A Secret-Key Exponential Key Agreement Protocol with Smart Cards

  • Eun-Jun Yoon
  • Kee-Young Yoo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4610)


The smart card based remote user authentication and key agreement protocol is a very practical solution to create a secure distributed computer environment. In this paper, we propose a smart card based secret-key exponential key agreement protocol called SEKA, which provides mutual authentication and key agreement over an insecure channel between user and server. The computational complexity that the client must perform is just one exponentiation and two hash functions during the runtime of the protocol.


Smart Card Authentication Scheme Mutual Authentication Replay Attack Perfect Forward Secrecy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Chang, C.C., Wu, T.C.: Remote Password Authentication with Smart Cards. IEE Proceedings-E 138(3), 165–168 (1991)Google Scholar
  3. 3.
    Chang, C., Hwang, S.: Using Smart Cards to Authenticate Remote Passwords. Comput. Math. Appl. 26(7), 19–27 (1993)zbMATHCrossRefGoogle Scholar
  4. 4.
    Wang, S., Chang, T.: Smart Card based Secure Password Authentication Scheme. Computers & Security 15(3), 231–237 (1996)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Wu, T.C., Sung, H.S.: Authentication Passwords over an Insecure Channel. Computer & Security 15(5), 431–439 (1996)CrossRefGoogle Scholar
  6. 6.
    Yang, W.H., Shieh, S.P.: Password Authentication Schemes with Smart Card. Computer & Security 18(8), 727–733 (1999)CrossRefGoogle Scholar
  7. 7.
    Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme Using Smart Cards. IEEE Trans. On Consumer Electronics 46(1), 28–30 (2000)CrossRefGoogle Scholar
  8. 8.
    Sun, H.M.: An Efficient Remote User Authentication Scheme Using Smart Cards. IEEE Trans. on Consumer Electronics 46(4), 958–961 (2000)CrossRefGoogle Scholar
  9. 9.
    Chien, H.Y., Jan, J.K., Tseng, Y.M.: An Efficient and Practical Solution to Remote Authentication: Smart Card. Computers & Security 21(4), 372–375 (2002)CrossRefGoogle Scholar
  10. 10.
    Fan, L., Li, J.H., Zhu, H.W.: An Enhancement of Timestamp-based Password Authentication Scheme. Computers & Security 21(7), 665–667 (2002)CrossRefGoogle Scholar
  11. 11.
    Wu, S.T., Chieu, B.C.: A User Friendly Remote Authentication Scheme with Smart Cards. Computers & Security 22(6), 547–550 (2003)CrossRefGoogle Scholar
  12. 12.
    Shen, J.J., Lin, C.W., Hwang, M.S.: Security Enhancement for the Timestampbased Password Authentication Scheme Using Smart Cards. Computers & Security 22(7), 591–595 (2003)CrossRefGoogle Scholar
  13. 13.
    Chen, K.F.: Attacks on the (Enhanced) Yang-Shieh Authentication. Computers & Security 22(8), 725–727 (2003)CrossRefGoogle Scholar
  14. 14.
    Wu, S.T., Chieu, B.C.: A User Friendly Remote Authentication Scheme with Smart Cards. Computers & Security 22(6), 547–550 (2003)CrossRefGoogle Scholar
  15. 15.
    Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Security of Shen et al. ’s Timestamp-based Password Authentication Scheme. In: Laganà, A., Gavrilova, M., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 665–671. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Robust Remote User Authentication Scheme. In: Kahng, H.-K., Goto, S. (eds.) ICOIN 2004. LNCS, vol. 3090, pp. 935–942. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Juang, W.S.: Efficient Password Authenticated Key Agreement Using Smart Cards. Computers & Security 23(2), 167–173 (2004)CrossRefGoogle Scholar
  18. 18.
    Jablon, D.: Strong Password-only Authenticated Key Exchange. ACM Computer Communications Review 26(5), 5–26 (1996)CrossRefGoogle Scholar
  19. 19.
    Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure Against Dictionary Attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)Google Scholar
  20. 20.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Trans Inf Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  21. 21.
    Rivest, R.: The MD5 Message-digest Algorithm. RFC 1321. Internet Activities Board. Internet Privacy Task Force (1992)Google Scholar
  22. 22.
    NIST FIPS PUB 180.: Secure Hash Standard. National Institute of Standards and Technology. U.S. Department of Commerce. DRAFT (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Eun-Jun Yoon
    • 1
  • Kee-Young Yoo
    • 2
  1. 1.Faculty of Computer Information, Daegu Polytechnic College, 42 Jinri-2gil (Manchon 3dong San395), Suseong-Gu, Daegu 706-711South Korea
  2. 2.Department of Computer Engineering, Kyungpook National University, 1370 Sankyuk-Dong, Buk-Gu, Daegu 702-701South Korea

Personalised recommendations