An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks

摘要

In this paper, we cryptanalyze Rhee et al.’s ‘Remote user authentication scheme without using smart cards’, andnprove that their scheme is not completely secure against user impersonation attack. The security flaw is causednby mathematical homomorphism of the registration information. In addition, their scheme lacks key agreementnprocedures for generating the session key to encrypt the communication messages after mutual authentication.nFurthermore, a modification is proposed to improve the security, practicability and robustness of such scheme.nFirstly, we introduce elliptic curve cryptosystem to enhance the security. Secondly, in order to improve thenpracticability, our improvement is much more easily implemented using portable devices in global mobilitynnetworks; moreover, a synchronized clock system, traditional password table or ancillary equipment are notnrequired in our improvement. Finally, the proposed scheme not only achieves mutual authentication, but alsonprovides the procedure for key agreement and update of secrets for users and servers to increase the robustness.nCopyright © 2013 John Wiley & Sons, Ltd.