Vol.:(0123456789) 1 3 Journal of Ambient Intelligence and Humanized Computing https://doi.org/10.1007/s12652-019-01388-x ORIGINAL RESEARCH eUASBP: enhanced user authentication scheme based on bilinear pairing Sangeetha Rajaram 1  · Tanmoy Maitra 2  · Satyanarayana Vollala 4  · N. Ramasubramanian 1  · Ruhul Amin 3 Received: 13 March 2019 / Accepted: 2 July 2019 © Springer-Verlag GmbH Germany, part of Springer Nature 2019 Abstract One of the cryptographic services i.e., authentication is very essential for the servers to identify authorized users and to neglect unauthorized users. In this work, we have considered Awasthi’s scheme and shown that the same scheme is vulner- able to several serious attacks. This paper not only describes the security pitfalls of Awasthi’s scheme but also designs a new scheme using bilinear pairing to protect the system from existing security drawbacks with other attractive features like strong mutual authentication, smart card stolen threat protection. Strong security of eUASBP is ensured through security analysis of eUASBP based on BAN logic. eUASBP reaches the BAN logic goals by the application of BAN rules. Our informal security analysis shows that proposed eUASBP provides security against attacks possible with smart card based applications. In addition to that eUASBP provides mutual authentication, session key agreement, and early wrong password detection. Bayat et al. authentication scheme also provides security against possible attacks of smart card based applications but doesn’t support session key agreement and early wrong password detection. Computation cost of eUASBP is less when compared with other authentication schemes. Since eUASBP uses less number of bilinear operations when compared with other related authentication schemes. The performance analysis shows that our protocol is more secure in comparison with state of the art and also better in terms of storage, computation and communication overheads. Keywords BAN logic · Authentication · Bilinear pairing · Session key agreement 1 Introduction This millennium world is in need of speed everywhere and people depend on the applications that do remote access of the servers. And those remote servers need to authenti- cate the users to identify the authorized ones and to neglect unauthorized ones. In order to avoid misuse of a specifc service or theft user authentication is very essential. Since most applications use a public computer networks and chan- nels for communication. General ways of authentication are smart cards, passwords and biometric measures. Smart card based applications that require password are considered in this paper. Several smart card based applications are, identity card of an employee/a student—to track attendance, ATM card for banking—customer holds to perform various bank- ing operations, citizen card of a nation—to provide various services for a citizen, purchase card of a company—to cal- culate bills and to track customers, wireless sensor network based applications—to track a person/to provide service in a specifed region. * Satyanarayana Vollala satya4nitt@gmail.com; satya@iiitnr.edu.in Sangeetha Rajaram sangeethavinashi@gmail.com Tanmoy Maitra tanmoy.maitra@live.com N. Ramasubramanian nrs@nitt.edu Ruhul Amin amin_ruhul@live.com 1 Department of Computer Science and Engineering, National Institute of Technology, Tiruchirappalli 620015, India 2 Department of Computer Science and Engineering, KIIT University, Bhuvaneshwar, India 3 Department of Computer Science and Engineering, IIIT, Naya Raipur, India 4 Department of Computer Science and Engineering, IIIT, Naya Raipur, India