ESEAP: ECC based secure and efficient mutual authentication protocol using smart card

Abstract

Smart card based user server mutual authentication framework is famous for safe communication via unfavorable and insecure communication system. The authenticated user and server communicate to each other and share information via Internet. Recently, Wang et al. suggested a lightweight password-assisted two factor authentication framework using smart card. We reviewed their scheme and observed that it does maintain security and privacy off-line password guessing attack and also impersonation attack. We proposed enhance elliptic curve cryptography(ECC) based authentication framework for the same environment. The proposed scheme ESEAP is secure resilience of many attractive security attributes and features like off-line password guessing attack, no password verifier-table, smart card loss attack, anonymity, mutual authentication, replay attack, impersonation attack, server spooling attack, no clock-synchronization attack, forward secrecy, insider attack, message authentication, provision of key agreement, parallel attack, sound repairability, no password exposure, timely typo detection, resistance to know attacks, password friendly, user unlinkability and server unlinkability. Further, the paper shows formal security analysis of the ESEAP which based on random oracle model. We compared the presented protocol with other related protocols in the same environment, and show that ESEAP is more efficient in terms of computation and communication cost. As a result, the presented protocol can be utilized over public communication channel.