Skip to main content
SpringerLink
Log in

A heterogeneous user authentication and key establishment for mobile client–server environment

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

In a mobile client–server environment, a low-power mobile device wants to access a strong server to get some kind of services. User authentication and key establishment are two basic security requirements for this environment. Without the user authentication, an unauthorized user can access the server and gets the services. Without the key establishment, the communication between the user and the server will be disclosed. Recently, some user authentication and key establishment protocols were designed. However, all of them are homogeneous since the client and the server belong to the same cryptosystem. That is, both the client and the server belong to public key infrastructure or identity-based cryptosystem or self-certified cryptosystem. Such design does not comply with the characteristic of mobile client–server application. In this paper, we design a heterogeneous user authentication and key establishment protocol using a signcryption scheme. In this protocol, the client uses identity-based cryptosystem and the server uses the public key infrastructure. As compared with existing works, our protocol has the lowest cost in computation and communication.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Lu, Y., Li, L., Peng, H., & Yang, Y. (2016). Robust anonymous two-factor authenticated key exchange scheme for mobile client–server environment. Security and Communication Networks, 9(11), 1331–1339.

    Article  Google Scholar 

  2. Najaflou, Y., Jedari, B., Xia, F., Yang, L. T., & Obaidat, M. S. (2015). Safety challenges and solutions in mobile social networks. IEEE Systems Journal, 9(3), 834–854.

    Article  Google Scholar 

  3. Zhang, K., Liang, X., Lu, R., & Shen, X. (2015). PIF: A personalized fine-grained spam filtering scheme with privacy preservation in mobile social networks. IEEE Transactions on Computational Social Systems, 2(3), 41–52.

    Article  Google Scholar 

  4. Hu, X., Chu, T. H. S., Leung, V. C. M., Ngai, E. C. H., Kruchten, P., & Chan, H. C. B. (2015). A survey on mobile social networks: Applications, platforms, system architectures, and future research directions. IEEE Communications Surveys Tutorials, 17(3), 1557–1581.

    Article  Google Scholar 

  5. Senftleben, M., Barroso, A., Bucicoiu, M., Hollick, M., Katzenbeisser, S., & Tews, E. (2016). On the privacy and performance of mobile anonymous microblogging. IEEE Transactions on Information Forensics and Security, 11(7), 1578–1591.

    Article  Google Scholar 

  6. Buchmann, J. A., Karatsiolis, E., & Wiesmaier, A. (2013). Introduction to public key infrastructures. Berlin: Springer.

    Book  Google Scholar 

  7. Boneh, D., & Franklin, M. (2003). Identity-based encryption from the weil pairing. SIAM Journal on Computing, 32(3), 586–615.

    Article  MathSciNet  Google Scholar 

  8. Girault, M. (1991). Self-certified public keys. In D. Davies (Ed.), Advances in cryptology-EUROCRYPT’91. Lecture notes in computer science (Vol. 547, pp. 490–497). Berlin: Springer.

    Google Scholar 

  9. Yang, J. H., & Chang, C. C. (2009). An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers & Security, 28(3–4), 138–143.

    Article  Google Scholar 

  10. Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.

    Article  MathSciNet  Google Scholar 

  11. Yoon, E. J., & Yoo, K. Y. (2009). Robust ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In International conference on computational science and engineering (CSE ’09) (Vol. 2, pp. 633–640).

  12. Chou, C. H., Tsai, K. Y., & Lu, C. F. (2013). Two ID-based authenticated schemes with key agreement for mobile environments. The Journal of Supercomputing, 66(2), 973–988.

    Article  Google Scholar 

  13. Farash, M., & Attari, M. (2014). A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. The Journal of Supercomputing, 69(1), 395–411.

    Article  Google Scholar 

  14. Shi, R. H., Zhong, H., & Zhang, S. (2015). Comments on two schemes of identity-based user authentication and key agreement for mobile client–server networks. The Journal of Supercomputing, 71(11), 4015–4018.

    Article  Google Scholar 

  15. Qi, M., & Chen, J. (2017). An efficient two-party authentication key exchange protocol for mobile environment. International Journal of Communication Systems, 30(16), e3341.

    Article  Google Scholar 

  16. Wu, T. Y., & Tseng, Y. M. (2010). An efficient user authentication and key exchange protocol for mobile client–server environment. Computer Networks, 54(9), 1520–1530.

    Article  Google Scholar 

  17. He, D. (2012). An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings. Ad Hoc Networks, 10(6), 1009–1016.

    Article  Google Scholar 

  18. He, D., Chen, J., & Hu, J. (2012). An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Information Fusion, 13(3), 223–230.

    Article  Google Scholar 

  19. Wang, D., & Ma, C. (2013). Cryptanalysis of a remote user authentication scheme for mobile client–server environment based on ECC. Information Fusion, 14(4), 498–503.

    Article  Google Scholar 

  20. Hassan, A., Eltayieb, N., Elhabob, R., & Li, F. (2017). An efficient certificateless user authentication and key exchange protocol for client–server environment. Journal of Ambient Intelligence and Humanized Computing. https://doi.org/10.1007/s12652-017-0622-1.

    Article  Google Scholar 

  21. Chuang, Y. H., & Tseng, Y. M. (2012). Towards generalized ID-based user authentication for mobile multi-server environment. International Journal of Communication Systems, 25(4), 447–460.

    Article  Google Scholar 

  22. Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.

    Article  Google Scholar 

  23. Hsieh, W. B., & Leu, J. S. (2014). An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures. The Journal of Supercomputing, 70(1), 133–148.

    Article  Google Scholar 

  24. Li, F., Han, Y., & Jin, C. (2018). Cost-effective and anonymous access control for wireless body area networks. IEEE Systems Journal, 12(1), 747–758.

    Article  Google Scholar 

  25. Li, F., Zhang, H., & Takagi, T. (2013). Efficient signcryption for heterogeneous systems. IEEE Systems Journal, 7(3), 420–429.

    Article  Google Scholar 

  26. Johnson, D., Menezes, A., & Vanstone, S. (2001). The elliptic curve digital signature algorithm (ECDSA). International Journal of Information Security, 1(1), 36–63.

    Article  Google Scholar 

  27. Bellare, M., & Rogaway, P. (1994). Entity authentication and key distribution. In D. R. Stinson (Ed.), Advances in cryptology-CRYPTO’93. Lecture notes in computer science (Vol. 773, pp. 232–249). Berlin: Springer.

    Google Scholar 

  28. Blake-Wilson, S., Johnson, D., & Menezes, A. (1997). Key agreement protocols and their security analysis. In M. Darnell (Ed.), Crytography and coding. Lecture notes in computer science (Vol. 1355, pp. 30–45). Berlin: Springer.

    Chapter  Google Scholar 

  29. Chen, L., & Kudla, C. (2003). Identity based authenticated key agreement protocols from pairings. In 16th IEEE computer security foundations workshop (CSFW’03) (pp. 219–233).

  30. McCullagh, N., & Barreto, P. S. (2005). A new two-party identity-based authenticated key agreement. In A. Menezes (Ed.), Topics in cryptology-CT-RSA 2005. Lecture notes in computer science (Vol. 3376, pp. 262–274). Berlin: Springer.

    Chapter  Google Scholar 

  31. Gorantla, M. C., Boyd, C., & González Nieto, J. M. (2007). On the connection between signcryption and one-pass key establishment. In S. Galbraith (Ed.), Cryptography and coding. Lecture notes in computer science (Vol. 4887, pp. 277–301). Berlin: Springer.

    MATH  Google Scholar 

  32. De Caro, A., & Iovino, V. (2011). jPBC: Java pairing based cryptography. In 16th IEEE symposium on computers and communications (ISCC 2011), Kerkyra, Greece (pp. 850–855).

  33. Shim, K. A. (2012). CPAS: An efficient conditional privacy-preserving authentication scheme for vehicular sensor networks. IEEE Transactions on Vehicular Technology, 61(4), 1874–1883.

    Article  Google Scholar 

Download references

Acknowledgements

This work is supported by the Science and Technology Programs of SGCC titled application research on improving the reliability guarantee capability of information systems (Grant No. 546803170005).

Author information

Authors and Affiliations

  1. Center for Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, 611731, China

    Fagen Li & Yuyang Zhou

  2. State Grid Corporation of China, Beijing, 100031, China

    Jiye Wang

  3. Laboratory for Internet of Things and Mobile Internet Technology of Jiangsu Province, Huaiyin Institute of Technology, Huaian, 223003, China

    Chunhua Jin

  4. Department of Computer Science and Engineering, Indian Institute of Information Technology Kalyani, Kalyani, West Bengal, 741235, India

    SK Hafizul Islam

Authors
  1. Fagen Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiye Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuyang Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chunhua Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. SK Hafizul Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fagen Li.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, F., Wang, J., Zhou, Y. et al. A heterogeneous user authentication and key establishment for mobile client–server environment. Wireless Netw 26, 913–924 (2020). https://doi.org/10.1007/s11276-018-1839-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-018-1839-4

Keywords

Search

Navigation