Abstract
With the rapid growth of electronic and mobile commerce today, how to design a secure and efficient remote user authentication scheme with resource-limited devices over insecure networks has become an important issue. In this paper, we present a robust authentication scheme for the mobile device (a non-tamper-resistant device in which the secret authentication information stored in it could be retrieved) to solve the challenging lost device problem. It tries to satisfy the following advanced essential security features: (1) protecting user privacy in terms of anonymity and non-traceability, (2) supporting session keys with perfect forward secrecy, and (3) secure even for the case of lost devices, in addition to the conventional security requirements. The security of our scheme is based on the quadratic residue assumption, which has the same complexity as in solving the discrete logarithm problem. However, the computation of the quadratic congruence is very efficient. It only needs one squaring and one modular operations in the mobile device end, which is much cheaper than the expensive modular exponentiation used in those schemes based on the discrete logarithm problem. Thus, using the quadratic congruence, our scheme can achieve robustness and efficiency, even for the non-tamper-resistant mobile device.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)
Hwang, M.S., Lee, C.C., Tang, Y.L.: A simple remote user authentication scheme. Math. Comput. Model. 36(1–2), 103–107 (2002)
Fan, C.I., Chan, Y.C., Zhang, Z.K.: Robust remote authentication scheme with smart cards. Comput. Secur. 24(8), 619–628 (2005)
Shieh, W.G., Wang, J.M.: Efficient remote mutual authentication and key agreement. Comput. Secur. 25(1), 72–77 (2006)
Chung, H.R., Ku, W.C., Tsaur, M.J.: Weaknesses and improvement of Wang et al.’s remote user password authentication scheme for resource-limited environments. Comput. Stand. Interfaces 31(4), 863–868 (2009)
Rhee, H.S., Kwon, J.O., Lee, D.H.: A remote user authentication scheme without using smart cards. Comput. Stand. Interfaces 31(1), 6–13 (2009)
Li, X., Nju, J.W., Ma, J., Wang, W.D., Liu, C.L.: Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart card. J. Netw. Comput. Appl. 34(1), 73–79 (2011)
Wen, F., Li, X.: An improved dynamic ID-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2), 381–387 (2012)
Patterson, W.: Mathematical Cryptology for Computer Scientists and Mathematicians. Rowman (1987)
Rosen, K.H.: Elementary Number Theory and its Applications. Addison-Wesley, Reading (1988)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Yang, SY., Peng, JW., Horng, WB., Chao, CM. (2019). A Robust Remote Authentication Scheme for M-Commerce Environments. In: Chen, JL., Pang, AC., Deng, DJ., Lin, CC. (eds) Wireless Internet. WICON 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 264. Springer, Cham. https://doi.org/10.1007/978-3-030-06158-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-06158-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-06157-9
Online ISBN: 978-3-030-06158-6
eBook Packages: Computer ScienceComputer Science (R0)