Title: Efficient password-authenticated key agreement protocol for smart cards based on ECC

Authors: Sheetal Kalra; Sandeep Sood

Addresses: Department of Computer Science and Engineering, Guru Nanak Dev University, Regional Campus Jalandhar, Punjab 144001, India ' Department of Computer Science and Engineering, Guru Nanak Dev University, Regional Campus Gurdaspur, Punjab 143521, India

Abstract: Today, networks are no longer limited to servers and desktops. A lot of information transfer is done over mobile devices like smart cards, cell phones, PDAs etc. User authentication and session key agreement is an important aspect of a secure information system. In this paper, we propose an efficient password-authenticated protocol for smart cards which provides user authentication and session key agreement. This protocol is based on ECC and has the following merits: 1) The computation and communication cost is low; 2) The password can be freely chosen by the user; 3) There is no time synchronisation problem; 4) It prevents the offline dictionary attack even if the information stored in the smart card is compromised; 5) It provides for mutual authentication and session key agreement; 6) All well known attacks are prevented using our protocol; 7) The identity of the user changes dynamically for every new session.

Keywords: password authentication; key agreement protocol; smart cards; dynamic identity; elliptic curve cryptography; ECC; session keys; network security; mutual authentication.

DOI: 10.1504/IJMIS.2013.056472

International Journal of Multimedia Intelligence and Security, 2013 Vol.3 No.1, pp.80 - 92

Received: 04 Sep 2011
Accepted: 21 Jun 2012
Published online: 26 Jul 2014 *