A secure password-based authentication and key agreement scheme using smart cards

Abstract

Authentication schemes present a user-friendly and scalable mechanism to establish the secure and authorized communication between the remote entities over the insecure public network. Later, several authentication schemes have proposed in the literature. However, most of the existing schemes do not satisfy the desirable attributes, such as resistance against known attacks and user anonymity. In 2012, Chen et al. designed a robust authentication scheme to erase the weaknesses of Sood et al.'s scheme. In 2013, Jiang et al. showed that Chen et al.'s scheme is vulnerable to password guessing attack. Furthermore, Jiang et al. presented an efficient solution to overcome the shortcoming of Chen et al.'s scheme. We demonstrate that Jiang et al.'s scheme does not withstand insider attack, on-line and off-line password guessing attacks, and user impersonation attack. Their scheme also fails to provide user's anonymity. To overcome these drawbacks, we aim to propose an enhanced scheme, which reduces the computation overhead and satisfies all desirable security attributes, while retaining the original merits of Jiang et al.'s scheme. The proposed scheme is also comparable in terms of the communication and computational overheads with Jiang et al.'s scheme and other existing schemes. Furthermore, we simulate the enhanced scheme for the formal security analysis utilizing the widely-accepted AVISPA tool and show that the proposed scheme is resistant against active and passive attacks.