Article: Advanced dynamic identity-based authentication protocol using smart card Journal: International Journal of Information and Computer Security (IJICS) 2016 Vol.8 No.1 pp.11 - 33 Abstract: Instances of password theft are rapidly growing in number. This is sufficient to shake the confidence of the customer in e-commerce. Authenticating the user on insecure communication channel like internet is an essential primitive and is target of various attacks. Therefore, remote user authentication is one of the most essential requirement for ensuring secure communication in today's ubiquitous computing environment. Smart card-based authentication provide multi-factor authentication for accessing web-based applications. In this paper, an efficient password-based remote user authentication scheme using smart card is proposed. The proposed scheme is an improvement of the scheme proposed by Hsiang and Shih in 2009. Proposed scheme is secure against all well known security attacks and has a low computational cost. The security of the proposed protocol depends upon two security parameters which makes difficult for an attacker to launch attacks on the proposed scheme. Moreover, the user and the server agree on the common session key. Afterwards, all the subsequent messages between the user and the server are encrypted with this session key. Therefore, the attacker cannot get any meaningful authentication information from eavesdropping even in insecure communication channel. Inderscience Publishers - linking academia, business and industry through research

Title: Advanced dynamic identity-based authentication protocol using smart card

Authors: Sandeep K. Sood

Addresses: Department of Computer Science and Engineering, Guru Nanak Dev University Regional Campus, Gurdaspur, Punjab, India

Abstract: Instances of password theft are rapidly growing in number. This is sufficient to shake the confidence of the customer in e-commerce. Authenticating the user on insecure communication channel like internet is an essential primitive and is target of various attacks. Therefore, remote user authentication is one of the most essential requirement for ensuring secure communication in today's ubiquitous computing environment. Smart card-based authentication provide multi-factor authentication for accessing web-based applications. In this paper, an efficient password-based remote user authentication scheme using smart card is proposed. The proposed scheme is an improvement of the scheme proposed by Hsiang and Shih in 2009. Proposed scheme is secure against all well known security attacks and has a low computational cost. The security of the proposed protocol depends upon two security parameters which makes difficult for an attacker to launch attacks on the proposed scheme. Moreover, the user and the server agree on the common session key. Afterwards, all the subsequent messages between the user and the server are encrypted with this session key. Therefore, the attacker cannot get any meaningful authentication information from eavesdropping even in insecure communication channel.

Keywords: authentication protocols; cryptography; dynamic identity; hash function; passwords; smart cards; password theft; e-commerce; electronic commerce; remote user authentication; secure communications; common session keys; communication security.

DOI: 10.1504/IJICS.2016.075307

International Journal of Information and Computer Security, 2016 Vol.8 No.1, pp.11 - 33

Accepted: 23 Oct 2015
Published online: 11 Mar 2016 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Advanced dynamic identity-based authentication protocol using smart card

Keep up-to-date