Abstract
With non-stop growth in network environments, communication security is necessary. A strong protocol guarantees that users and service providers are secure against many kinds of attacks, such as impersonation and replay attack. Sood et al. proposed an authentication scheme based on dynamic identity to prevent transactions from being intercepted by malicious users. Although they claimed that their scheme has advantages over previous schemes with the same approach, we prove that their scheme is vulnerable to impersonation attack and stolen verification attack, and can be affected by clock synchronization. Therefore we propose a novel authentication scheme to enhance security and overcome limitations existing in Sood’s scheme. Our security analysis shows that our proposed method can efficiently resist known types of attacks. Experimental results also show that the method can be implemented and processed in real-time thus applicable for not only regular computers but also mobile devices.
Similar content being viewed by others
References
Boyd, C., & Choo, K. (2005). Security of two-party identity-based key agreement. Expert Systems with Applications, 3715, 229–243.
Burrows, M., Abadi, M., Needham, R. (1990). A logic of authentication. ACM Transactions on Computer System, 8, 18–36.
Canetti, R., & Krawczyk, H. (2001). Analysis of key exchange schemes and their use for building secure channels. In Advances in cryptology-eurocrypt (pp. 451–472) Verlag: Springer.
Cao, X., Kou, W., Dang, L., Zhao, B. (2008). Identity-based multi-user broadcast authentication in wireless sensor networks. Computer Communications, 31, 659667.
Chen, C.-L., Lee, C.-C., Hsu, C.-Y. (2011). Mobile device integration of a fingerprint biometric remote authentication scheme. International Journal of Communication Systems. doi:10.1002/dac.1277.
Cheng, Z., Nistazakis, M., Comley, R., Vasiu, L. (2005). On the indistinguishability-based security model of key agreement schemes-simple cases. In Cryptology ePrint Archive, Report.
Cheng, Z.-Y., Liu, Y., Chang, C.-C., Chang, S.-C. (2012). A smart card based authentication scheme for remote user login and verification. International Journal of Innovative Computing, Information and Control, 8(8), 5499–5511.
Das, M.L., Saxena, A., Gulati, V.P. (2004). A dynamic id-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.
Debiao, H., Jianhua, C., Jin, H. (2011). An id-based client authentication with key agreement protocol for mobile clientserver environment on ecc with provable security. Information Fusion.
ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information, 31, 469–472.
Hankerson, D., Menezes, A.J., Vanstone, S. (2003). Guide to Elliptic Curve Cryptography. Secaucus: Springer-Verlag.
Hwang, M.S., Lee, C.C., Tang, Y.L. (2002). A simple remote user authentication scheme. Mathematical and Computer Modelling, 36, 103–107.
Islam, S.H., & Biswas, G.P. (2011). A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software, 84(11), 1892–1898.
Khan, M.K., & Zhang, J. (2007). Improving the security of ’a flexible biometrics remote user authentication scheme. Computer Standards and Interfaces, 29(1), 82–85.
Khana, M.K., Kimb, S.-K., Alghathbara, K. (2010). Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Computer Communications, 34(3), 305–309.
Koblitz, N. (1987). Elliptic curve cryptosystem. Mathematics of Computation, 48, 203–209.
Kocher, P., Jaffe, J., Jun, B. (1999). Differential power analysis. In Proceddings CRYPTO (pp. 388–397). Springer Verlag.
Ku, W., & Chang, S. (2005). Impersonation attack on a dynamic id-based remote user authentication scheme using smart cards. IEICE Transactions on Communications, E88-B(5), 2165–2167.
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24, 770–772.
Lee, C.C., Hwang, M.S., Yang, W.P. (2002). Flexible remote user authentication scheme using smart cards. IEEE Transactions on Neural Network, 36(3), 46–52.
Lee, C.-C., Lin, T.-H., Chang, R.-X. (2011). A secure dynamic id based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13 863–13 870.
Lee, J.K., Ryu, S.R., Yoo, K.Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38, 554–555.
Li, C.-T., & Hwang, M.-S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.
Li, F., Xin, X., Hu, Y. (2008). Indentity-based broadcast signcryption. Computer Standards and Interfaces, 30(12), 89–94.
Li, L.H., Lin, I.C., Hwang, M.S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Network, 12(6), 1498–1504.
Li, X., Niu, J., Ma, J., Wang, W., Liu, C.-L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal Network and Computer Applications, 34(1), 73–79.
Liao, I.E., Lee, C.C., Hwang, M.S. (2005). Security enhancement for a dynamic id-based remote user authentication scheme. International Conference on Next Generation Web Services Practices, 6(2), 517–522.
Lin, C.-H., & Lai, Y.-Y. (2004). A flexible biometrics remote user authentication scheme. Computer Standards and Interfaces, 27(1), 19–23.
Liou, Y., Lin, J., Wang, S. (2006). A new dynamic id-based remote user authentication scheme using smart cards. In Proceedings of 16th information security conference (pp. 198–205).
Messerges, T.S., Dabbish, E.A., Sloan, R.H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Miller, V.S. (1986). Use of elliptic curves in cryptography. Proceedings of CRYPTO85, 218, 417–426.
Oh, J.-B., Yoon, E.-J., Yoo, K.-Y. (2007). An efficient id-based authenticated key agreement protocol with pairings. 4742, 446–456. doi:10.1007/978-3-540-74742-0_41.
Rivest, R.L., Shamir, A., Adleman, L. (1978). A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21(2), 120–126.
Ryu, E., Yoon, E., Yoo, K. (2004). An efficient id-based authenticated key agreement protocol. NETWORKING, 3042.
Shamir, A. (1984). Identity based cryptosystems and signature schemes. Proceedings of CRYPTO84 (pp. 47–53). LNCS, Springer-Verlag.
Shen, J.-J., Lin, C.-W., Hwang, M.-S. (2003). A modified remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 49(2), 414–416.
Shih, H. (2008). Cryptanalysis on two password authentication schemes. Master Thesis.
Shim, K. (2003). Efficient id-based authenticated key agreement protocol based on the weil pairing. Electron, 39(8), 653–654.
Sood, S.K., Sarje, A.K., Singh, K. (2010). An improvement of liou et al.s authentication scheme using smart cards. International Journal of Computer Applications, 1(8), 16–23.
Sun, H., & Hsieh, B. (2003). Security analysis of shims authenticated key agreement protocols from parings. Cryptology ePrint Archive, Report 2003/113.
Tsai, J.-L., Wu, T.-C., Tsai, K.-Y. (2010). New dynamic id authentication scheme using smart cards. International Journal Communication Systems, 23(12), 1449–1462.
Yang, J.-H., & Chang, C.-C. (2009). An id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers and Security, 28(3–4), 138–143.
Yoon, E.J., & Yoo, K.Y. (2006). Improving the dynamic id-based remote mutual authentication scheme. First International Workshop on Information Security, 4277, 499–507.
Yoon, E.-J., & Yoo, K.-Y. (2009). Robust id-based remote mutual authentication with key agreement scheme for mobile devices on ecc. IEEE International Conference on Computational Science and Engineering, 2, 633–640.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Truong, TT., Tran, MT. & Duong, AD. Enhanced Dynamic Authentication Scheme (EDAS). Inf Syst Front 16, 113–127 (2014). https://doi.org/10.1007/s10796-013-9461-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-013-9461-6