An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card

Vanga Odelu; Ashok Kumar Das; Adrijit Goswami

首页> 外文期刊>Information Security Technical Report >An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card

【24h】

An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card

机译：使用智能卡具有密钥协议的基于ECC的高效基于隐私保护的客户端身份验证协议

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

The authentication protocols are trusted components in a communication system in order to protect sensitive information against a malicious adversary in the client-server environment by means of providing a variety of services including users' privacy and authentication. In the cryptographic protocols, understanding the security failures is the key for both patching to the existing protocols and designing the future protocols. Recently, in 2014, Wang proposed an improved Elliptic Curve Cryptography (ECC) based anonymous remote authentication scheme using smart card and claimed that the proposed scheme is secure against password guessing attack, smart card lost/stolen verifier attack, and also preserves user anonymity and prevents credential leakage. However, in this paper, we show that Wang's scheme fails to preserve the user anonymity and does not prevent the off-line password guessing attack, credential leakage and smart card lost/stolen verifier attack. In order to withstand those security pitfalls found in Wang's scheme, we aim to propose a new secure privacy-preserving ECC-based client authentication with key agreement protocol using smart card. Through the formal and informal security analysis we show that our scheme is secure against possible known attacks including the off-line password guessing attack, credential leakage attack and smart card lost/stolen verifier attack. Our scheme also preserves the user anonymity property. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks. Our scheme provides high security along with low computational and communication costs. As a result, our scheme is practically suitable for mobile devices in the client-server environment as compared to other related schemes in the literature.

机译：身份验证协议是通信系统中的受信任组件，以通过提供包括用户隐私和身份验证在内的各种服务来保护敏感信息免受客户端-服务器环境中的恶意攻击。在密码协议中，了解安全故障是修补现有协议和设计未来协议的关键。最近，在2014年，Wang提出了一种使用智能卡的改进的基于椭圆曲线密码学（ECC）的匿名远程身份验证方案，并声称该方案可抵御密码猜测攻击，智能卡丢失/被盗的验证者攻击，并保留用户匿名性和安全性。防止凭证泄漏。但是，在本文中，我们证明了Wang的方案无法保留用户匿名性，并且不能防止离线密码猜测攻击，凭据泄漏以及智能卡丢失/被盗的验证者攻击。为了承受Wang的方案中存在的安全隐患，我们旨在提出一种新的基于安全保护隐私的基于ECC的客户端身份验证，该身份验证使用密钥协议使用智能卡进行。通过正式和非正式的安全性分析，我们表明我们的方案可以防范可能的已知攻击，包括离线密码猜测攻击，凭据泄漏攻击和智能卡丢失/被盗验证程序攻击。我们的方案还保留了用户匿名属性。此外，我们使用广泛接受的AVISPA（Internet安全协议和应用程序的自动验证）工具模拟了用于正式安全验证的方案，并表明我们的方案可抵御被动和主动攻击。我们的方案提供了高安全性以及较低的计算和通信成本。结果，与文献中的其他相关方案相比，我们的方案实际上适合于客户端-服务器环境中的移动设备。

著录项

来源
《Information Security Technical Report》 |2015年第4期|1-19|共19页
作者
Vanga Odelu; Ashok Kumar Das; Adrijit Goswami;
展开▼
作者单位

Department of Mathematics, Indian Institute of Technology Kharagpur, Kharagpur 721 302, India;

Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India;

Department of Mathematics, Indian Institute of Technology Kharagpur, Kharagpur 721 302, India;

展开▼
收录信息美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Security; User anonymity; Mutual authentication; Client-server network; Mobile device;

机译：安全;用户匿名;相互认证;客户-服务器网络;移动设备;

相似文献

外文文献
中文文献
专利

1. An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smart cards [J] . Odelu Vanga, Das Ashok Kumar, Goswami Adrijit Security and Communications Networks . 2015,第18期

机译：使用智能卡通过密钥协议协议进行基于生物特征的高效隐私保护三方身份验证
2. An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks [J] . Challa Sravani, Das Ashok Kumar, Odelu Vanga, Computers and Electrical Engineering . 2018,第期

机译：一种基于ECC的基于ECC的可用于无线医疗传感器网络的可信度的三因素用户认证和密钥协议协议
3. Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card [J] . Zhang Liping, Tang Shanyu, Cai Zhihua International journal of communication systems . 2014,第11期

机译：使用智能卡的互联网协议语音会话发起协议的高效灵活的密码验证密钥协议
4. An Efficient and Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol with Smart Cards [C] . Wenting Jin, Jing Xu Cryptology and network security . 2009

机译：使用智能卡的高效且可验证的跨域客户端到客户端密码验证的密钥协商协议
5. New authentication and key agreement protocols for wireless applications [D] . Mangipudi, Kumar Venkata Kameswara Narasimha 2006

机译：适用于无线应用的新身份验证和密钥协商协议
6. Highly Efficient Symmetric Key Based Authentication and Key Agreement Protocol Using Keccak [O] . An Braeken 2020

机译：使用Keccak的高效基于对称密钥的身份验证和密钥协商协议
7. An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smart cards [O] . Vanga Odelu, Ashok Kumar Das, Adrijit Goswami 2015

机译：基于高效的基于生物识别的隐私保留了三方认证，使用智能卡具有密钥协议协议

An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card

摘要

著录项

相似文献

相关主题

期刊订阅