Abstract
In a mobile client–server environment, a low-power mobile device wants to access a strong server to get some kind of services. User authentication and key establishment are two basic security requirements for this environment. Without the user authentication, an unauthorized user can access the server and gets the services. Without the key establishment, the communication between the user and the server will be disclosed. Recently, some user authentication and key establishment protocols were designed. However, all of them are homogeneous since the client and the server belong to the same cryptosystem. That is, both the client and the server belong to public key infrastructure or identity-based cryptosystem or self-certified cryptosystem. Such design does not comply with the characteristic of mobile client–server application. In this paper, we design a heterogeneous user authentication and key establishment protocol using a signcryption scheme. In this protocol, the client uses identity-based cryptosystem and the server uses the public key infrastructure. As compared with existing works, our protocol has the lowest cost in computation and communication.
Similar content being viewed by others
References
Lu, Y., Li, L., Peng, H., & Yang, Y. (2016). Robust anonymous two-factor authenticated key exchange scheme for mobile client–server environment. Security and Communication Networks, 9(11), 1331–1339.
Najaflou, Y., Jedari, B., Xia, F., Yang, L. T., & Obaidat, M. S. (2015). Safety challenges and solutions in mobile social networks. IEEE Systems Journal, 9(3), 834–854.
Zhang, K., Liang, X., Lu, R., & Shen, X. (2015). PIF: A personalized fine-grained spam filtering scheme with privacy preservation in mobile social networks. IEEE Transactions on Computational Social Systems, 2(3), 41–52.
Hu, X., Chu, T. H. S., Leung, V. C. M., Ngai, E. C. H., Kruchten, P., & Chan, H. C. B. (2015). A survey on mobile social networks: Applications, platforms, system architectures, and future research directions. IEEE Communications Surveys Tutorials, 17(3), 1557–1581.
Senftleben, M., Barroso, A., Bucicoiu, M., Hollick, M., Katzenbeisser, S., & Tews, E. (2016). On the privacy and performance of mobile anonymous microblogging. IEEE Transactions on Information Forensics and Security, 11(7), 1578–1591.
Buchmann, J. A., Karatsiolis, E., & Wiesmaier, A. (2013). Introduction to public key infrastructures. Berlin: Springer.
Boneh, D., & Franklin, M. (2003). Identity-based encryption from the weil pairing. SIAM Journal on Computing, 32(3), 586–615.
Girault, M. (1991). Self-certified public keys. In D. Davies (Ed.), Advances in cryptology-EUROCRYPT’91. Lecture notes in computer science (Vol. 547, pp. 490–497). Berlin: Springer.
Yang, J. H., & Chang, C. C. (2009). An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers & Security, 28(3–4), 138–143.
Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.
Yoon, E. J., & Yoo, K. Y. (2009). Robust ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In International conference on computational science and engineering (CSE ’09) (Vol. 2, pp. 633–640).
Chou, C. H., Tsai, K. Y., & Lu, C. F. (2013). Two ID-based authenticated schemes with key agreement for mobile environments. The Journal of Supercomputing, 66(2), 973–988.
Farash, M., & Attari, M. (2014). A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. The Journal of Supercomputing, 69(1), 395–411.
Shi, R. H., Zhong, H., & Zhang, S. (2015). Comments on two schemes of identity-based user authentication and key agreement for mobile client–server networks. The Journal of Supercomputing, 71(11), 4015–4018.
Qi, M., & Chen, J. (2017). An efficient two-party authentication key exchange protocol for mobile environment. International Journal of Communication Systems, 30(16), e3341.
Wu, T. Y., & Tseng, Y. M. (2010). An efficient user authentication and key exchange protocol for mobile client–server environment. Computer Networks, 54(9), 1520–1530.
He, D. (2012). An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings. Ad Hoc Networks, 10(6), 1009–1016.
He, D., Chen, J., & Hu, J. (2012). An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Information Fusion, 13(3), 223–230.
Wang, D., & Ma, C. (2013). Cryptanalysis of a remote user authentication scheme for mobile client–server environment based on ECC. Information Fusion, 14(4), 498–503.
Hassan, A., Eltayieb, N., Elhabob, R., & Li, F. (2017). An efficient certificateless user authentication and key exchange protocol for client–server environment. Journal of Ambient Intelligence and Humanized Computing. https://doi.org/10.1007/s12652-017-0622-1.
Chuang, Y. H., & Tseng, Y. M. (2012). Towards generalized ID-based user authentication for mobile multi-server environment. International Journal of Communication Systems, 25(4), 447–460.
Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.
Hsieh, W. B., & Leu, J. S. (2014). An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures. The Journal of Supercomputing, 70(1), 133–148.
Li, F., Han, Y., & Jin, C. (2018). Cost-effective and anonymous access control for wireless body area networks. IEEE Systems Journal, 12(1), 747–758.
Li, F., Zhang, H., & Takagi, T. (2013). Efficient signcryption for heterogeneous systems. IEEE Systems Journal, 7(3), 420–429.
Johnson, D., Menezes, A., & Vanstone, S. (2001). The elliptic curve digital signature algorithm (ECDSA). International Journal of Information Security, 1(1), 36–63.
Bellare, M., & Rogaway, P. (1994). Entity authentication and key distribution. In D. R. Stinson (Ed.), Advances in cryptology-CRYPTO’93. Lecture notes in computer science (Vol. 773, pp. 232–249). Berlin: Springer.
Blake-Wilson, S., Johnson, D., & Menezes, A. (1997). Key agreement protocols and their security analysis. In M. Darnell (Ed.), Crytography and coding. Lecture notes in computer science (Vol. 1355, pp. 30–45). Berlin: Springer.
Chen, L., & Kudla, C. (2003). Identity based authenticated key agreement protocols from pairings. In 16th IEEE computer security foundations workshop (CSFW’03) (pp. 219–233).
McCullagh, N., & Barreto, P. S. (2005). A new two-party identity-based authenticated key agreement. In A. Menezes (Ed.), Topics in cryptology-CT-RSA 2005. Lecture notes in computer science (Vol. 3376, pp. 262–274). Berlin: Springer.
Gorantla, M. C., Boyd, C., & González Nieto, J. M. (2007). On the connection between signcryption and one-pass key establishment. In S. Galbraith (Ed.), Cryptography and coding. Lecture notes in computer science (Vol. 4887, pp. 277–301). Berlin: Springer.
De Caro, A., & Iovino, V. (2011). jPBC: Java pairing based cryptography. In 16th IEEE symposium on computers and communications (ISCC 2011), Kerkyra, Greece (pp. 850–855).
Shim, K. A. (2012). CPAS: An efficient conditional privacy-preserving authentication scheme for vehicular sensor networks. IEEE Transactions on Vehicular Technology, 61(4), 1874–1883.
Acknowledgements
This work is supported by the Science and Technology Programs of SGCC titled application research on improving the reliability guarantee capability of information systems (Grant No. 546803170005).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, F., Wang, J., Zhou, Y. et al. A heterogeneous user authentication and key establishment for mobile client–server environment. Wireless Netw 26, 913–924 (2020). https://doi.org/10.1007/s11276-018-1839-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-018-1839-4