Esquema de autenticación de usuario remoto basado en un identificador dinamico utilizando el sistema de cifrado ElGamal

We propose a new dynamic ID-based remote user authentication scheme using smart cards, which it is based on one-way hash function, ElGamal’s public key cryptosystem and nonce. The scheme achieves the following security requirements: 1) users can choose and change their password freely, 2) mutual authentication between the user and the server, 3) the user and the server establish a session key after successful authentication process, 4) the server does not maintain a verification table, 5) the login request message does not contain the user’s identity, and 6) the authentication phase does not require time-synchronization, making it more secure than previous schemes. In order to verify the security characteristics of our protocol, we have modelled and analysed the proposal using High-level Protocol Specification Language (HLPSL) and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The results demonstrate that our protocol achieves more security requirements than previous works.