Cryptanalysis of a remote user authentication scheme for mobile client-server environment based on ECC

Authors:
Ding Wang;Chun-Guang Ma
Affiliations:
College of Computer Science and Technology, Harbin Engineering University, Harbin City 150001, China and Training Department, Automobile Management Institute of PLA, Bengbu City 233011, China;College of Computer Science and Technology, Harbin Engineering University, Harbin City 150001, China
Venue:
Information Fusion
Year:
2013

Citing 26
Cited 1

A security risk of depending on synchronized clocks

ACM SIGOPS Operating Systems Review
Entity authentication and key distribution

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Public-key cryptography and password protocols

ACM Transactions on Information and System Security (TISSEC)
Password authentication with insecure communication

Communications of the ACM
Privacy Protection for Transactions of Digital Goods

ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Key Agreement Protocols and Their Security Analysis

Proceedings of the 6th IMA International Conference on Cryptography and Coding
A password authentication scheme over insecure networks

Journal of Computer and System Sciences
Security Analysis of a Nonce-Based User Authentication Scheme Using Smart Cards*This work was supported by the Korean Ministry of Information and Communication under the Information Technology Research Center (ITRC) support program supervised by the Institute of Information Technology Assessment (IITA).

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Information hiding, anonymity and privacy: a modular approach

Journal of Computer Security - Special issue on WITS'02
An improved identity-based key agreement protocol and its security proof

Information Sciences: an International Journal
An improved smart card based password authentication scheme with provable security

Computer Standards & Interfaces
Coupling-Based Internal Clock Synchronization for Large-Scale Dynamic Distributed Systems

IEEE Transactions on Parallel and Distributed Systems
Two robust remote user authentication protocols using smart cards

Journal of Systems and Software
Robust authentication and key agreement scheme preserving the privacy of secret key

Computer Communications
New dynamic ID authentication scheme using smart cards

International Journal of Communication Systems
A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem

Journal of Systems and Software
An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security

Information Fusion
An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings

Ad Hoc Networks
Improvement of the More Efficient and Secure ID-Based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on ECC

WAINA '12 Proceedings of the 2012 26th International Conference on Advanced Information Networking and Applications Workshops
A modified remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
Robust smart-cards-based user authentication scheme with user anonymity

Security and Communication Networks
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Systematic design of a family of attack-resistant authentication protocols

IEEE Journal on Selected Areas in Communications
Secure password-based remote user authentication scheme with non-tamper resistant smart cards

DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
On the security of an improved password authentication scheme based on ECC

ICICA'12 Proceedings of the Third international conference on Information Computing and Applications

Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. The design of secure remote user authentication schemes based on elliptic curve crypto-graphy (ECC) for mobile applications is still quite a challenging problem, though many schemes have been published lately. In this paper, we analyze an efficient ID-based scheme for mobile client-server environment without the MapToPoint function introduced by He et al. in 2012. This proposal attempts to overcome many of the well known security and efficiency shortcomings of previous schemes, and it also carries a claimed proof of security in the random oracle model. However, notwithstanding its formal security arguments, we show that He et al.'s protocol even cannot attain the basic goal of mutual authentication by demonstrating its vulnerabilities to reflection attack and parallel session attack. Besides these two security vulnerabilities, their scheme also suffers from some practical pitfalls such as user anonymity violation and clock synchronization problem. In addition, we carry out an investigation into their security proof and propose some changes to the scheme so that it can achieve at least its basic security goal, in the hope that similar mistakes are no longer made in the future.