A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme

A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme

Preeti Chandrakar (Department of Computer Science and Engineering, Indian School of Mines, Dhanbad, India) and Hari Om (Department of Computer Science and Engineering, Indian School of Mines, Dhanbad, India)
DOI: 10.4018/IJBDCN.2016070104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

In this article, the authors have proposed a secure two-factor remote user authentication and session key agreement protocol. As they have shown in the presented scheme, is precise and secure according to both formal and informal security analysis. For formal security analysis, they have applied BAN (Burrows-Abadi-Needham) logic which certifies that the presented scheme provides the amenity of mutual authentication and session key agreement safely. The informal security verification has shown that the proposed scheme is more vigorous against various sort of cruel threats. Moreover, the authors have simulated the presented scheme using broadly accepted AVISPA tool, whose simulation results make sure that the protocol is not dangerous from active and passive attacks together with replay and man-in-the-middle attacks. In addition, the performance evaluation and the security comparison have revealed that the presented scheme gives strong security as well as better complexity in the context of smart card memory requirement, communication cost and computation cost.
Article Preview

1. Introduction

A secure remote user authentication scheme plays a prominent role to provide mutual authentication and session key agreement for future communication via public channel. The two factors remote user authentication scheme is more adequate because the client has to remember the password only to access the services of remote server. The first remote user authentication scheme based on smart card and password was proposed by Lamport (1981). In Lamport scheme, in order to validate the remote user over an insecure communication channel, the server stores table of passwords. Following his work, the various remote user authentication schemes have been developed in Chang et al. (1995), Chien et al. (2002), Hsu (2004), Lee et al. (2005), Lin et al. (2015), Jiang et al. (2015), and Arshad and Nikooghadam (2014). Chang et al. (1995) has proposed the password based authentication scheme using the theory of quadratic residue. But, their scheme did not provide the mutual authentication. In 2002, Chien et al. (2002) proposed a new remote password authentication scheme based on smart card. They claimed that their scheme is more efficient and provide mutual authentication. In 2004, Hsu et al. point out that the security flaws in Chien et al. (2002) scheme, and show that their scheme is vulnerable to parallel session attack. In 2005, Lee et al. also demonstrated that the Chien et al.’s (2002) scheme cannot resist the parallel session attack and in order to remove these security pitfalls, they have proposed an improved scheme.

Now, there are so many two-factor authentication schemes have been proposed (Kumari et al., 2015; Huang et al., 2015; Wen and Li, 2012; Chen et al., 2012; Kumari et al., 2014; Chaudhry et al. 2015). In two factor authentication scheme, the smart card stores some secret parameters and user only need to remember password. Since smart card can show what you have, and the password can verify what you know. These two factor authentication protocols provide strong security authentication. Based on aforementioned description and references, the number of remote user authentication protocols do not satisfy the following security requirement: To hold impersonation attack (SR1), To hold replay attack (SR2), To hold password guessing attack (SR3), To hold insider attack (SR4), To hold leak of verifier attack (SR5), To hold smart card stolen attack (SR6), To provide user anonymity (SR7), To provide mutual authentication (SR8), Efficiency of wrong password in login phase (SR9), To provide session key agreement (SR10), To provide perfect forward secrecy property (SR11), To provide key freshness property (SR12). Therefore, in this article, we have proposed a secure two factors remote user authentication scheme that achieves the all security requirement described above. In addition, we have certified that the presented scheme is precise with the help of BAN logic. BAN logic is a broadly accepted formal model, which ensures that the presented scheme provides mutual authentication and session key agreement securely. Further, we have shown that the presented scheme is more efficient compare to other surviving relevant schemes in context of communication cost, computation cost, smart card storage cost and estimated time.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 14: 2 Issues (2018): 1 Released, 1 Forthcoming
Volume 13: 2 Issues (2017)
Volume 12: 2 Issues (2016)
Volume 11: 2 Issues (2015)
Volume 10: 4 Issues (2014)
Volume 9: 4 Issues (2013)
Volume 8: 4 Issues (2012)
Volume 7: 4 Issues (2011)
Volume 6: 4 Issues (2010)
Volume 5: 4 Issues (2009)
Volume 4: 4 Issues (2008)
Volume 3: 4 Issues (2007)
Volume 2: 4 Issues (2006)
Volume 1: 4 Issues (2005)
View Complete Journal Contents Listing