An improved ID-based client authentication with key agreement scheme on ECC for mobile client-server environments

Abstract

In wireless mobile networks, a client can move between different locations while staying connected to the network and access the remote server over the mobile networks by using their mobile devices at anytime and anywhere. However, the wireless network is more prone to some security attacks, as it does not have the ingrained physical security like wired networks. Thus, the client authentication is required while accessing the remote server through wireless network. Based on elliptic curve cryptosystem (ECC) and identity-based cryptography (IBC), Debiao et al. proposed an ID-based client authentication with key agreement scheme to reduce the computation and communication loads on the mobile devices. The scheme is suitable for mobile client-server environments, is secure against different attacks and provides mutual authentication with session key agreement between a client and the remote server as they claimed. Unfortunately, this paper demonstrates that Debiao et al.' scheme is vulnerable some cryptographic attacks, and proposed an improved ID-based client authentication with key agreement scheme using ECC. The proposed scheme is secure based on Elliptic Curve Discrete Logarithm Problem (ECDLP) and Computational Diffie- Helmann Problem (CDHP). The detail analysis shows that our scheme overcomes the drawbacks of Debiao et al.'s scheme and achieves more functionality for the client authentication with lesser computational cost than other schemes.