Abstract
As the internet technology’s evolution, identity authentication in the network is becoming more and more significant. In 2014, Qu et al. proposed a two-factor remote mutual authentication and key agreement scheme. They pointed out that their scheme could withstand smart card loss attack, offline password guessing attack, impersonation attack and so on. However, based on our analysis, it shows that the scheme suffers from offline password guessing attack and impersonation attack. Moreover, their scheme could not achieve perfect user anonymity. In this paper, we propose a scheme, which can withstand those attacks mentioned above. After the function and efficiency comparison with other schemes, our scheme is much more secure and practical as the secure universal access control mechanism.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24, 770–772.
Peyravian, M. (2000). Methods for protecting password transmission. Computers & Security, 19(5), 466–469.
Lin, C. (2003). A password authentication scheme with secure password updating. Computers & Security, 22(1), 68–72.
Juang, W., Chen, S., & Liaw, H. (2008). Robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 55(6), 2551–2556.
Yang, G., et al. (2008). Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7), 1160–1172.
Liao, C., Chen, H., & Wang, C. (2009). An exquisite mutual authentication scheme with key agreement using smart card. Informatica, 33(2), 117.
Xu, J., Zhu, W., & Feng, D. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces, 31(4), 723–728.
Yeh, K., et al. (2010). Two robust remote user authentication protocols using smart cards. Journal of Systems and Software, 83(12), 2556–2565.
Wang, D. et al. (2014) Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing, 1–1.
Huang, X., et al. (2014). Further observations on smart-card-based password-authenticated key agreement in distributed systems. IEEE Transactions on Parallel and Distributed Systems, 25(7), 1767–1775.
Wang, D., & Wang, P. (2014). On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions. Computer Networks, 73, 41–57.
He, D., Kumar, N., & Chilamkurti, N. (2015). A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Information Sciences,. doi:10.1016/j.ins.2015.02.010.
Wang, D., & Wang, P. (2014). Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Networks, 20, 1–15.
He, D. (2015). Zeadally. Authentication protocol for ambient assisted living system. IEEE Communications Magazine, 35(1): 71–77.
He, D., et al. (2014). Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics, 60(1), 30–37.
He, D., & Wang, D. (2014). Robust biometrics-based authentication scheme for multi-server environment. IEEE Systems Journal,. doi:10.1109/JSYST.2014.2301517.
Lee, S., Kim, H., & Yoo, K. (2005). Improvement of Chien et al’.s remote user authentication scheme using smart cards. Computer Standards & Interfaces, 27(2), 181–183.
Lee, N., & Chiu, Y. (2005). Improved remote authentication scheme with smart card. Computer Standards & Interfaces, 27(2), 177–180.
Sood, S., Sarje, A., & Singh, K. (2010). An improvement of Xu et al.'s authentication scheme using smart cards, COMPUTE, COMPUTE^Editors. ACM. p. 1–5.
Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards & Interfaces, 32(5–6), 321–325.
Chen, B., Kuo, W., & Wuu, L. (2014). Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems, 27(2), 377–389.
Jiang, Q., & Ma, J. (2013). An improved password-based remote user authentication protocol without smart cards. Information technology And control, 42(2), 150–158.
Qu, J., & Tan, X. (2014). Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem. Journal of Electrical and Computer Engineering, 2014, 1–6.
Yang, J., & Chang, C. (2009). An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers & Security, 28(3–4), 138–143.
Islam, S., & Biswas, G. (2011). A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software, 84(11), 1892–1898.
Acknowledgments
The authors thank the editor and anonymous reviewers for their valuable comments. The authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16). This study was supported by the National Science foundation of China (Nos. 61272112, 61202447).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Huang, B., Khan, M.K., Wu, L. et al. An Efficient Remote User Authentication with Key Agreement Scheme Using Elliptic Curve Cryptography. Wireless Pers Commun 85, 225–240 (2015). https://doi.org/10.1007/s11277-015-2735-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-2735-1