ECC BASED PASSWORD AUTHENTICATED KEY AGREEMENT SCHEME FOR SMART CARDS

Abstract

In the ever expanding digital world, cryptography is becoming more and more important to provide services such as encryption, digital signatures and key establishment. One of the services provided by cryptography is authentication. Authentication is used to prove that the user is the desired entity for the particular communication. Nowadays, human had come out of this physical restriction for communication and transaction. One need to be authenticated and can fulfill his desired task, whether it is shopping, insurance, availing medical facilities, monetary transaction etc. One of the modes of being authenticated is to use smart cards. Smart cards are widely in used and are thus prone to attacks, such as theft, misuse and unauthenticated usage. There are various authentication schemes which are being used to provide adequate security measures apart from authentication itself. Some of them involve various cryptographic methods including public key cryptography. These schemes are measured on parameters of computational efficiency and strength to withstand the privacy of secret key, One of the emerging areas is elliptic curve cryptosystem, which has greater strength at comparatively smaller key lengths of other cryptographic schemes based on integer factorization and discrete logarithms. ECC is based on elliptic curves defined over a finite field; binary or prime. ECC is used in constrained devices which have low memory, low processing power and low computation power. Thus smart cards are best suited to imply ECC to provide authentication. In this dissertation, an ECC based scheme is proposed to authenticate smart cards. The scheme is quite effective and simple and also provides desired security features. The scheme is implemented on Java Card Kit. Lastly, the cost and functionality analysis of the scheme is done and various security aspects have been addressed.