Title :
Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards
Author :
Juang, Wen-Shenq ; Chen, Sian-Teng ; Liaw, Horng-Twu
Author_Institution :
Dept. of Inf. Manage., Nat. Kaohsiung First Univ. of Sci. & Technol., Kaohsiung
fDate :
6/1/2008 12:00:00 AM
Abstract :
User authentication and key agreement is an important security primitive for creating a securely distributed information system. Additionally, user authentication and key agreement is very useful for providing identity privacy to users. In this paper, we propose a robust and efficient user authentication and key agreement scheme using smart cards. The main merits include the following: 1) the computation and communication cost is very low; 2) there is no need for any password or verification table in the server; 3) a user can freely choose and change his own password; 4) it is a nonce-based scheme that does not have a serious time-synchronization problem; 5) servers and users can authenticate each other; 6) the server can revoke a lost card and issue a new card for a user without changing his identity; 7) the privacy of users can be protected; 8) it generates a session key agreed upon by the user and the server; and 9) it can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised.
Keywords :
client-server systems; message authentication; public key cryptography; smart cards; client-server system; elliptic curve cryptosystem; password-authenticated key agreement; securely distributed information system; smart cards; user identity privacy; Authentication; Computational efficiency; Dictionaries; Elliptic curve cryptography; Information management; Privacy; Protection; Public key cryptography; Robustness; Smart cards; Authentication; elliptic curve cryptosystem; key exchange; offline dictionary attack; smart card;
Journal_Title :
Industrial Electronics, IEEE Transactions on
DOI :
10.1109/TIE.2008.921677
