A Remote Smart Card Authentication Protocol Using Elliptic Curves Ranbir Soram 1 , Rajeev Chatterjee 2 , Durga Prasad Roy 2 , Rupesh Patidar 2 1 Department of Computer Science & Engineering Manipur Institute of Technology, Takyelpat, Imphal-795001, India 2 Department of Computer Science & Engineering National Institute of Technical Teachers’ Training & Research, Salt lake, Kolkata-700106, India Abstract— A remote user authentication scheme is a client- server based protocol whereby a server identifies the identity of a remote client when it logs on to the server through unsecured network. This paper proposes a protocol to authenticate remote smart cards using elliptic curves. The proposed protocol has three phases- registration phase, login phase, and authentication phase. When a genuine user wants to login the computer system, he has to insert his smart card into the login device and keys in his identity, password and private keys. Keywords— Elliptic Curve, Smart Card, Cryptography, ECDLP I. INTRODUCTION We live in an information age where information is treated as an asset that has a value like any other asset that we possess. So, we need to keep information secured from attacks and hackers. To keep information safe and secured it needs to be hidden from unauthorized access, protected from unauthorized modification and so on. Just a few decades from today, computer networks had been created and it has been creating a change in the use of information in the sense that information is distributed. It is now required to an authorized person to send and procure information from a far off place using computer networks. A new requirement has come up in the picture when the information is transmitted from one computer to another i.e., there should be a way to maintain its confidentiality on the way when it is transported from one computer to another in the network. So, the need for the public-key cryptography comes into picture. In public-key cryptography, there are two keys:- a private key and a public key [16]. The private key is kept by the receiver. The public key is announced to the public. There are numerous public-key cryptography algorithms in the literature but many of these are found to be insecure and many are impractical to implement and use. As of now, only a few of those algorithms are considered both secure and practical. Of these secure and practical public-key algorithms, a few are suitable for encryption and still others are only useful for authentication. For example, RSA is presently used for both encryption and authentication [15]. It is very slow in actual practise. Elliptic Curve Cryptography is one of a few public-key algorithms that can be used in place of RSA. We begin with a discussion on Smart cards. I. What is a smart card? A smart card looks like a debit card in size and shape, but inside it is completely different as it contains a computer with a CPU and a memory [7]. The chip of a smart card contains a microprocessor, ROM, programmable ROM, and a small amount of Random Access Memory. A programmable ROM needs a larger volume than a PROM of the same size making programmable ROM size becomes an important factor for the price of a smart card. At present, most smart cards have an 8-bit microprocessor, but there are some smart cards which are incorporated with 16-bit or 32-bit processors running at 25 to 32 MHz [7]. An optional cryptographic coprocessor will enhance the performance of cryptographic operations. The beauty of having a microprocessor in cards is that by performing signature and decryption operations on the card itself, the user's private key never needs to leave the card. At the same time, the integration of smart cards into your system introduces its own security issues, as many people access card data in a variety of applications. The information stored in the ROM is written during production. It contains the card operating system and might also contain some applications. The programmable ROM is used for permanent storage of data but can be erased and rewritten again. Even if the smart card is unpowered, the programmable ROM still keeps the data. II. AUTHENTICATION In authentication, the identity of the entity or user is verified prior to access to the system resources or starting a transaction of data or value [16]. For example, a student who needs to access his university resources needs to be authenticated during the logging process. This is to protect the interests of the university and the student. Remote user authentication using smart cards is a good solution for many applications. Smart card implementation ensures secure communications. Several schemes using timestamp for remote authentication have already been in use and discussed in the literatures [10]. A remote password authentication scheme authenticates the legitimacy of the remote user over insecure channel. The ways in which someone may be authenticated fall into three categories, based on what are known as the factors of authentication: something you know, something you have, or something you are [16]. Each authentication factor covers a range of elements used to authenticate or verify a person's identity prior to being granted access, approving a transaction request, signing a document or other work product, granting authority to others, and establishing a chain of identity. Ranbir Soram et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 3 (3) , 2012,3856-3866 3856