A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem

► An improved ID-based remote mutual authentication scheme has been presented for mobile users. ► Proposed scheme uses IBC and ECC to reduce the computation, storage and communication costs. ► It supports mutual authentication, agreement of session key and the leaked key revocation phase. ► It possesses high performance and provides resilience against all relevant attacks. ► The proposed scheme is suitable for mobile users for secure Internet banking, online shopping, etc. Recently, Yang and Chang proposed an identity-based remote login scheme using elliptic curve cryptography for the users of mobile devices. We have analyzed the security aspects of the Yang and Chang's scheme and identified some security flaws. Also two improvements of the Yang and Chang's scheme have been proposed recently, however, it has been found that the schemes have similar security flaws as in the Yang and Chang's scheme. In order to remove the security pitfalls of the Yang and Chang and the subsequent schemes, we proposed an enhanced remote user mutual authentication scheme that uses elliptic curve cryptography and identity-based cryptosystem with three-way challenge-response handshake technique. It supports flawless mutual authentication of participants, agreement of session key and the leaked key revocation capability. In addition, the proposed scheme possesses low power consumption, low computation cost and better security attributes. As a result, the proposed scheme seems to be more practical and suitable for mobile users for secure Internet banking, online shopping, online voting, etc.