With the rapid development of mobile devices, people can easily use various electronic services any time everywhere for convenient and modern life. Remote user authentication becomes a very important ingredient procedure for the network system service to verify whether a remote user is legal through any insecure channel. Users can use to access many applications, for example internet banking, online shopping, mobile pay TV, are accomplished on internet or wireless networks. Therefore, secure communications in such wireless environments are more and more important because they protect transactions between users and servers. Especially, users are people vulnerable to attacks and there are many authentication systems proposed to guarantee them. Islam and Biswas have proposed a more efficient and secure ID-based system for mobile devices on ECC to enhance security for authentication with key agreement system. They claimed that their system truly is more secure than previous ones and it can resist various attacks. However, it is true because their system is vulnerable to known session-specific temporary information attack, and the other system is denial of service resulting from leaking server's database. Thus, the paper presents an improvement to their system in order to isolate such problems.
Keywords-Authentication, Password, Dynamic ID, Smart card, Impersonation, Session key, elliptic curve cryptosystem
Elliptic Curve (EC) systems as applied to cryptography were first proposed in 1985 Independently by Neal Koblitz and Victor Miller. Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create smaller, faster, and more efficient cryptographic keys. Elliptic curve cryptography (ECC) is an approach to public key cryptography (PKC) based on the algebraic structure of elliptic curves over finite fields. The technology can be used in conjunction with most public key encryption methods, such as Diffie-Hellman and RSA. According to some researchers, Elliptic curve cryptography (ECC) can yield a level of security with a 164-bit key than other systems require a 1,024-bit key. Because ECC helps to establish equivalent security with lower computing power and battery resource usage. It is widely used for mobile applications. Elliptic Curve Cryptosystem (ECC) based remote authentication system has been use for mobile devices. Mobile phones are most common way of communication and accessing Internet based services. Currently, mobile phones are used for formal communication, sending and receiving sensitive data. However, the security of mobile communication has topped the list of concerns for mobile phone users. Public key cryptography is effective security solution to provide secure mobile communications. Mobile devices (e.g., cell phone, notebook PC and PDA) have gained increasingly popularity due to their portability nature. Therefore, secure...