A Novel High-Efficiency Password Authentication and Key Agreement Protocol for Mobile Client-Server
Authors: 
Xiang Xu, Yu Wang, Xue-Dian Zhang, Min-Shan Jiang Academic Editor: Chien Ming ChenAuthors Info & Claims
Xiang Xu, Yu Wang, Xue-Dian Zhang, Min-Shan Jiang Academic Editor: Chien Ming ChenAuthors Info & ClaimsAbstract
With the development of wireless technology, people increasingly rely on mobile devices. Since most mobile devices transmit sensitive information via insecure public channels, it is important to design multiauthentication key agreement protocols for security protection. Traditional scholars tend to use traditional public-key cryptosystems (PKCs) in their protocols to improve security. High-cost operations (e.g., elliptic curve point multiplication and bilinear pairing) were widely used in their scheme but were not suitable for mobile devices because of limited computing resources. In this study, we designed a novel high-efficiency multiauthentication and key agreement protocol and demonstrate its security in the random oracle model. Compared with other protocols, our proposed scheme only uses string concatenation operations, one-way hash functions, and XOR operations. In addition, our protocol requires much fewer computing resources to achieve the same level of security.
References
[1]
A. Fabio, “Smishing and the rise of mobile banking attacks,” 2021, https://securelist.com/smishing-and-the-rise-of-mobile-banking-attacks/75575/.
[2]
V. S. Miller, “Use of elliptic curves in cryptography,” in Proceedings of the Lecture notes in computer sciences 218 on Advances in cryptology—CRYPTO 85, Santa Barbara, CA, USA, June 1986.
[3]
N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, no. 177, pp. 203–209, 1987.
[4]
M. Shand and J. Vuillemin, “Fast implementations of RSA cryptography,” in Proceedings of the IEEE 11th Symposium on Computer Arithmetic, pp. 252–259, Windsor, ON, Canada, June 1993.
[5]
Y. Tsiounis and M. Yung, “On the security of ElGamal based encryption,” in Proceedings of the International Workshop on Public Key Cryptography, pp. 117–134, Pacifico Yokohama, Japan, February 1998.
[6]
S. Halevi and H. Krawczyk, “Public-key cryptography and password protocols,” ACM Transactions on Information and System Security, vol. 2, no. 3, pp. 230–268, 1999.
[7]
Y. Wang, “Public key cryptography standards: PKCS,” in Proceedings of the Advances in Cryptology – EUROCRYPT '90, Aarhus, Denmark, May 2012.
[8]
D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” SIAM Journal on Computing, vol. 32, no. 3, pp. 586–615, 2003.
[9]
L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no. 11, pp. 770–772, 1981.
[10]
L. H. Li, L. C. Lin, and M. S. Hwang, “A remote password authentication scheme for multiserver architecture using neural networks,” IEEE Transactions on Neural Networks, vol. 12, no. 6, pp. 1498–1504, 2001.
[11]
W. S. Juang, “Efficient multi-server password authenticated key agreement using smart cards,” IEEE Transactions on Consumer Electronics, vol. 50, no. 1, pp. 251–255, 2004.
[12]
C. C. Chang and J. S. Lee, “An efficient and secure multi-server password authentication scheme using smart cards,” in Proceedings of the 2004 international conference on cyberworlds, pp. 417–422, Tokyo, Japan, November 2004.
[13]
W. J. Tsaur, J. H. Li, and W. B. Lee, “An efficient and secure multi-server authentication scheme with key agreement,” Journal of Systems and Software, vol. 85, no. 4, pp. 876–882, 2012.
[14]
Y. P. Liao and S. S. Wang, “A secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standards & Interfaces, vol. 31, no. 1, pp. 24–29, 2009.
[15]
H. C. Hsiang and W. K. Shih, “Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standards & Interfaces, vol. 31, no. 6, pp. 1118–1123, 2009.
[16]
C. C. Lee, T. H. Lin, and R. X. Chang, “A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards[J],” Expert Systems with Applications, vol. 38, no. 11, pp. 13863–13870, 2011.
[17]
H. Debiao, C. Jianhua, and H. Jin, “An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security,” Information Fusion, vol. 13, no. 3, pp. 223–230, 2012.
[18]
D. Wang and C. Ma, “Cryptanalysis of a remote user authentication scheme for mobile client–server environment based on ECC,” Information Fusion, vol. 14, no. 4, pp. 498–503, 2013.
[19]
M. S. Farash and M. A. Attari, “A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks,” The Journal of Supercomputing, vol. 69, no. 1, pp. 395–411, 2014.
[20]
S. Jegadeesan, M. Azees, P. M. Kumar, G. Manogaran, N. Chilamkurti, R. Varatharajan, and C. H. Hsu, “An efficient anonymous mutual authentication technique for providing secure communication in mobile cloud computing for smart city applications,” Sustainable Cities and Society, vol. 49, 2019.
[21]
A. Irshad, S. A. Chaudhry, M. Shafiq, M. Usman, M. Asif, and A. Ghani, “A provable and secure mobile user authentication scheme for mobile cloud computing services,” International Journal of Communication Systems, vol. 32, no. 14, 2019.
[22]
O. Olufemi Olakanmi and S. O. Oke, “MASHED: security and privacy-aware mutual authentication scheme for heterogeneous and distributed mobile cloud computing services,” Information Security Journal: A Global Perspective, vol. 27, no. 5-6, pp. 276–291, 2018.
[23]
J. L. Tsai and N. W. Lo, “A privacy-aware authentication scheme for distributed mobile cloud computing services,” IEEE Systems Journal, vol. 9, no. 3, pp. 805–815, 2015.
[24]
A. Irshad, M. Sher, and H. F. Ahmad, “An improved multi-server authentication scheme for distributed mobile cloud computing services[J],” KSII Transactions on Internet and Information Systems (TIIS), vol. 10, no. 12, pp. 5529–5552, 2016.
[25]
H. Jannati and B. Bahrak, “An improved authentication protocol for distributed mobile cloud computing services,” International Journal of Critical Infrastructure Protection, vol. 19, pp. 59–67, 2017.
[26]
V. Odelu, A. K. Das, S. Kumari, X. Huang, and M. Wazid, “Provably secure authenticated key agreement scheme for distributed mobile cloud computing services,” Future Generation Computer Systems, vol. 68, pp. 74–88, 2017.
[27]
I. S. K. Hafizul and G. P. Biswas, “An improved ID-based client authentication with key agreement scheme on ECC for mobile client-server environments,” Theoretical and Applied Informatics, vol. 24, 2012.
[28]
H. Sun, Q. Wen, H. Zhang, and Z. Jin, “A novel remote user authentication and key agreement scheme for mobile client-server environment,” Applied Mathematics & Information Sciences, vol. 7, no. 4, pp. 1365–1374, 2013.
[29]
D. He and D. Wang, “Robust biometrics-based authentication scheme for multiserver environment,” IEEE Systems Journal, vol. 9, no. 3, pp. 816–823, 2015.
[30]
V. Odelu, A. K. Das, and A. Goswami, “A secure biometrics-based multi-server authentication protocol using smart cards,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1953–1966, 2015.
[31]
J. Mo, Z. Hu, and Y. Lin, “Remote user authentication and key agreement for mobile client–server environments on elliptic curve cryptography,” The Journal of Supercomputing, vol. 74, no. 11, pp. 5927–5943, 2018.
[32]
Y. M. Tseng, S. S. Huang, T. T. Tsai, and J. H. Ke, “List-free ID-based mutual authentication and key agreement protocol for multiserver architectures,” IEEE Transactions on Emerging Topics in Computing, vol. 4, no. 1, pp. 102–112, 2016.
[33]
M. Azrour, J. Mabrouki, A. Guezzaz, and Y. Farhaoui, “New enhanced authentication protocol for Internet of Things,” Big Data Mining and Analytics, vol. 4, no. 1, pp. 1–9, 2021.
[34]
M. Wazid, A. K. Das, V. Bhat K, and A. V. Vasilakos, “LAM-CIoT: lightweight authentication mechanism in cloud-based IoT environment,” Journal of Network and Computer Applications, vol. 150, 2020.
[35]
S. A. Chaudhry, A. Irshad, K. Yahya, N. Kumar, M. Alazab, and Y. B. Zikria, “Rotating behind privacy: an improved lightweight authentication scheme for cloud-based IoT environment,” ACM Transactions on Internet Technology, vol. 21, no. 3, pp. 1–19, 2021.
[36]
X. Wang, W. Guo, and W. Zhang, “Cryptanalysis and improvement on a parallel keyed hash function based on chaotic neural network,” Telecommunication Systems, vol. 52, no. 2, pp. 515–524, 2013.
[37]
M. Abdalla, P. A. Fouque, and D. Pointcheval, “Password-based authenticated key exchange in the three-party setting,” International Workshop on Public Key Cryptography, Springer, Berlin, Heidelberg, 2005.
[38]
C. C. Chang and H. D. Le, “A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks,” IEEE Transactions on Wireless Communications, vol. 15, no. 1, pp. 357–366, 2016.
[39]
T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smart-card security under the threat of power analysis attacks,” IEEE Transactions on Computers, vol. 51, no. 5, pp. 541–552, 2002.
[40]
Shamus Software Ltd, “Miracl library,” 2022, http://www.shamus.ie/index.php?page=home.
Recommendations
An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security
Recently, lots of remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most of those remote user authentication schemes on ECC suffer from different attacks ...
An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings
With the continue evaluation of mobile devices in terms of the capabilities and services, security concerns increase dramatically. To provide secured communication in mobile client-server environment, many user authentication protocols from pairings ...
A New Client-to-Client Password-Authenticated Key Agreement Protocol
IWCC '09: Proceedings of the 2nd International Workshop on Coding and CryptologyClient-to-client password-authenticated key agreement (C2C-PAKA) protocol deals with the authenticated key agreement process between two clients of different realms, who only share their passwords with their own servers. Recently, Byun et al. [13] ...
Comments
Information & Contributors
Information
Published In
Copyright © 2023 Xiang Xu et al.
This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 01 January 2023
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 29 Jan 2025