A Lightweight Anonymous Mutual Authentication with Key Agreement Protocol on ECC

Abstract

Recently, Goutham et al. proposed an ID-based user authentication with key agreement on elliptic curve cryptography(ECC), which is suitable to be applied in client-serverenvironment. The scheme mainly negotiates a temporary session key between two parties. However, we find that the scheme contains some security flaws, such as incomplete anonymity, no provision for updating private key and so on. In light of this, we propose a new version of anonymous authentication with key agreement protocol used for client-server environment, especially, the calculation of both sides are lower than the previous scheme. The proposed scheme provides more security features like complete anonymity, dynamic private key updating while keeping the merits of Goutham et al.’s scheme. We also optimize the performance of the scheme to get a lightweight protocol which is more suitable for resource-constrained device applied in Internet of Things(IoT) or wireless sensor network(WSN) applications.