An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem Jen-Ho Yang a , Chin-Chen Chang a,b, * a Department of Computer Science and Information Engineering, National Chung Cheng University, 160 San-Hsing, Ming-Hsiung, Chiayi 621, Taiwan, ROC b Department of Information Engineering and Computer Science, Feng Chia University, 100 Wenhwa Rd., Seatwen, Taichung 40724, Taiwan, ROC article info Article history: Received 21 August 2008 Accepted 26 November 2008 Keywords: ID-based Mutual authentication Key agreement Elliptic curve Cryptosystem abstract Recently, remote user authentication schemes are implemented on elliptic curve crypto- system (ECC) to reduce the computation loads for mobile devices. However, most remote user authentication schemes on ECC are based on public-key cryptosystem, in which the public key in the system requires the associated certificate to prove its validity. Thus, the user needs to perform additional computations to verify the certificate in these schemes. In addition, we find these schemes do not provide mutual authentication or a session key agreement between the user and the remote server. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. Based upon the ID-based concept, the proposed scheme does not require public keys for users such that the additional computations for certificates can be reduced. Moreover, the proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices. ª 2008 Elsevier Ltd. All rights reserved. 1. Introduction With the rapidity of the development on electronic tech- nology, various mobile devices (e.g., cell phone, PDA, and notebook PC) are produced to make human life more conve- nient. It also changes some traditional transactions into electronic transactions. Due to the mobile devices are portable, people can accomplish the electronic transactions by mobile devices anytime and anywhere. Moreover, the merchant can reduce the cost without maintaining a physical store. Thus, more and more electronic transactions for mobile devices are implemented on Internet or wireless networks. In electronic transactions, remote user authentication in insecure channel is an important issue. For example, when a user wants to login a remote server and access its services, such as on-line shopping and pay-TV, both user and server must authenticate the identity with each other for the fair transaction. Generally, the remote user authentication can be implemented by the traditional public-key cryptosystems (PKC), such as Rivest et al. (1978) and ElGamal (1985). However, PKC needs to compute the modular exponentiation, which is a time-consuming operation. In addition, the computation ability and battery capacity of mobile devices are limited. Therefore, the PKC-based remote authentication schemes are * Corresponding author. Department of Information Engineering and Computer Science, Feng Chia University, 100 Wenhwa Rd., Seatwen, Taichung 40724, Taiwan, ROC. Tel.: þ8864 24517250x3790; fax: þ886 27066495. E-mail addresses: jenho@cs.ccu.edu.tw (J.-H. Yang), ccc@cs.ccu.edu.tw (C.-C. Chang). available at www.sciencedirect.com journal homepage: www.elsevier.com/locate/cose 0167-4048/$ – see front matter ª 2008 Elsevier Ltd. All rights reserved. doi:10.1016/j.cose.2008.11.008 computers & security 28 (2009) 138–143