Mobile devices are becoming an essential part of many users’ lives. Users exchange sometimes very sensitive data with remote servers. This raises a security problem in terms of the confidentiality and integrity of these data, and users’ privacy. Mutual authentication protocols allow a user and a server to confirm each other’s legitimacy and share a session key to encrypt subsequent communications. Several protocols have been proposed to achieve this goal. However, these have certain weaknesses, such as impersonation, lack of anonymity, the use of additional hardware, and the synchronization problem associated with the use of timestamps. In this paper, we propose a mutual authentication protocol based on elliptic curve cryptography for mobile client – server environments, which addresses the above problems. This protocol is intended to be lightweight as it is designed for resource constrained mobile devices. Moreover, we present a formal and informal analysis of the security of the proposed protocol. This latter has security attributes, such as session key security, perfect forward secrecy, user anonymity, resistance to impersonation, replay and insider attacks. Performance evaluation shows that we outperform similar protocols. Therefore, the proposed protocol is secure, efficient and suitable for mobile environments.

中文翻译：

---

一种新的移动客户端-服务器环境相互认证和密钥协商协议


移动设备正在成为许多用户生活的重要组成部分。用户有时与远程服务器交换非常敏感的数据。这引发了这些数据的机密性和完整性以及用户隐私方面的安全问题。相互认证协议允许用户和服务器确认彼此的合法性并共享会话密钥以加密后续通信。为了实现这一目标，已经提出了几种协议。然而，这些都有一定的弱点，例如模仿、缺乏匿名性、使用额外的硬件以及与使用时间戳相关的同步问题。在本文中，我们提出了一种基于椭圆曲线加密技术的移动客户端-服务器环境的相互认证协议，解决了上述问题。该协议旨在实现轻量级，因为它是为资源受限的移动设备而设计的。此外，我们对拟议协议的安全性进行了正式和非正式的分析。后者具有安全属性，例如会话密钥安全、完美前向保密、用户匿名、抗假冒、重放和内部攻击。性能评估表明我们优于类似的协议。因此，所提出的协议安全、高效且适合移动环境。