A Provably Secure and Efficient Remote Password Authentication Scheme Using Smart Cards  

作　　者：Fairuz Shohaimay Eddie Shahril Ismail 

机构地区：[1]Department of Mathematical Sciences,Faculty of Science and Technology,Universiti Kebangsaan Malaysia,UKM Bangi,43600,Selangor,Malaysia [2]Department of Mathematics,Faculty of Computer and Mathematical Sciences,Universiti Teknologi MARA Pahang,Raub Campus,Raub,27600,Pahang,Malaysia

出　　处：《Computers, Materials & Continua》2022年第6期6125-6145,共21页计算机、材料和连续体（英文）

基　　金：This research is funded by UKM under Grant No.GUP-2020-029.

摘　　要：Communication technology has advanced dramatically amid the 21st century,increasing the security risk in safeguarding sensitive information.The remote password authentication(RPA)scheme is the simplest cryptosystem that serves as the first line of defence against unauthorised entity attacks.Although the literature contains numerous RPA schemes,to the best of the authors’knowledge,only few schemes based on the integer factorisation problem(IFP)and the discrete logarithm problem(DLP)that provided a provision for session key agreement to ensure proper mutual authentication.Furthermore,none of the previous schemes provided formal security proof using the random oracle model.Therefore,this study proposed an improved RPA scheme with session key establishment between user and server.The design of the proposed RPA scheme is based on the widely established Dolev-Yao adversary model.Moreover,as the main contribution,a novel formal security analysis based on formal definitions of IFP and DLP under the random oracle model was presented.The proposed scheme’s performance was compared to that of other similar competitive schemes in terms of the transmission/computational cost and time complexity.The findings revealed that the proposed scheme required higher memory storage costs in smart cards.Nonetheless,the proposed scheme is more efficient regarding the transmission cost of login and response messages and the total time complexity compared to other scheme of similar security attributes.Overall,the proposed scheme outperformed the other RPA schemes based on IFP and DLP.Finally,the potential application of converting the RPA scheme to a user identification(UI)scheme is considered for future work.Since RPA and UI schemes are similar,the proposed approach can be expanded to develop a provably secure and efficientUI scheme based on IFP and DLP.

关 键 词：Authentication scheme discrete logarithm factorisation PASSWORD provable security 

分 类 号：TN918.4[电子电信—通信与信息系统]