A novel remote user authentication and key agreement scheme for mobile client-server environment

Recently, many identity (ID)-based user authentication and key agreement schemes for mobile client-server environment were proposed. However, these schemes are subjected to an inherent design weakness, namely, the server knows all users’ private keys. Under this problem, these schemes cannot provide insider attack resistance or mutual authentication. Furthermore, some of these schemes cannot simultaneously provide user anonymity, perfect forward secrecy, or leakage of session temporary secrets resistance. In this paper, we propose a strongly secure remote user authentication and key agreement scheme to solve these security weaknesses. Security proof shows that the proposed scheme can achieve mutual authentication and key agreement, and provide perfect forward secrecy. Further security analysis shows that the proposed scheme can provide user anonymity, insider attack resistance and leakage of session temporary secrets resistance. In addition, the proposed scheme possesses low computation cost and low power consumption. Thus the proposed scheme is more suitable for mobile client-server environment.