Business & Management Studies

ESEAP: ECC based secure and efficient mutual authentication protocol using smart card

ECC based secure authentication

The proposed elliptic curve cryptography-based protocol for remote user authentication environment resists various kinds of malicious attacks, shows the study.


Srinivas Jangirala, Associate Professor, Jindal Global Business School, O.P. Jindal Global University, Sonipat, Haryana, India.

Adesh Kumari, Department of Mathematics, Jamia Millia Islamia, New Delhi, India.

M. Yahya Abbasi, Department of Mathematics, Jamia Millia Islamia, New Delhi, India

Vinod Kumar, Department of Mathematics, PGDAV College, University of Delhi, New Delhi, India

Mansaf Alam, Department of Computer Science, Jamia Millia Islamia, New Delhi, India


Smart card based user server mutual authentication framework is famous for safe communication via unfavorable and insecure communication system. The authenticated user and server communicate to each other and share information via Internet. 

Recently, Wang et al. suggested a lightweight password-assisted two factor authentication framework using smart card. The researchers reviewed their scheme and observed that it does maintain security and privacy off-line password guessing attack and also impersonation attack. 

The researchers proposed enhance elliptic curve cryptography (ECC) based authentication framework for the same environment. The proposed scheme ESEAP is secure resilience of many attractive security attributes and features like off-line password guessing attack, no password verifier-table, smart card loss attack, anonymity, mutual authentication, replay attack, impersonation attack, server spooling attack, no clock-synchronization attack, forward secrecy, insider attack, message authentication, provision of key agreement, parallel attack, sound repairability, no password exposure, timely typo detection, resistance to know attacks, password friendly, user unlinkability and server unlinkability. 

Further, the paper shows formal security analysis of the ESEAP based on random oracle model. The researchers compared the presented protocol with other related protocols in the same environment, and showed that ESEAP is more efficient in terms of computation and communication cost. As a result, the presented protocol can be utilized over public communication channel.

Published in: Journal of Information Security and Applications

To read the full article, please click here.