Article Preview
Top1. Introduction
A secure remote user authentication scheme plays a prominent role to provide mutual authentication and session key agreement for future communication via public channel. The two factors remote user authentication scheme is more adequate because the client has to remember the password only to access the services of remote server. The first remote user authentication scheme based on smart card and password was proposed by Lamport (1981). In Lamport scheme, in order to validate the remote user over an insecure communication channel, the server stores table of passwords. Following his work, the various remote user authentication schemes have been developed in Chang et al. (1995), Chien et al. (2002), Hsu (2004), Lee et al. (2005), Lin et al. (2015), Jiang et al. (2015), and Arshad and Nikooghadam (2014). Chang et al. (1995) has proposed the password based authentication scheme using the theory of quadratic residue. But, their scheme did not provide the mutual authentication. In 2002, Chien et al. (2002) proposed a new remote password authentication scheme based on smart card. They claimed that their scheme is more efficient and provide mutual authentication. In 2004, Hsu et al. point out that the security flaws in Chien et al. (2002) scheme, and show that their scheme is vulnerable to parallel session attack. In 2005, Lee et al. also demonstrated that the Chien et al.’s (2002) scheme cannot resist the parallel session attack and in order to remove these security pitfalls, they have proposed an improved scheme.
Now, there are so many two-factor authentication schemes have been proposed (Kumari et al., 2015; Huang et al., 2015; Wen and Li, 2012; Chen et al., 2012; Kumari et al., 2014; Chaudhry et al. 2015). In two factor authentication scheme, the smart card stores some secret parameters and user only need to remember password. Since smart card can show what you have, and the password can verify what you know. These two factor authentication protocols provide strong security authentication. Based on aforementioned description and references, the number of remote user authentication protocols do not satisfy the following security requirement: To hold impersonation attack (SR1), To hold replay attack (SR2), To hold password guessing attack (SR3), To hold insider attack (SR4), To hold leak of verifier attack (SR5), To hold smart card stolen attack (SR6), To provide user anonymity (SR7), To provide mutual authentication (SR8), Efficiency of wrong password in login phase (SR9), To provide session key agreement (SR10), To provide perfect forward secrecy property (SR11), To provide key freshness property (SR12). Therefore, in this article, we have proposed a secure two factors remote user authentication scheme that achieves the all security requirement described above. In addition, we have certified that the presented scheme is precise with the help of BAN logic. BAN logic is a broadly accepted formal model, which ensures that the presented scheme provides mutual authentication and session key agreement securely. Further, we have shown that the presented scheme is more efficient compare to other surviving relevant schemes in context of communication cost, computation cost, smart card storage cost and estimated time.