Abstract
With the rapid growth of information technologies, mobile devices have been utilized in a variety of services such as e-commerce. When a remote server provides such e-commerce services to a user, it must verify the legitimacy of the user over an insecure communication channel. Therefore, remote user authentication has been widely deployed to verify the legitimacy of remote user login requests using mobile devices like smart cards. In this paper we propose a smart card-based authentication scheme that provides both user anonymity and mutual authentication between a remote server and a user. The proposed authentication scheme is a simple and efficient system applicable to the limited resource and low computing performance of the smart card. The proposed scheme provides not only resilience to potential attacks in the smart card-based authentication scheme, but also secure authentication functions. A smart card performs a simple one-way hash function, the operations of exclusive-or and concatenation in the authentication phase of the proposed scheme. The proposed scheme also provides user anonymity using a dynamic identity and key agreement, and secure password change.
Highlights
The main aim of the remote authentication scheme using smart cards is to identify and verify the smart card holder with valid access rights and access to the remote server
A variety of password‐based authentication schemes have been proposed for remote authentication using smart cards
On receiving a login request, the remote server authorizes the user to access facilities provided by the remote server, if the pair of identity and password is equivalent to the one stored in the servers password table
Summary
The main aim of the remote authentication scheme using smart cards is to identify and verify the smart card holder with valid access rights and access to the remote server. A variety of password‐based authentication schemes have been proposed for remote authentication using smart cards. On receiving a login request, the remote server authorizes the user to access facilities provided by the remote server, if the pair of identity and password is equivalent to the one stored in the servers password table. The desirable security requirements of an authentication scheme using smart cards are as follows. Due to the power constraints of smart cards, the computational cost of the scheme has to be low and the scheme should provide mutual authentication, user anonymity and session key agreement between a user and a server without requesting time‐synchronization between user and server. The remainder of this paper is organized as follows: section 2 reviews related works; section 3 details the proposed authentication scheme; section 4 analyses its security; section 5 analyses its performance and functionality.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
