Remote user authentication is one of the most important mechanisms to verify the legitimacy of users. However, most of the related works are insecure and costly. This paper presents a novel remote user authentication scheme with key agreement based on elliptic curve cryptography. In the proposed scheme, each user is given a smart card and allowed to freely choose and update his password, where the smart card stores sensitive personal information for user authentication. It is unnecessary for the remote system to maintain any table for authenticating users. Based on the security assumptions of solving the elliptic curve discrete logarithm problem and reversing the one-way hash function, the proposed scheme can achieve privileged insider attack resistance, forgery-attack resistance, remote system impersonation attack resistance, key agreement, and key confirmation.

• 出版日期2011
• 单位长春大学