A More Efficient and Secure Untraceable Remote User Password Authentication Scheme Using Smart Card with Session Key Agreement
To secure the data using smart card it is very essential to authenticate the user password and provide session key agreement over the unreliable networks. To check the authenticity or validity of the remote users, smart cards based on password authentication is the best mechanism to solve this problem. There are various password authentication mechanisms proposed by different researchers have its own merits and demerits. In this proposed scheme, a more efficient and secure untraceable remote user password authentication scheme using smart card with session key agreement, we compared other password authentication schemes based on smart card and found that the proposed scheme have various security features which are not present in other schemes. The various security features include as: (1) Verifier table is not required; (2) identity of the user can not be trace out; (3) smart card having inbuilt verification mechanism; (4) facility of mutual authentication on both sides user/server is present; (5) facility of session key between user/server is present; (6) provide quick wrong password detection; (7) provide secure password select/update facility; (8) provide forward secrecy; (9) the storage cost/operational cost/authentication cost are minimum; (10) privacy of the user can be protected; (11) timestamp at every phase of authentication is required; (12) in the situation of damage/misplace of smart card, server can reissue the same without altering the identity.
KeywordsMutual authentication Identity Smart card Security Password Session key Un-traceability
- 1.Lee Y C. A new dynamic ID-based user authentication scheme to resist smart-card-theft attack. An international journal of applied mathematics & Information Sciences 6 No. 2S pp. 355S–361S (2012).Google Scholar
- 2.Zhen-Yu Wu, Dai-Lun Chiang, Tzu-Ching Lin, Yu-Fang Chung. A reliable Dynamic User-Remote password Authentication scheme over Insecure Network. 26th Int. Conference on Advanced Information Networking and Applications, 2012.Google Scholar
- 3.Manoj Kumar, Mridul Kumar Gupta, Saru Kumari. An Improved Efficient Remote Password Authentication Scheme with Smart Card over Insecure Networks. International J. of Network Security, Vol. 13, No. 3, PP. 167–177, Nov. 2011.Google Scholar
- 4.R. Madhusudhan, R. C. Mittal. Dynamic ID-based remote user password authentication schemes using smart cards: A review. J. of Network and Computer Application 35; 2012, p. 1235–1248. doi: 10.1016/j.jnca.2012.01.007.
- 5.Kwang Cheul Shin, Won Whoi Huh. Improvements of a Remote User Password Authentication Scheme using Smart Card. International J. of Security and its application: Vol. 7, No. 4, July, 2013.Google Scholar
- 6.Wen F, Li X. An improved dynamic ID-based remote user authentication with key agreement scheme. Journal of computers and electrical engineering 38 (2012), 381–387. Doi: 10.1016/j.compeleceng.2011.11.010.
- 7.Chang Y F, Tai W L, Chang H C. Untraceable dynamic identity based remote user authentication scheme with verifiable password update. International Journal communication system 2013. http://dx.doi.org/10.1002/dac.2552.
- 8.Wang Y Y, Liu J Y, Xiao F X, Dan J. A more efficient and secure dynamic ID-based remote user authentication scheme. Journal of computer communication 32 (2009), pp 583–585. http://dx.doi.org/10.1016/j.comcom.2008.11.008.
- 9.Khan M K, Kim S K, Alghathbar K. Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme. Journal of computer communication 34 (2011), pp 305–309. http://dx.doi.org/10.1016/j.comcom.2010.02.011.
- 10.Qi Xie. Improvements of a security enhanced one-time two-factor authentication and key agreement scheme. Scientia Iranica D; 2012, 19 (6), p. 1856–1860. doi: 10.1016/j.scient.2012.02.029.
- 11.Hung-Min Sun. An efficient remote user authentication scheme using smart cards. IEEE Transaction on consumer Electronics, Vol. 46, No. 4, November 2000.Google Scholar
- 12.Li Yang, Jian-Feng Ma, Qi Jiang. Mutual Authentication Scheme with Smart Cards and Password under Trusted Computing. International J. of Network Security, Vol. 14, No. 3, PP. 156–163, May 2012.Google Scholar
- 13.Ahirwal D, Raghuwanshi S. A noble remote authentication protocol based on smart card using hash function. International journal of emerging trends & technology in computer science (IJETICS), Volume 1, Issue 4, Nov–Dec 2012.Google Scholar
- 14.Dr. P. Kumar, Dr. B. Indrani, Dr. M. Amuthaprabakar. An efficient password based authentication scheme using time hash function and smart card. IJETAE: Volume 4, Issue 6, June 2014.Google Scholar
- 15.Xiong Li, Jianwei Niu, Muhammad Khurram Khan, Junguo Liao. An enhanced smart card based remote user password authentication scheme. J. of Network and Computer Applications 36; 2013, p. 1365–1371. http://dx.doi.org/10.1016/j.jnca.2013.02.034.
- 16.Da-Zhi Sun, Jin-Peng Huai, Ji-Zhou Sun, Jian-Xin Li, Jia-Wan Zhang. Improvements of Juang et al.’s Password-Authenticated Key Agreement Scheme Using Smart Cards. IEEE Transactions on Industrial Electronics, Vol. 56, No. 6. June 2009.Google Scholar
- 17.Messerges T S, Dabbish E A, Sloan R H. Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comp 2002: 51 (5): 541–52.Google Scholar
- 18.Kocher P, Jaffe J, Jun B. Differential power analysis. In: Proceedings of advances in cryptology CRYPTO’99’; 1999. P. 388–97.Google Scholar
- 19.Hsieh W B, Leu J S. Exploiting hash functions to intensify the remote user authentication scheme. Computer & Security 31 (2012), pp 791–798. http://dx.doi.org/10.1016/j.cose.2012.06.001.
- 20.Marimuthu Karuppiah, R. Saravanan. A secure remote user mutual authentication scheme using smart cards. J of information security and applications 19; 2014, p. 282–294. http://dx.doi.org/10.1016/j.jisa.2014.09.006.
- 21.Min-Shiang Hwang. A Simple Remote User Authentication Scheme. Mathematical and Computer Modelling 36; 2002, p. 103–107. Password Authentication scheme over insecure networks. J. of Computer and System Sciences 72 (2006), p. 727–740. doi: 10.1016/j.jcss.2005.10.001.