A secure three-factor authentication protocol for mobile networks Online publication date: Thu, 04-Apr-2024
by Devender Kumar; Satish Chand; Bijendra Kumar
International Journal of Information and Computer Security (IJICS), Vol. 23, No. 2, 2024
Abstract: User authentication is a necessary mechanism to communicate securely for mobile networks. Recently, Xie et al. have discussed a three-factor authentication (3FA) scheme using elliptic curve cryptography (ECC) for mobile networks and claimed that it is secure even if the user's two factors are known to the attacker. However, in this paper, we cryptanalyse their scheme and find the offline password guessing and user impersonation attacks in it. We also propose a secure 3FA scheme for mobile networks using ECC by removing the weaknesses of their scheme. We show the formal security verification of the proposed scheme using the ProVerif tool. We discuss its informal security analysis to show that it is resistant to the various known attacks. We also present its performance analysis along with the related schemes in terms of computational cost and security features, and show that it offers more security features as compared to the related schemes.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Information and Computer Security (IJICS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook