A Robust Remote Authentication Scheme for M-Commerce Environments

  • Shih-Yang YangEmail author
  • Jian-Wen Peng
  • Wen-Bing Horng
  • Ching-Ming Chao
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 264)


With the rapid growth of electronic and mobile commerce today, how to design a secure and efficient remote user authentication scheme with resource-limited devices over insecure networks has become an important issue. In this paper, we present a robust authentication scheme for the mobile device (a non-tamper-resistant device in which the secret authentication information stored in it could be retrieved) to solve the challenging lost device problem. It tries to satisfy the following advanced essential security features: (1) protecting user privacy in terms of anonymity and non-traceability, (2) supporting session keys with perfect forward secrecy, and (3) secure even for the case of lost devices, in addition to the conventional security requirements. The security of our scheme is based on the quadratic residue assumption, which has the same complexity as in solving the discrete logarithm problem. However, the computation of the quadratic congruence is very efficient. It only needs one squaring and one modular operations in the mobile device end, which is much cheaper than the expensive modular exponentiation used in those schemes based on the discrete logarithm problem. Thus, using the quadratic congruence, our scheme can achieve robustness and efficiency, even for the non-tamper-resistant mobile device.


Authentication Quadratic congruence Security 


  1. 1.
    Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)CrossRefGoogle Scholar
  2. 2.
    Hwang, M.S., Lee, C.C., Tang, Y.L.: A simple remote user authentication scheme. Math. Comput. Model. 36(1–2), 103–107 (2002)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Fan, C.I., Chan, Y.C., Zhang, Z.K.: Robust remote authentication scheme with smart cards. Comput. Secur. 24(8), 619–628 (2005)CrossRefGoogle Scholar
  4. 4.
    Shieh, W.G., Wang, J.M.: Efficient remote mutual authentication and key agreement. Comput. Secur. 25(1), 72–77 (2006)CrossRefGoogle Scholar
  5. 5.
    Chung, H.R., Ku, W.C., Tsaur, M.J.: Weaknesses and improvement of Wang et al.’s remote user password authentication scheme for resource-limited environments. Comput. Stand. Interfaces 31(4), 863–868 (2009)Google Scholar
  6. 6.
    Rhee, H.S., Kwon, J.O., Lee, D.H.: A remote user authentication scheme without using smart cards. Comput. Stand. Interfaces 31(1), 6–13 (2009)CrossRefGoogle Scholar
  7. 7.
    Li, X., Nju, J.W., Ma, J., Wang, W.D., Liu, C.L.: Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart card. J. Netw. Comput. Appl. 34(1), 73–79 (2011)CrossRefGoogle Scholar
  8. 8.
    Wen, F., Li, X.: An improved dynamic ID-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2), 381–387 (2012)CrossRefGoogle Scholar
  9. 9.
    Patterson, W.: Mathematical Cryptology for Computer Scientists and Mathematicians. Rowman (1987)Google Scholar
  10. 10.
    Rosen, K.H.: Elementary Number Theory and its Applications. Addison-Wesley, Reading (1988)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  • Shih-Yang Yang
    • 1
    Email author
  • Jian-Wen Peng
    • 2
  • Wen-Bing Horng
    • 3
  • Ching-Ming Chao
    • 4
  1. 1.Department of Media ArtsUniversity of Kang NingTaipeiTaiwan, ROC
  2. 2.Department of Commerce Technology and ManagementChihlee University of TechnologyTaipeiTaiwan, ROC
  3. 3.Department of Computer Science and Information EngineeringTamkang UniversityTaipeiTaiwan, ROC
  4. 4.Department of Computer Science and Information ManagementSoochow UniversityTaipeiTaiwan, ROC

Personalised recommendations