library manual 0.5.14. Retrieved October 28, 2016, from https://crypto.stanford.edu/pbc/manual/
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Miller V (1986) Use of elliptic curves in cryptography. Advances in Cryptology - Crypto ’85, LNCS 218. Springer-Verlag, New York, pp 417–426
Odlyzko AM (1985) Discrete logarithms and their cryptographic significance; Advances in Cryptology: Proceedings of Eurocrypt 84. Springer-Verlag, New York, pp 224–314
Odlyzko A (2000) Discrete logarithms: The past and the future. Des Codes Crypt 19(2–3):129–145
Pateriya RK, Vasudevan S (2011) Elliptic curve cryptography in constrained environments: a review, IEEE 2011 International Conference on Communication Systems and Network Technologies, pp. 120–124
Silverman JH (2000) The Xedni calculus and the elliptic curve discrete logarithm problem. Des Codes Crypt 20:5–40
Wen F, Li X (2011) An improved dynamic id-based remote user authentication with key agreement scheme. Comp Elect Eng 38(2):381–7
Wang XM, Zhang WF, Zhang JS, Khan MK (2007) Cryptanalysis and improvement on two efficient remote user authentication scheme using cards. Com Stand Interf 29(5):507–12
Wang YY, Liu JY, Xiao FX, Dan J (2009) A more efficient and secure dynamic ID-based remote user authentication scheme. Comp Commun 32 (4):583–5
Wang Y (2017) Secure communication and authentication against off-line dictionary attacks in smart grid systems. pp 103–120. https://doi.org/10.1007/978-3-319-61437-3
Funding
There has been no significant financial support for this work that could have influenced its outcome.
Author information
Authors and Affiliations
Contributions
It is confirmed that the manuscript has been read and approved by all named authors and that there are no other persons who satisfied the criteria for authorship but are not listed. Also it is further confirmed that the order of authors listed in the manuscript has been approved by all the authors.
Corresponding author
Ethics declarations
Ethics approval
Authors have given due consideration to the protection of intellectual property associated with this work and that there are no impediments to publication, including the timing of publication, with respect to intellectual property.
Consent for Publication
Consent to publish or distribute the article or to enter into arrangements with others to publish or distribute the article is given
Conflict of Interests
There are no known conflicts of interest associated with this article
Additional information
Availability of data and material
Due to sensitivity of the research work done, data and other material are not available and can not be shared.
Consent to participate
Consent is given and voluntarily agree to participate
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Sengupta, A., Singh, A., Kumar, P. et al. A secure and improved two factor authentication scheme using elliptic curve and bilinear pairing for cyber physical systems. Multimed Tools Appl 81, 22425–22448 (2022). https://doi.org/10.1007/s11042-022-12227-1
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-022-12227-1