article

An enhanced privacy preserving remote user authentication scheme with provable security

Authors:

Shehzad Ashraf Chaudhry,

Mohammad Sabzinejad Farash,

Muhammad Khurram KhanAuthors Info & Claims

Security and Communication Networks, Volume 8, Issue 18

Pages 3782 - 3795

https://doi.org/10.1002/sec.1299

Published: 01 December 2015 Publication History

Abstract

Very recently, Kumari et al. proposed a symmetric key and smart card-based remote user password authentication scheme to enhance Chung et al.'s scheme. They claimed their enhanced scheme to provide anonymity while resisting all known attacks. In this paper, we analyze that Kumari et al.'s scheme is still vulnerable to anonymity violation attack as well as smart card stolen attack. Then we propose a supplemented scheme to overcome security weaknesses of Kumari et al.'s scheme. We have analyzed the security of the proposed scheme in random oracle model which confirms the robustness of the scheme against all known attacks. We have also verified the security of our scheme using automated tool ProVerif. Copyright © 2015 John Wiley & Sons, Ltd.

References

[1]

Li X, Niu J, Kumari S, Liao J, Liang W. An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications 2014; Volume 80 Issue 1: pp.175-192.

Digital Library

[2]

Chang CC, Wu TC. Remote password authentication with smart cards. Computers and Digital Techniques, IEE Proceedings E 1991; Volume 138 Issue 3: pp.165-168.

[3]

Xie Q, Dong N, Wong DS, Hu B. Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. International Journal of Communication Systems 2014: pp.1-10.

Digital Library

[4]

Arshad H, Nikooghadam M. An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimedia Tools and Applications 2014. pp.1-17.

Digital Library

[5]

Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A. A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications 2013; Volume 74 Issue 11: pp.3967-3984.

Digital Library

[6]

Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ch SA. A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Security and Communication Networks 2013; Volume 7 Issue 8: pp.1210-1218.

Digital Library

[7]

Chaudhry S, Naqvi H, Shon T, Sher M, Farash M. Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. Journal of Medical Systems 2015; Volume 39 Issue 6: pp.1-11.

Digital Library

[8]

Mehmood Z, Nizamuddin N, Ch SA, Nasar W, Ghani A. An efficient key agreement with rekeying for secured body sensor networks. 2012 Second International Conference on Digital Information Processing and Communications ICDIPC, IEEE, Lithuania, 2012; pp.164-167.

[9]

Ul Amin N, Asad M, Din N, Ch SA. An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. 2012 9th IEEE International Conference on Networking, Sensing and Control ICNSC, IEEE, China, 2012; pp.118-121.

[10]

Zhang L, Tang S, Cai Z. Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. International Journal of Communication Systems 2013; Volume 27 Issue 11: pp.2691-2702.

Digital Library

[11]

Chang CC, Cheng TF, Hsueh WY. A robust and efficient dynamic identity-based multi-server authentication scheme using smart cards. International Journal of Communication Systems 2014.

Digital Library

[12]

Wei J, Hu X, Liu W. Two-factor authentication scheme using attribute and password. International Journal of Communication Systems 2014.

[13]

Chuang MC, Chen MC. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications 2014; Volume 41 Issue 4: pp.1411-1418.

Digital Library

[14]

Farash MS. An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. International Journal of Communication Systems 2014.

Digital Library

[15]

Farash MS, Attari MA. An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dynamics 2014; Volume 77 Issue 1-2: pp.399-411.

[16]

Farash MS, Attari MA. An enhanced and secure three-party password-based authenticated key exchange protocol without using server's public-keys and symmetric cryptosystems. Information Technology and Control 2014; Volume 43 Issue 2: pp.143-150.

[17]

Bayat M, Farash MS, Movahed A. A novel secure bilinear pairing based remote user authentication scheme with smart card. IEEE/IFIP International Conference on Embedded and Ubiquitous Computing EUC, IEEE Explore, Hong Kong, China, 2010; pp.578-582.

Digital Library

[18]

Farash MS, Attari MA. An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. International Journal of Communication Systems 2014.

Digital Library

[19]

Farash MS. Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications 2014.

[20]

Farash MS, Attari MA. A provably secure and efficient authentication scheme for access control in mobile pay-TV systems. Multimedia Tools and Applications 2014.

Digital Library

[21]

Farash MS. Cryptanalysis and improvement of 'an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks'. International Journal of Network Management 2014; Volume 25 Issue 1: pp.31-51.

Digital Library

[22]

Farash MS, Kumari S, Bakhtiari M. Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Multimedia Tools and Applications 2015.

Digital Library

[23]

Farash MS, Attari MA. An enhanced authenticated key agreement for session initiation protocol. Information Technology and Control 2013; Volume 42 Issue 4: pp.333-342.

[24]

Farash MS, Attari MA. Cryptanalysis and improvement of a chaotic map-based key agreement protocol using Chebyshev sequence membership testing. Nonlinear Dynamics 2014; Volume 76 Issue 2: pp.1203-121.

[25]

Leu JS, Hsieh WB. Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards. Information Security, IET 2014; Volume 8 Issue 2: pp.104-113.

[26]

Chen CT, Lee CC. A two-factor authentication scheme with anonymity for multi-server environments. Security and Communication Networks 2014; Volume 8 Issue 8: pp.1608-1625.

Digital Library

[27]

Li X, Ma J, Wang W, Xiong Y, Zhang J. A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling 2013; Volume 58 Issue 1: pp.85-95.

[28]

Lee CC, Lin TH, Chang RX. A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications 2011; Volume 38 Issue 11: pp.13863-13870.

[29]

Mishra D, Das AK, Mukhopadhyay S. A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications 2014; Volume 41 Issue 18: pp.8129-8143.

[30]

Wang Y, Liu J, Xiao F, Dan J. A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 2009; Volume 32 Issue 4: pp.583-585.

Digital Library

[31]

Das ML, Saxena A, Gulati VP. A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 2004; Volume 50 Issue 2: pp.629-631.

Digital Library

[32]

Chang YF, Tai WL, Chang HC. Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems 2014; Volume 27 Issue 11: pp.3430-3440.

Digital Library

[33]

Kumari S, Gupta MK, Khan MK, Li X. An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Security and Communication Networks 2014; Volume 7 Issue 11: pp.1921-1932.

Digital Library

[34]

Kumari S, Khan MK. More secure smart card-based remote user password authentication scheme with user anonymity. Security and Communication Networks 2014; Volume 7 Issue 11: pp.2039-2053.

Digital Library

[35]

Kumari S, Khan MK, Atiquzzaman M. User authentication schemes for wireless sensor networks: a review. Ad Hoc Networks 2014; Volume 27: pp.159-194.

Digital Library

[36]

Wang D, Wang P. On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Computer Networks 2014; Volume 73: pp.41-57.

Digital Library

[37]

Wang D, He D, Wang P, Chu C. Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing 2014; Volume PP Issue 99: pp.1-1.

[38]

Chaudhry SA. Comment on 'robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications'. IET Communications 2015; Volume 9: pp.1034-10341.

[39]

Wen F, Li X. An improved dynamic ID-based remote user authentication with key agreement scheme. Computers & Electrical Engineering 2012; Volume 38 Issue 2: pp.381-387.

Digital Library

[40]

Tang H, Liu X. Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme. International Journal of Communication Systems 2012; Volume 25 Issue 12: pp.1639-1644.

Digital Library

[41]

Kocher P, Jaffe J, Jun B. Differentials power analysis. Advances in Cryptology CRYPTO 99, Springer, Berlin Heidelberg, 1999; pp.388-397.

Digital Library

[42]

Messerges TS, Dabbish EA, Sloan RH. Examining smart-card security under the threat of power analysis attacks. Computers, IEEE Transactions on 2002; Volume 51 Issue 5: pp.541-552.

Digital Library

[43]

An YH. Security improvements of dynamic ID-based remote user authentication scheme with session key agreement. 2013 15th International Conference on Advanced Communication Technology ICACT, PyeongChang, 2013; pp.1072-1076.

Cited By

Ma YMa YCheng Q(2022)Cryptanalysis and Enhancement of an Authenticated Key Agreement Protocol for Dew-Assisted IoT SystemsSecurity and Communication Networks10.1155/2022/71254912022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/7125491
Alizadeh MTadayon MSakurai KAnada HJolfaei A(2021)A Secure Ticket-Based Authentication Mechanism for Proxy Mobile IPv6 Networks in Volunteer ComputingACM Transactions on Internet Technology10.1145/340718921:4(1-16)Online publication date: 22-Jul-2021
https://dl.acm.org/doi/10.1145/3407189
Usman MJan MJolfaei A(2021)SPEED: A Deep Learning Assisted Privacy-Preserved Framework for Intelligent Transportation SystemsIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2020.303172122:7(4376-4384)Online publication date: 1-Jul-2021
https://dl.acm.org/doi/10.1109/TITS.2020.3031721
Show More Cited By

An enhanced privacy preserving remote user authentication scheme with provable security

Recommendations

An enhanced lightweight anonymous biometric based authentication scheme for TMIS

In recent past, Mir and Nikooghadam presented an enhanced biometrics based authentication scheme using lightweight symmetric key primitives for telemedicine networks. This scheme was introduced in an anticipation to the former biometrics based ...
Improved convertible authenticated encryption scheme with provable security

Convertible authenticated encryption (CAE) schemes allow a signer to produce an authenticated ciphertext such that only a designated recipient can decrypt it and verify the recovered signature. The conversion property further enables the designated ...
Efficient certificateless proxy signature scheme with provable security

In this paper we propose a very efficient and provably secure proxy signature scheme with implicit certificate (called ''certificateless proxy signature scheme''), where a receiver does not have to verify a certificate before verifying a signed message, ...

Comments

Information & Contributors

Information

Published In

cover image Security and Communication Networks

Security and Communication Networks Volume 8, Issue 18

December 2015

1151 pages

ISSN:1939-0114

EISSN:1939-0122

Issue’s Table of Contents

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 01 December 2015

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ma YMa YCheng Q(2022)Cryptanalysis and Enhancement of an Authenticated Key Agreement Protocol for Dew-Assisted IoT SystemsSecurity and Communication Networks10.1155/2022/71254912022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/7125491
Alizadeh MTadayon MSakurai KAnada HJolfaei A(2021)A Secure Ticket-Based Authentication Mechanism for Proxy Mobile IPv6 Networks in Volunteer ComputingACM Transactions on Internet Technology10.1145/340718921:4(1-16)Online publication date: 22-Jul-2021
https://dl.acm.org/doi/10.1145/3407189
Usman MJan MJolfaei A(2021)SPEED: A Deep Learning Assisted Privacy-Preserved Framework for Intelligent Transportation SystemsIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2020.303172122:7(4376-4384)Online publication date: 1-Jul-2021
https://dl.acm.org/doi/10.1109/TITS.2020.3031721
Kumar AAbhishek KLiu XHaldorai A(2021)An Efficient Privacy-Preserving ID Centric Authentication in IoT Based Cloud Servers for Sustainable Smart CitiesWireless Personal Communications: An International Journal10.1007/s11277-020-07979-8117:4(3229-3253)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s11277-020-07979-8
Nikooghadam MAmintoosi H(2020)Perfect forward secrecy via an ECC-based authentication scheme for SIP in VoIPThe Journal of Supercomputing10.1007/s11227-019-03086-z76:4(3086-3104)Online publication date: 1-Apr-2020
https://dl.acm.org/doi/10.1007/s11227-019-03086-z
Nikooghadam MAmintoosi H(2020)A secure and robust elliptic curve cryptography‐based mutual authentication scheme for session initiation protocolSecurity and Privacy10.1002/spy2.923:1Online publication date: 6-Jan-2020
https://dl.acm.org/doi/10.1002/spy2.92
Abuarqoub A(2019)A Lightweight Two-Factor Authentication Scheme for Mobile Cloud ComputingProceedings of the 3rd International Conference on Future Networks and Distributed Systems10.1145/3341325.3342020(1-7)Online publication date: 1-Jul-2019
https://dl.acm.org/doi/10.1145/3341325.3342020
Ravanbakhsh NMohammadi MNikooghadam M(2019)Perfect forward secrecy in VoIP networks through design a lightweight and secure authenticated communication schemeMultimedia Tools and Applications10.1007/s11042-018-6620-278:9(11129-11153)Online publication date: 1-May-2019
https://dl.acm.org/doi/10.1007/s11042-018-6620-2
(2018)Design and analysis of smart card-based authentication scheme for secure transactionsInternational Journal of Internet Technology and Secured Transactions10.5555/3292867.32928688:4(494-515)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.5555/3292867.3292868
Ferrag MMaglaras LArgyriou AKosmanos DJanicke H(2018)Security for 4G and 5G cellular networksJournal of Network and Computer Applications10.1016/j.jnca.2017.10.017101:C(55-82)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1016/j.jnca.2017.10.017
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents