A Novel Passwordless Authentication Scheme For Smart Phones Using Elliptic Curve Cryptography (original) (raw)
Related papers
AN EFFICIENT AND MORE SECURE IDBASED MUTUAL AUTHENTICATION SCHEME BASED ON ECC FOR MOBILE DEVICES
Mobile services are spread throughout the wireless network and are one of the crucial components needed for various applications and services. However, the security of mobile communication has topped the list of concerns for mobile phone users. Confidentiality, Authentication, Integrity and Non-repudiation are required security services for mobile communication. Currently available network security mechanisms are inadequate; hence there is a greater demand to provide a more flexible, reconfigurable, and scalable security mechanism. Traditionally, the security services have been provided by cryptography. Recently, techniques based on elliptic curve cryptography (ECC) have demonstrated the feasibility of providing computer security services efficiently on mobile platforms. Islam and Biswas have proposed a more efficient and secure ID-based system for mobile devices on ECC to enhance security for authentication with key agreement system. They claimed that their system truly is more secure than previous ones and it can resist various attacks. However, it is true because their system is vulnerable to known session-specific temporary information attack, and the other system is denial of service resulting from leaking server's database. Thus, the paper presents an improvement to their system in order to isolate such problems.
Analysis of Elliptic Curve Cryptography for Mobile Banking
International journal of engineering research and technology, 2014
The tremendous increase in the use of mobile and wireless devices with limitations on power, bandwidth and low security postulates a new generation of Public Key Cryptography (PKC) schemes. We state Elliptic curve cryptography as a PKC scheme which is capable of fulfilling those requirements. Our paper examines the use of Elliptic Curve Cryptography (ECC) in such a constrained environment along with the other two aspects of ECC, namely its security and efficiency. In the paper, the performance of ECC is evaluated by comparing its different methods of implementation to find out the most efficient solution for mobile environment considering the constraints of battery life, processing power, memory, speed, bandwidth etc. The efficient method is then tested for mobile payment application. ECC encryption and decryption is implemented and tested on user module to check whether it is capable of handling all constraints and providing high security. The implementation is divided into two par...
A Password-Authenticated Key Agreement Scheme Based on ECC Using Smart Cards
Public Key Cryptography (PKC) is recently playing an essential role in electronic banking and financial transactions. Elliptic Curve Cryptography (ECC) is one of the best public key techniques for its small key size and high security and is suitable for secure access of smart cards because implementation on smart cards is challenging due to memory, bandwidth, and computation constraints. In this paper, we proposed a passwordauthenticated key agreement scheme based on ECC. Our scheme provides more guarantees in security as follows: 1) the computation and communication cost is very low; 2) a user can freely choose and change his own password; 3) the privacy of users can be protected; 4) it generates a session key agreed upon by the user and the server; 5) it provides both implicit key and explicit key confirmation; and 6) it can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised. And yet, our scheme is simpler and more efficient for smart card authentication.
A New Hybrid Authentication Protocol to Secure Data Communications in Mobile Networks
The growing area of lightweight devices, such as mobile cell phones, PDA … conduct to the rapid growth of mobile networks, they are playing important role in everyone's day. Mobile Networks offer unrestricted mobility and tender important services like M-business, M-Learning, where, such services need to keep security of data as a top concern. The root cause behind the eavesdroppers in these networks is the un-authentication. Designing authentication protocol for mobile networks is a challenging task, because, mobile device's memory, processing power, bandwidths are limited and constrained. Cryptography is the important technique to identify the authenticity in mobile networks. The authentication schemes for this networks use symmetric or asymmetric mechanisms. In this paper, we propose a hybrid authentication protocol that is based on Elliptic Curve Cryptography which is, actually, the suitable technique for mobile devices because of its small key size and high security.
International Journal of Communication Systems, 2014
Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al. proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al. claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al. protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al. protocol by imposing a little extra computation cost.
OSAP: Online Smartphone’s User Authentication Protocol
2017
Internet services have become an essential part of our daily activities. Due to rapid technical progress mobile web browsing has become a reality now. User authentication is a vital component in most systems that need to assure security of services and data. A weak authentication mechanism enables hackers to steal user information or bypass authentication. In some services, such as online banking, strong authentication is needed to protect the service provider as well as the users of the services. In this research paper, a user authentication scheme for mobile devices has been proposed for Smartphone applications. The results clearly indicate that the proposed authentication scheme provide protection from attacks such as man-in-the-middle attack, shoulder surfing attack, dictionary attack, spoofing and manipulation. It also overcomes the drawbacks of internet banking authentication system and WhatsApp such as PIN eavesdropping and time synchronization. Also it authenticates the user...
Security analysis and design of an efficient ECC-based two-factor password authentication scheme
Security and Communication Networks, 2016
Client-server-based communications provide a facility by which users can get several services from home via the Internet. As the Internet is an insecure channel, it is needed to protect information of communicators. An authentication scheme can fulfill the aforementioned requirements. Recently, Huang et al. presented an elliptic curve cryptosystem-based password authentication scheme. This work has demonstrated that the scheme of Huang et al. has security weakness against the forgery attack. In addition, this paper also presented that the scheme of Huang et al. has some design drawbacks. Therefore, this paper has focused on excluding the security vulnerabilities of the scheme of Huang et al. by proposing an elliptic curve cryptosystem-based password authentication scheme using smart card. The security of our scheme is based on the hardness assumption of the one-way hash functions and elliptic curve discrete logarithm problem. Furthermore, we have demonstrated that our scheme is secured against known attacks. The performance of our scheme is also nearly equal when compared to related competing schemes.
A Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography
Mobile user authentication is an essential topic to consider in the current communications technology due to greater deployment of handheld devices and advanced technologies. Memon et al. recently proposed an efficient and secure two-factor authentication protocol for location-based services using asymmetric key cryptography. Unlike their claims, the vigilant analysis of this paper substantiates that Memon et al.'s protocol has quite a few limitations such as vulnerability to key compromised impersonation attack, insecure password changing phase, imperfect mutual authentication, and vulnerability to insider attack. Furthermore, this paper proposes an enhanced secure authentication protocol for roaming services on elliptic curve cryptography. The proposed protocol is also a two-factor authentication protocol and is suitable for practical applications due to the composition of lightweight operations. The proposed protocol's formal security is verified using Automated Validation of Internet Security Protocols and Applications tool to certify that the proposed protocol is free from security threats. The informal and formal security analyses along with the performance analysis sections determine that the proposed protocol performs better than Memon et al.'s protocol and other related protocols in terms of security and efficiency.
IJERT-Analysis of Elliptic Curve Cryptography for Mobile Banking
International Journal of Engineering Research and Technology (IJERT), 2014
https://www.ijert.org/analysis-of-elliptic-curve-cryptography-for-mobile-banking https://www.ijert.org/research/analysis-of-elliptic-curve-cryptography-for-mobile-banking-IJERTV3IS070872.pdf The tremendous increase in the use of mobile and wireless devices with limitations on power, bandwidth and low security postulates a new generation of Public Key Cryptography (PKC) schemes. We state Elliptic curve cryptography as a PKC scheme which is capable of fulfilling those requirements. Our paper examines the use of Elliptic Curve Cryptography (ECC) in such a constrained environment along with the other two aspects of ECC, namely its security and efficiency. In the paper, the performance of ECC is evaluated by comparing its different methods of implementation to find out the most efficient solution for mobile environment considering the constraints of battery life, processing power, memory, speed, bandwidth etc. The efficient method is then tested for mobile payment application. ECC encryption and decryption is implemented and tested on user module to check whether it is capable of handling all constraints and providing high security. The implementation is divided into two parts first, design of API for ECC (Elliptic Curve Cryptography) which generates shared secret key required for secure communication and performs encryption, decryption and secondly, mobile application which allows user to perform mobile banking with the help of ECC.
Elliptic curve Cryptosystem a b s t r a c t Recently, remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most remote user authentication schemes on ECC are based on public-key cryptosystem, in which the public key in the system requires the associated certificate to prove its validity. Thus, the user needs to perform additional computations to verify the certificate in these schemes. In addition, we find these schemes do not provide mutual authentication or a session key agreement between the user and the remote server. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. Based upon the ID-based concept, the proposed scheme does not require public keys for users such that the additional computations for certificates can be reduced. Moreover, the proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices.