An Efficient ECC-based Authentication and Key Agreement Protocol

Public-key cryptography is commonly used to authenticate communicating entities in some networks. One of the key tools in this way is to use the elliptic curves cryptography (ECC) which is relatively lightweight due to its shorter key size compared to the conventional River-Shamir-Adleman (RSA) method. This paper is proposing an efficient protocol by analysing two variants of ECC-based wireless authentication protocol, namely, Aydos-Savas-Koc's wireless authentication protocol (ASK-WAP) and user authentication protocol (UAP) from various security aspects and communication concerns. We show that although UAP is able to address some of ASK-WAP vulnerabilities, it is confined to one-way communication where the authentication can only be initialized by users and not the server. In light of their limitations, we suggest several possible improvements to both ASK-WAP and UAP. The proposed solutions focus on applying encryption methods to the transmitted keys and enabling two-way communication on UAP. From performance evaluation, we show that our proposed methods are able to address the security concerns of ASK-WAP and UAP, while at the same time achieving acceptable communication overheads.