A Password-Based Authentication and Key Establishment Scheme for Mobile Environment

Abstract

We propose a cost-effective, use-convenient, and well-performing password-based authentication and key establishment scheme by means of IC (integrated circuit) card, RSA cryptography, and discrete logarithm. There doesn't exist any verification (password) table at the server side. To be applicable for the mobile environment, the scheme is designed as a one-roundtrip protocol to reduce the communication consumption over wireless channel. Moreover, the facts that users in this scheme are avoided downloading CRL (certificate revocation list) periodically and change the passwords in use without any interaction with servers over the radio are another two contributing factors to enhance the performance. Making use of queuing model M/G/l/N, we measure the performance of the scheme and compare it with TLS in terms of response time.