Sage Journals: Discover world-class research

Abstract

Most of the user authentication schemes are based on smart cards; however, a smart card requires additional infrastructure that includes card reader, leading to more deployment cost. Recently, Kumari et al. have discussed a user anonymous authentication scheme that uses common storage device such as USB stick, mobile phone, etc. rather than using a smart card. The common storage device is used to store some authentication information issued by the server. We cryptanalyze the Kumari et al.’s scheme and find that it is not resistant to the device stolen, privileged insider and denial of service attacks. In this paper, we propose a user authentication scheme based on public key cryptography to overcome its drawbacks. We show its formal security analysis using random oracle model and discuss its informal security analysis to show that it is resistant to the various known attacks. We simulate it using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool for its formal security verification. We compare our scheme with the related schemes and show that it has better communication cost and provides more security features.

Keywords

Common storage device user anonymity user authentication denial of service attack public key cryptography

Get full access to this article

View all access options for this article.

References

AVISPA. Automated Validation of Internet Security Protocols and Applications, http://www.avispa-project.org/, Online; Accessed on December, 2016.

Amin

, Islam

S.H.

, Biswas

G.P.

, Khan

M.K.

and Li

, Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems, Journal of Medical Systems39(11) (2015), 1.

Chandrakar

and Om

, A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC, Computer Communications (2017).

Chen

B.L.

, Kuo

W.C.

and Wuu

L.C.

, A secure password-based remote user authentication scheme without smart cards, Information Technology and Control41(1) (2012), 53–59.

Chien

H.-Y.

, Jan

J.-K.

and Tseng

Y.-M.

, An efficient and practical solution to remote authentication: Smart card, Computers & Security21(4) (2002), 372–375.

Das

A.K.

, A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems, Journal of Medical Systems39(3) (2015), 1.

Das

A.K.

, A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks, Peer-to-peer Networking and Applications9(1) (2016), 223–244.

Diffie

and Hellman

, New directions in cryptography, IEEE transactions on Information Theory22(6) (1976), 644–654.

Dolev

and Yao

, On the security of public key protocols, IEEE Transactions on Information Theory29(2) (1983), 198–208.

10.

Fan

C.-I.

, Chan

Y.-C.

and Zhang

Z.-K.

, Robust remote authentication scheme with smart cards, Computers & Security24(8) (2005), 619–628.

11.

, Wang

and Wu

, Cryptanalysis and improvement of a password-based remote user authentication scheme without smart cards, Information Technology and Control42(2) (2013), 105–112.

12.

Horng

W.-B.

, Shieh

W.-G.

, et al., Security analysis and improvement of the remote user authentication scheme without using smart cards, ICIC Express Letters4(6 pt. B) (2010), 2431–2436.

13.

Jiang

, Ma

, Li

and Ma

, An improved password-based remote user authentication protocol without smart cards, Information Technology and Control42(2) (2013), 113–123.

14.

Khan

M.K.

and Zhang

, Improving the security of a flexible biometrics remote user authentication scheme, Computer Standards & Interfaces29(1) (2007), 82–85.

15.

Kumari

and Khan

M.K.

, Cryptanalysis and improvement of ’a robust smart-card-based remote user password authentication scheme’, International Journal of Communication Systems27(12) (2014), 3939–3955.

16.

Kumari

, Khan

M.K.

, Li

and Wu

, Design of a user anonymous password authentication scheme without smart card, International Journal of Communication Systems (2016).

17.

Lamport

, Password authentication with insecure communication, Communications of the ACM24(11) (1981), 770–772.

18.

Liu

J.-Y.

, Zhou

A.-M.

and Gao

M.-X.

, A new mutual authentication scheme based on nonce and smart cards, Computer Communications31(10) (2008), 2205–2209.

19.

Odelu

, Das

A.K.

, Wazid

and Conti

, Provably secure authenticated key agreement scheme for smart grid, IEEE Transactions on Smart Grid (2016).

20.

Rhee

H.S.

, Kwon

J.O.

and Lee

D.H.

, A remote user authentication scheme without using smart cards, Computer Standards & Interfaces31(1) (2009), 6–13.

21.

Tan

, Security analysis of two password authentication schemes. In Mobile Business, 2009. ICMB 2009. Eighth International Conference on, 2009, pp. 296–300.

22.

Wang

and Wang

, Two birds with one stone: Two-factor authentication with security beyond conventional bound, IEEE Transactions on Dependable and Secure Computing (2016).

23.

Wang

X.-M.

, Zhang

W.-F.

, Zhang

J.-S.

and Khan

M.K.

, Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards, Computer Standards & Interfaces29(5) (2007), 507–512.

24.

Yeh

K.-H.

, Su

, Lo

N.-W.

, Li

and Hung

Y.-X.

, Two robust remote user authentication protocols using smart cards, Journal of Systems and Software83(12) (2010), 2556–2565.

25.

Yoon

E.-J.

, Ryu

E.-K.

and Yoo

K.-Y.

, Further improvement of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics50(2) (2004), 612–614.