Premium
An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks
Author(s) -
Li Xuelei,
Wen Qiaoyan,
Zhang Hua,
Jin Zhengping
Publication year - 2013
Publication title -
international journal of network management
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.373
H-Index - 28
eISSN - 1099-1190
pISSN - 1055-7148
DOI - 10.1002/nem.1827
Subject(s) - computer science , mutual authentication , cryptosystem , elliptic curve cryptography , password , robustness (evolution) , session key , key (lock) , computer security , computer network , public key cryptography , encryption , biochemistry , chemistry , gene
SUMMARY In this paper, we cryptanalyze Rhee et al.'s ‘Remote user authentication scheme without using smart cards’, and prove that their scheme is not completely secure against user impersonation attack. The security flaw is caused by mathematical homomorphism of the registration information. In addition, their scheme lacks key agreement procedures for generating the session key to encrypt the communication messages after mutual authentication. Furthermore, a modification is proposed to improve the security, practicability and robustness of such scheme. Firstly, we introduce elliptic curve cryptosystem to enhance the security. Secondly, in order to improve the practicability, our improvement is much more easily implemented using portable devices in global mobility networks; moreover, a synchronized clock system, traditional password table or ancillary equipment are not required in our improvement. Finally, the proposed scheme not only achieves mutual authentication, but also provides the procedure for key agreement and update of secrets for users and servers to increase the robustness. Copyright © 2013 John Wiley & Sons, Ltd.