Efficient User Authentication and Key Agreement in Ubiquitous Computing

  • Wen-Shenq Juang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3983)


In ubiquitous computing, many computers serve each person at any time and any place. These computers could be thin servers and only have low computation and communication capacity. In this paper, we propose a novel user authentication and key agreement scheme suitable for ubiquitous computing environments. The main merits include: (1) there are many security domains which have their own security controllers, and each security domain can be formed dynamically; (2) a user only has to register in a security controller once, and can use all permitted services in this environment; (3) a user can freely choose his own password to protect his secret token; (4) the computation and communication cost is very low; (5) servers and users can authenticate each other; (6) it generates a session key agreed by the server and the user; (7) our proposed scheme is a nonce-based scheme which does not have a serious time-synchronization problem.


User Authentication Session Key Ubiquitous Computing Smart Card Network Security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellovin, S., Merritt, M.: Encrypted key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: Proceedings of IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)Google Scholar
  2. 2.
    Borriello, G.: Key Challenges in Communication for Ubiquitous Computing. IEEE Communications Magazine, 16–18 (May 2002)Google Scholar
  3. 3.
    Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Trans. on Computer Systems 8(1), 18–36 (1990)CrossRefGoogle Scholar
  4. 4.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Fan, C., Chan, Y., Zhang, Z.: Robust Remote Authentication Scheme with Smart Cards. Computers & Security 24, 619–628 (2005)CrossRefGoogle Scholar
  6. 6.
    Hwang, T., Ku, W.: Repairable Key Distribution Protocols for Internet Environments. IEEE Trans. on Communications 43(5), 1947–1950 (1995)CrossRefGoogle Scholar
  7. 7.
    Juang, W.: Efficient Password Authenticated Key Agreement Using Smart Cards. Computers & Security 23(2), 167–173 (2004)CrossRefGoogle Scholar
  8. 8.
    Juang, W.: Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards. IEEE Trans. on Consumer Electronics 50(1), 251–255 (2004)CrossRefGoogle Scholar
  9. 9.
    Juang, W.: A simple and efficient conference scheme for mobile communications. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 81–95. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Ku, W., Chen, S.: Weaknesses and Improvements of an Efficient Password Based Remote User Authentication Scheme Using Smart Cards. IEEE Trans on Consumer Electronics 50(1), 204–207 (2004)CrossRefGoogle Scholar
  11. 11.
    Kumar, M.: New Remote User Authentication Scheme Using Smart Cards. IEEE Trans. Consumer Electron 50(2), 597–600 (2004)CrossRefGoogle Scholar
  12. 12.
    Kwon, T., Park, Y., Lee, H.: Security Analysis and Improvement of the Efficient Password-based Authentication Protocol. IEEE Commun. Letters 9(1), 93–95 (2005)Google Scholar
  13. 13.
    Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24, 770–772 (1981)CrossRefGoogle Scholar
  14. 14.
    Lenstra, A., Tromer, E., Shamir, A., Kortsmit, W., Dodson, B., Hughes, J., Leyland, P.: Factoring estimates for a 1024-bit RSA modulus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 55–74. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Merkle, R.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    NIST FIPS PUB 197, “Announcing the ADVANCED ENCRYPTION STANDARD(AES),” National Institute of Standards and Technology, U. S. Department of Commerce (November 2001)Google Scholar
  17. 17.
    NIST FIPS PUB 180-2, “Secure Hash Standard,” National Institute of Standards and Technology, U. S. Department of Commerce, DRAFT (2004)Google Scholar
  18. 18.
    Seo, D., Sweeney, P.: Simple Authenticated Key Agreement Algorithm. Electronics Letters 35, 1073–1074 (1999)CrossRefGoogle Scholar
  19. 19.
    Sun, H.: An Efficient User Authentication Scheme Using Smart Cards. IEEE Trans. Consumer Electron 46(4), 958–961 (2000)CrossRefGoogle Scholar
  20. 20.
    Syverson, P.: A Taxonomy of Replay Attacks. In: Proc. of Computer Security Foundations Workshop VII, pp. 187–191 (1994)Google Scholar
  21. 21.
    Weiser, M.: Some Computer Science Problems in Ubiquitous Computing. Communications of the ACM 36(7), 75–84 (1993)CrossRefGoogle Scholar
  22. 22.
    Wen, H., Lin, C., Hwang, T.: Provably Secure Authenticated Key Exchange Protocols for Low Power Computing Clients. Computers & Security (2006) (in press)Google Scholar
  23. 23.
    Yang, C., Wang, R.: Cryptanalysis of A User Friendly Remote Authentication Scheme with Smart Cards. Computer & Security 23, 425–427 (2004)CrossRefGoogle Scholar
  24. 24.
    Yang, C., Chang, T., Hwang, M.: Cryptanalysis of Simple Authenticated Key Agreement Protocols. IEICE Trans. Fundamentals E87-A(8), 2174–2176 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Wen-Shenq Juang
    • 1
  1. 1.Department of Information ManagementShih Hsin UniversityTaipeiTaiwan, R.O.C

Personalised recommendations