On Security Analysis of Recent Password Authentication and Key Agreement Schemes Based on Elliptic Curve Cryptography

Authors

  • Prabhdeep KaurGuru Nanak Dev University, Regional Campus, Jalandhar, India.
  • Sheetal KalraGuru Nanak Dev University, Regional Campus, Jalandhar, India.
Keywords
Elliptic curve cryptography, Smart Card, Remote user authentication, ECDLP, User anonymity

Abstract

Secure and efficient mutual authentication and key agreement schemes form the basis for any robust network communication system. Elliptic Curve Cryptography (ECC) has emerged as one of the most successful Public Key Cryptosystem that efficiently meets all the security challenges. Comparison of ECC with other Public Key Cryptosystems (RSA, Rabin, ElGamal) shows that it provides equal level of security for a far smaller bit size, thereby substantially reducing the processing overhead. This makes it suitable for constrained environments like wireless networks and mobile devices as well as for security sensitive applications like electronic banking, financial transactions and smart grids. With the successful implementation of ECC in security applications (e-passports, e-IDs, embedded systems), it is getting widely commercialized. ECC is simple and faster and is therefore emerging as an attractive alternative for providing security in lightweight device, which contributes to its popularity in the present scenario. In this paper, we have analyzed some of the recent password based authentication and key agreement schemes using ECC for various environments. Furthermore, we have carried out security, functionality and performance comparisons of these schemes and found that they are unable to satisfy their claimed security goals.

References

  • Lamport, L. (1981) “Password Authentication With Insecure Communication,” Commun. ACM, Vol. 24:11, pp. 770–772.
  • Islam, S.H., Biswas, G.P. (2013) “Design of Improved Password Authentication and Update Scheme Based on Elliptic Curve Cryptography,” Math. Comput. Model., Vol. 57:. 11–12, pp. 2703–2717.
  • Lin, C.L., Hwang T. (2003) “A Password Authentication Scheme with Secure Password Updating,”Computer and Security, Vol. 22:1, pp. 68-72. http://dx.doi.org/10.1016/S0167-4048(03)00114-7.
  • He, (2011) “Comments on A Password Authentication and Update Scheme Based on Elliptic Curve Cryptography,” Cryptology EPrint Archive Report 2011/411.
  • Wang, R.C., Juang, W.S., Lei, C.L. (2011) “Robust Authentication and Key Agreement Scheme Preserving yhe Privacy of Secret Key,” Computer Communications, Vol. 34:3, pp. 274–280. http://dx.doi.org/10.1016/j.comcom.2010.04.005.
  • M. Wang, W.F. Zhang, J.S. Zhang, M.K. Khan. (2007) “Cryptanalysis and Improvement on Two Efficient Remote User Authentication Scheme Using Smart Cards,” Computer Standards and Interfaces, Vol. 29:5, pp. 507–512, 2007. http://dx.doi.org/10.1016/j.csi.2006.11.005.
  • Debiao He, Shuhua Wu, Jianhua Chen (2012) “Note on ‘Design ff Improved Password Authentication and Update Scheme Based on Elliptic Curve Cryptography’”, Mathematical and Computer Modelling, Vol. 55: 3–4, pp. 1661-1664. http://dx.doi.org/10.1016/j.mcm.2011.10.079.
  • Wang, C. G. Ma, L. Shi, and Y. H. Wang (2012) “On ihe Security of An Improved Password Authentication Scheme Based on Ecc,” in Information Computing and Applications, vol. 7473 of Lecture Notes in Computer Science, pp. 181–188.
  • T. Li (2012) “A New Password Authentication and User Anonymity Scheme Based on Elliptic Curve Cryptography and Smart Card,” IET Information Security, Vol. 7, No. 1, pp. 3-10.
  • Lili Wang (2014) “Analysis and Enhancement of a Password Authentication and Update Scheme Based on Elliptic Curve Cryptography,” Journal of Applied Mathematics, Volume 2014 (2014), Article ID 247836, 11 pages. http://dx.doi.org/10.1155/2014/247836.
  • Qiao, H. Tu (2014) “A Security Enhanced Password Authentication and Update Scheme Based on Elliptic Curve Cryptography,” International Journal of Electronic Security and Digital Forensics, vol. 6 Issue 2, pp. 130-139. http://dx.doi.org/10.1504/IJESDF.2014.063109.
  • Ramesh, Dr.V.Murali Bhaskaran (2014) “An Improved Remote User Authentication Scheme with Elliptic Curve Cryptography and Smart Card without using Bilinear Pairings,” International Journal of Engineering and Technology (IJET) Vol. 5, No. 6 Dec 2013-Jan 2014.
  • -E. Liao, C.-C. Lee, and M.-S. Hwang (2006) “A Password Authentication Scheme Over InsecureNetworks,” Journal Of Computer And System Sciences, Vol. 72, No. 4, pp. 727–740. http://dx.doi.org/10.1016/j.jcss.2005.10.001.
  • Chun-Ta Li and Cheng-Chi Lee (2011) “A Robust Remote User Authentication Scheme Using Smart Card,” Information Technology and Control, Vol. 40, No. 3, pp. 236–245.
  • Toan-Thinh Truong, Tran, M.-T, Anh-Duc Duong (2012) “Improvement of More Efficient and Secure Id-Based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on ECC,” 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA). pp. 698-703.
  • Song (2010) “Advanced Smart Card Based Password Authentication Protocol”, Computer Standards & Interfaces, Elsevier Vol. 32, No. 4, pp. 321-325. http://dx.doi.org/10.1016/j.csi.2010.03.008.
  • SK Hafizul Islam, G.P.Biswas (2011) “A More Efficient and Secure Id-Based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on Elliptic Curve Cryptography”, Journal of Systems and Software, Vol. 84, No. 11, pp. 1892-1898.
  • -H. Chen, Y.-C. Chen, W.-K. Shih (2010) “An Advanced ECC Id-Based Remote Mutual Authentication Scheme for Mobile Devices,” 7th International Conference on Ubiquitous, Autonomic and Trusted Computing, pp. 116–120. http://dx.doi.org/10.1109/UIC-ATC.2010.18.
  • Debiao, C.Jianhua, and H.Jin (2012) “An Id Based Client Authentication with Key Agreement Protocol for Mobile Client Server Environment on ECC with Provable Security,” Information Fusion, Elsevier, Vol. 13:3, pp. 223-230. http://dx.doi.org/10.1016/j.inffus.2011.01.001.
  • Debiao, C. Yitao, C.Jianhua (2013) “An Id-Based Three-Party Authenticated Key Exchange Protocol Using Elliptic Curve Cryptography for Mobile-Commerce Environments,” Arabian Journal for Science and Engineering, Vol. 38:8, pp. 2055-2061.
  • Yang, C. Chang (2009) “An Id-Based Remote Mutual Authentication with Key Agreement Protocol for Mobile Devices on Elliptic Curve Cryptosystem,” Computers and Security, Vol. 28, pp. 138–143.
  • Yoon, K. Yoo (2009) “Robust Id-Based Remote Mutual Authentication with Key Agreement Protocol for Mobile Devices on ECC,” in: 2009 International Conference on ComputationalScience and Engineering, Vancouver, Canada, pp. 633–640.
  • Sheetal Kalra, Sandeep K.Sood (2010) “Advanced Password Based Authentication Scheme for Wireless Sensor Networks,” Journal of Information Security and Applications, Elsevier, In press. http://dx.doi.org/10.1016/j.jisa.2014.10.008.
  • H. Shen (2008) “A New Modified Remote User Authentication Scheme Using Smartcards,” Applied Mathematics, Vol. 23:3, pp. 371–376.
  • L. Yeh, T. H. Chen and W.K. Shih (2013) “Robust Smart Card Secured Authentication Scheme on Sip Using Elliptic Curve Cryptography,” Computer Standards & Interfaces, Elsevier, In press. http://dx.doi.org/10.1016/j.csi.2013.08.010.
  • L. Jia, A.M. Jhou, M.X. Gao (2008) “A New Mutual Authentication Scheme Based on Nonce and Smartcards,” Computer Communications, Vol. 31:10, pp. 2205–2209. http://dx.doi.org/10.1016/10.1016/j.comcom.2008.02.002.
  • Y. Chen, M.S. Hwang, C.C. Lee, J.K. Jan (2009) “Cryptanalysis of A Secure Dynamic Id Based Remote User Authentication Scheme for Multi-Server Environment,” Fourth International Conference on Innovative Computing, Information and Control (ICICIC), Kaohsiung, Taiwan, China, pp. 725–728.
  • Khan, M.K., Kim, S.K. and Alghathbar, K. (2011) “Cryptanalysis and Security Enhancement of a More Efficient & Secure Dynamic ID-Based Remote User Authentication Scheme,” Computer Communications, Vol. 34, pp. 305-309. http://dx.doi.org/10.1016/j.comcom.2010.02.011.
  • Gao, Y. Tu (2008) “An Improvement of Dynamic Id-Based Remote User Authentication Scheme with Smart Cards,” Proceedings of the 7th World Congress on Intelligent Control and Automation, Vol. 8, June 25–27, Chongqing, China, pp. 4562–4567.
  • Yoon E., Yoo K (2011) “Robust Biometric-Based Three-Party Authenticated Key Establishment Protocols,” Int. J. Comput. Math., Vol. 88:5, pp. 1144–1157. http://dx.doi.org/10.1080/00207160.2010.496851.
  • He, D. Wang (2014) “Robust Biometric-Based Authentication Scheme for Multiserver Environment,” IEEE Systems Journal, Vol. PP:99, pp 1-8.
  • Miller, V.S. (1986) “Use of Elliptic Curves in Cryptography”, In: Advances in cryptology. Proceedings of CRYPTO’85, 417–26.
  • Koblitz N (1987) “Elliptic Curve Cryptosystem. Math. Comput, 48, pp.203–209. H. Debiao, J.Chen, and R. Zhang (2011) “An Efficient Identity Based Blind Signature Scheme Without Using Bilinear Parings,” Computers and Electrical Engineering, Elsevier Vol. 37:4, pp. 444-450. http://dx.doi.org/10.1016/j.compeleceng.2011.05.009.
  • Pohlig, M. Hellman (1978) “An Improved Algorithm for Computing Logarithms Over GF(p) and its Cryptographic Significance,” IEEE Transactions on Information Theory, Vol. 24, pp. 106–110. http://dx.doi.org/10.1109/TIT.1978.1055817.
  • M. Pollard (1978) “Monte Carlo Methods for Index Computation (mod p),” Mathematics of Computation, Vol. 32:143, pp. 918–924. http://dx.doi.org/10.2307/2006496.
  • C. van Oorschot, M. J. Wiener (1999) “Parallel Collision Search With Cryptanalytic Applications,” Journal of Cryptology, Vol. 12:1, pp. 1–28.
  • Boneh, R. Lipton (1996) “Algorithms for Black-Box Fields and their Applications to Cryptography,” Advances in Cryptology—CRYPTO ’96, LNCS, Springer-Verlag, Vol. 1109, pp. 283–297.
  • Shoup (1997) “Lower Bounds for Discrete Logarithms and Related Problems,” Advances in Cryptology–Eurocrypt ’97, LNCS, Springer-Verlag, Vol. 1233, pp. 256-266.
  • Juang, W.S. et al. (2008) “Robust and Efficient Password Authentication Key Agreement Using Smart Cards,” IEEE Transactions on Industrial Electronics, vol. 55:6, pp. 2551-2556. http://dx.doi.org/10.1109/TIE.2008.921677.
  • Hankerson, D., Menezes, A Vanstone., S. (2004) “Guide to Elliptic Curve Cryptography. Springer, New York.

How to Cite

Prabhdeep Kaur, Sheetal Kalra. On Security Analysis of Recent Password Authentication and Key Agreement Schemes Based on Elliptic Curve Cryptography. J.Technol. Manag. Grow. Econ.. 2015, 06, 39-52
On Security Analysis of Recent Password Authentication and Key Agreement Schemes Based on Elliptic Curve Cryptography

Current Issue

PeriodicityBiannually
Issue-1May
Issue-2November
ISSN Print0976-545X
ISSN Online2456-3226
RNI No.CHAENG/2013/50088
OA Policy

Publisher's policy of the journal at Sherpa UK for the submitted, accepted, and published articles. Click OAPolicy

Plan-S Compliance

To check compliance, one has to use the Journal Check Tool (JCT). This tool provided by cOAlition S (European funders) for the researchers (fundee) to check the compliance with the journal.

Recommend journal to your library

You can recommend the journal being a researcher or faculty member to your library. We will post a copy of the Journal to your library on your behalf at free of cost.
Click here: Recommend Journal

Preprint Arxiv Submission

The authors are encouraged to submit the author’s copy (preprint) to appropriate preprint archives e.g. https://arxiv.org and/or on https://indiarxiv.org or institutional repositories (e.g., D Space) before paper acceptance by the editor of Journal. After publications of the paper author(s) should mention the citation information, title and abstract along with DOI number of the publication carefully on the required page of the depository(ies).

Contact: Phone: +91-172-2741000, +91-172-4691800

Email : editor.tmg@chitkara.edu.in;

Abstract and Indexing

Information

This work is licensed under a Creative Commons Attribution 4.0 International License.

Articles in Journal of Technology Management for Growing Economies(J.Technol. Manag. Grow. Econ.) by Chitkara University Publications are Open Access articles that are published with licensed under a Creative Commons Attribution- CC-BY 4.0 International License. Based on a work at https://tmg.chitkara.edu.in/. This license permits one to use, remix, tweak and reproduction in any medium, even commercially provided one give credit for the original creation.

View Legal Code of the above-mentioned license, https://creativecommons.org/licenses/by/4.0/legalcode

View Licence Deed here https://creativecommons.org/licenses/by/4.0/

Creative Commons License

Journal of Technology Management for Growing Economies by Chitkara University Publications is licensed under a Creative Commons Attribution 4.0 International License.
Based on a work at https://tmg.chitkara.edu.in/

Members