Efficient User Authentication and Key Agreement in Ubiquitous Computing
In ubiquitous computing, many computers serve each person at any time and any place. These computers could be thin servers and only have low computation and communication capacity. In this paper, we propose a novel user authentication and key agreement scheme suitable for ubiquitous computing environments. The main merits include: (1) there are many security domains which have their own security controllers, and each security domain can be formed dynamically; (2) a user only has to register in a security controller once, and can use all permitted services in this environment; (3) a user can freely choose his own password to protect his secret token; (4) the computation and communication cost is very low; (5) servers and users can authenticate each other; (6) it generates a session key agreed by the server and the user; (7) our proposed scheme is a nonce-based scheme which does not have a serious time-synchronization problem.
KeywordsUser Authentication Session Key Ubiquitous Computing Smart Card Network Security
Unable to display preview. Download preview PDF.
- 1.Bellovin, S., Merritt, M.: Encrypted key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: Proceedings of IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)Google Scholar
- 2.Borriello, G.: Key Challenges in Communication for Ubiquitous Computing. IEEE Communications Magazine, 16–18 (May 2002)Google Scholar
- 12.Kwon, T., Park, Y., Lee, H.: Security Analysis and Improvement of the Efficient Password-based Authentication Protocol. IEEE Commun. Letters 9(1), 93–95 (2005)Google Scholar
- 15.Merkle, R.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
- 16.NIST FIPS PUB 197, “Announcing the ADVANCED ENCRYPTION STANDARD(AES),” National Institute of Standards and Technology, U. S. Department of Commerce (November 2001)Google Scholar
- 17.NIST FIPS PUB 180-2, “Secure Hash Standard,” National Institute of Standards and Technology, U. S. Department of Commerce, DRAFT (2004)Google Scholar
- 20.Syverson, P.: A Taxonomy of Replay Attacks. In: Proc. of Computer Security Foundations Workshop VII, pp. 187–191 (1994)Google Scholar
- 22.Wen, H., Lin, C., Hwang, T.: Provably Secure Authenticated Key Exchange Protocols for Low Power Computing Clients. Computers & Security (2006) (in press)Google Scholar
- 24.Yang, C., Chang, T., Hwang, M.: Cryptanalysis of Simple Authenticated Key Agreement Protocols. IEICE Trans. Fundamentals E87-A(8), 2174–2176 (2004)Google Scholar