A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS. Received March 2010; revised July 2010

Internatonal Journal of Innovatve Computng, Informaton and Control ICIC Internatonal c 2011 ISSN 1349-4198 Volume 7, Number 8, August 2011 pp. 4821 4831 A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS Chun-Ta L 1, Cheng-Ch Lee 2,4,, Lan-Jun Wang 3 and Chen-Ju Lu 1 1 Department of Informaton Management Tanan Unversty of Technology No. 529, Jhong Jheng Road, Yongkang, Tanan 710, Tawan th0040@mal.tut.edu.tw 2 Department of Lbrary and Informaton Scence Fu Jen Catholc Unversty No. 510, Jhong Jheng Road, Tape 242, Tawan Correspondng author: cclee@mal.fju.edu.tw 3 Department of Informaton Management Yuan-Ze Unversty No. 135, Yuan-Tung Road, Chung-L 320, Tawan 4 Department of Photoncs and Communcaton Engneerng Asa Unversty No. 500, Loufeng Road, Tachung 413, Tawan Receved March 2010; revsed July 2010 Abstract. Recently, Das proposed a secure two-factor user authentcaton scheme based on hash functon, whch s effcent enough to be mplemented on most of the target resource-constraned devces, such as low-computaton smart cards and low-power sensor nodes n wreless sensor networks (WSNs). As Das clamed, the proposed scheme can resst attacks and threats such as many logged-n users wth the same logn dentty, stolen-verfer, guessng, mpersonaton and replay. Unfortunately, we fnd that Das s authentcaton scheme s nsecure aganst attacks of unknown user, password guessng and masquerade. In ths paper, based on the framework of Das s two-factor user authentcaton, we ntroduce a secure bllng servce, and analyze our extended scheme on how to acheve mposter preventon, as well as resst aganst the drawbacks of Das s scheme. Keywords: Bllng servce, Hash functon, Informaton securty, Smart cards, User authentcaton, Wreless sensor networks 1. Introducton. Wreless Sensor Networks (WSNs) have become techncally and economcally feasble and drawn ntensve nterests from both academc and ndustral areas [10]. They consst of spatally dstrbuted autonomous sensors to cooperatvely montor physcal or envronmental condtons, such as temperature, sound, vbraton, pressure, moton and pollutants. WSNs have been used for a wde varety of applcatons such as envronment montorng, wld anmal trackng, health montorng and mltary sensng. To access the sensor nodes, some secure mechansms are necessarly aganst unauthorzed actons, and ths s an extremely mportant securty ssue n WSNs. However, gven the strngent constrants on processng power, memory, bandwdth and energy consumpton of small devces, t s very dffcult to desgn sutable secure mechansms for WSNs. Recently, a lot of secured user authentcaton schemes are proposed to prevent unauthorzed access n WSNs. For example, Watro et al. [23] suggested a user authentcaton scheme usng the RSA [21] and Dffe-Hellman algorthms [3]. However, t s too expensve 4821

4822 C.-T. LI, C.-C. LEE, L.-J. WANG AND C.-J. LIU to apply asymmetrc cryptography to WSNs, because ther scheme requres huge computatons that could easly exhaust the sensor s resources. To overcome ths weakness, Wong et al. [24] rased an effcent user authentcaton scheme for WSNs usng only a hash functon, whch s more economcal than usng asymmetrc cryptography. However, Tseng et al. [22] showed that Wong et al. s scheme s vulnerable to replay attack, forgery attack, password guessng attack, and that logn users cannot freely change ther passwords. To resst these weaknesses, Tseng et al. proposed an mprover verson of Wong et al. s scheme. Unfortunately, Ko [4] proved that Tseng et al. s scheme suffers from replay and masquerade attacks. Nevertheless, we fnd that Tseng et al. s scheme s not protected from guessng and stolen-verfer attacks due to low-entropy passwords can be off-lne guessed by eavesdroppng durng logn phase and passwords need to store n GW-node s database. Subsequently, Das [1] ponted out that both Watro et al. s and Wong et al. s schemes are nsecure and then proposed a more secured and effcent user authentcaton scheme wth only one hash functon as well, and applyng the two-factor authentcaton concept to WSNs. Ths resulted two-factor authentcaton usng devces such as tokens and smart cards has been proposed to solve the password problem and shown to be dffcult to hack [2, 13, 17]. Moreover, the Das scheme [1] was clamed that t s able to resst the threats of many logged n users wth the same logn dentty, stolen-verfer, guessng, mpersonaton and replay [6, 7, 8, 9, 11, 12, 14, 15, 16, 18, 19, 20]. In ths paper, the Das s two-factor user authentcaton scheme s studed and we fnd that the scheme s also nsecure aganst the attacks of masquerade, off-lne password guessng, and unknown user ones. The detaled securty analyss s shown n a later secton. On the other hand, although the valdty of logn user can be verfed by user authentcatng, ncreasng the securty of the network communcatons, whch may not be suffcent for admnstratve nodes, especally, when the sensng data have great commercal value. Is there a smple and secure way for them to solve ths problem? A secure bllng servce seems applcable to ths stuaton. Therefore, we propose a novel mechansm of bllng servces to restran users from exposng ther secret nformaton and work towards goals nherent n a WSN system such that the valuable resources are not abused. Furthermore, to the best of our knowledge, ths work s the frst attempt to provde a secured bllng servce wth two-factor user authentcaton n WSNs. The remander of the paper s organzed as follows: Secton 2 revews Das s scheme, whle Secton 3 analyzes ts securty weaknesses; Secton 4 presents our proposed bllng servce mechansm and Secton 5 analyzes the protocol; conclusons are drawn n Secton 6 and fnalze ths paper. 2. Revew of Das s Scheme. In ths secton, we brefly revew Das s two-factor user authentcaton scheme for WSNs that utlzes a hash functon [1]. Before revewng ths scheme, the abbrevatons and notatons used throughout the paper are shown n Table 1. There are three partcpants n Das s scheme: the logn users, the gateway node (GWnode) and the sensor nodes (S-node). In ths scheme, each user holds a user s dentty and ts correspondng password n order to logn to the GW-node wth hs/her smart card. Das s scheme can be dvded nto two phases,.e., regstraton and authentcaton. Frstly, each new user has to regster wth the GW-node of WSNs n order to become a legtmate user n the regstraton phase, whle by defnton, ths phase s performed only once. Then, each user can grant a vald dentty, password and a personalzed smart card ssued from the GW-node. After that, wth the help of user s password and smart card the user can logn to the S/GW-node and access nformaton whthn the WSNs. Fnally,

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION 4823 Table 1. The notatons used through the paper Notatons Descrpton U user ID dentty of U P W password of U DID dynamc logn dentty of U GW-node gateway node of WSN S-node sensor node of WSN T tmestamp K secret key of GW-node S n some nearest sensor node x a secret parameter generated by the GW-node and stored n some desgnated S-nodes H( ) cryptographc one-way hash fucnton E SK { } the sgnng functon wth user s prvate key SK concatenaton of bts Exclusve OR operaton message transmsson the S/GW-node can valdate the legtmacy of the logged-n user n the authentcaton phase. Next, we brefly revew the two phases n Das s scheme as follows. 2.1. The regstraton phase. When a user U wants to regster wth the WSNs, U freely chooses hs/her password P W and sends a regstraton request (ID, P W ) to the GW-node through a secured channel. Upon recevng the regstraton request, the GWnode computes N = H(ID P W ) H(K). Then, the GW-node stores H( ), ID, N, H(P W ) and x a nto the personalzed smart card. The smart card s then released to U n a secured manner. 2.2. The authentcaton phase. Ths phase s further dvded nto logn phase and verfcaton phase. The detaled steps of the authentcaton phase of Das s scheme are depcted n Fgure 1. 2.2.1. Logn phase. If the user U wants to logn to the network, U nserts hs/her smart card to a termnal and keys ID and P W. Then the smart card checks whether the nputted patterns are the same as the stored ones. If they are correct, the smart card performs the followng steps: 1. Computes DID = H(ID P W ) H(x a T ), where T s the current tmestamp of U s local system. 2. Computes C = H(N x a T ) and then sends the logn request {DID, C, T } to the GW-node. 2.2.2. Verfcaton phase. Upon recevng {DID, C, T } from U at tme T, the GW-node verfes the valdty of U and verfcaton steps work as follows: 3. Checks the correctness of the tmestamp. If the tme nterval between T and T s greater than T, the GW-node rejects the logn request. The T s the expected tme nterval for a transmsson delay. 4. The GW-node frst computes H(ID P W ) = DID H(x a T ). 5. The GW-node then computesc = H((H(ID P W ) H(K)) x a T ).

4824 C.-T. LI, C.-C. LEE, L.-J. WANG AND C.-J. LIU 6. If C = C, the GW-node accepts the logn request; otherwse, t performs the rejecton acton. 7. The GW-node computes A = H(DID S n x a T ), where S n s some nearest sensor node s dentty to respond to the query/data that U s lookng for and T s the current tmestamp of GW-node s system. The GW-node sends {DID, A, T } to S n. 8. S n verfes the correctness of the tmestamp T and computes A = H(DID S n x a T ). 9. If A = A and the tmestamp are correct, S n responds to U s query. We suggest readers to refer [1] for more detals on ths scheme. User GW-node S-node 1. Compute DID = H(ID P W ) H(x a T ) 2. Compute C = H(N x a T ) DID, C, T 3. Verfy T 4. Compute H(ID P W ) = DID H(x a T ) 5. Compute C = H((H(ID P W ) H(K)) x a T ) 6. If (C = C ) then accept, else reject 7. Compute A = H(DID S n x a T ) DID, C, T 8. Verfy T 9. If H(DID S n x a T ) = A Query response / data Else no response and termnate the operaton Fgure 1. Authentcaton phase of Das s scheme [1] 3. Vulnerablty of Das s Scheme. In Das scheme [1], t s assumed that replcaton or extracton of parameters from the prvate sector of the smart card s qute dffcult. However, many researches have demonstrated that malcous attackers can extract the parameters from the smart card to attack legal users [5, 25, 26]. In the followng subsectons, we shall show that Das s scheme s nsecure aganst the masquerade attacks, off-lne password guessng attacks and unknown user attacks.

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION 4825 3.1. The masquerade attack. In ths subsecton, we shall show that Das s scheme s not robust enough aganst the masquerade attack from an attacker U e. An attacker U e who has regstered as a user of GW-node can forge the dentty of other users as long as they regstered at the same GW-node. Frstly, the attacker U e ntercepts a transmtted logn request {DID, C, T } from a publc channel and forges another user to logn the GW-node. Then, U e can derve H(K) and H(ID P W ) as follows: H(K) = N e H(ID e P W e ), H(ID P W ) = DID H(x a T ). Note that N e and x a are stored n U e s smart card, whle ID e s U e s dentty and P W e s U e s password. Once U e has these two values of H(K) and H(ID P W ), U e can masquerade as U to logn GW-node and generate a vald logn request of U at new tmestamp T. U e computes DID = H(ID P W ) H(x a T ) and C = H((H(ID P W ) H(K)) x a T ), and then transmts {DID, C, T } to the GW-node. After verfcaton, U e s logn request wll pass and the GW-node wll beleve tself s communcatng wth the user U. Wth our masquerade attacks, an attacker can ncessantly masquerade as any legal user to logn the gateway node wthout knowng the user s password. Therefore, Das s scheme suffers from the masquerade attack. 3.2. The off-lne password guessng attack. In ths subsecton, we suggest an off-lne password-guessng attack aganst Das s scheme, where an attacker U e can off-lne guess a vald user s password from eavesdroppng. No partcpaton of GW-node s requred, so GW-node does not notce ths threat at all. When a user U starts a procedure transmttng a logn message {DID, C, T } to GWnode, an attacker U e ntercepts t and computes H(ID P W ) = DID H(x a T ), where x a s stored n U e s smart card. Fnally, U e executes an off-lne password guessng attack and then derves U s password P W teratng upon all possble choces of P W : Step 1. U e guesses a random password P W. Step 2. U e computes H(ID P W ) from U s dentty and P W. Step 3. U e compares H(ID P W ) to H(ID P W ). A match n Step 3 above ndcates the correct guess of U s password. Therefore, U e succeeds to guess the low-entropy password P W. 3.3. The unknown user attack. In ths subsecton, we shall show that Das s scheme cannot resst the unknown user attack and an attacker U e who has regstered as a user of GW-node can leak some secret parameters for other non-regstered users to ndefntely logn GW-node at anytme. Fnally, Das s scheme causes multple logns wth the sngle dentty at the same tme and GW-node was not aware of havng caused weakness. Before descrbng the attack, we assume that a non-regstered user U n gets the secret parameters H(K) = N e H(ID e P W e ) and x a from a regstered user U e and the detaled steps of the unknown user attack on Das s scheme are ntroduced as follows: Step 1. U n generates a current tmestamp T and computes a vald logn request {DID n = H(ID n P W n ) H(x a T ), C n = H(N n x a T ), T }, where ID n and P W n are meanngless values chosen by U n and N n = H(ID n P W n ) H(K). Step 2. U n sends {DID n, C n, T } to GW-node. Step 3. GW-node computes H(ID n P W n ) = DID n H(x a T ) and C n = H ((H(ID n P W n ) H(K)) x a T ). Step 4. GW-node compares C n? = C n. If t holds, GW-node accepts U n s logn request; otherwse, GW-node rejects t.

4826 C.-T. LI, C.-C. LEE, L.-J. WANG AND C.-J. LIU KS n Generate H(KS n) KS n 1 H(KS n 1 )... KS 1 H(KS 1) KS 0 Use Fgure 2. Generaton of one-way hash-chan keys Accordng to the above-mentoned cryptanalyss, the weakness of Das s scheme s due to GW-node does not store any password/verfer table and the parameter H(ID n P W n ) has no way for GW-node to confrm who a user s and whom a user logns to. The man authentcatng characterstcs of Das s scheme s that GW-node only verfes a logn user by checkng whether he/she can provde legal parameters x a and H(K) or not. Therefore, anyone who has possessed x a and H(K) s elgble for legal logn and Das s scheme cannot avod attacks of that many logged n users wth the same logn-d. 4. The Proposed Scheme. To overcome the above-mentoned attacks, we propose an mprovement on Das s scheme n ths secton. For bllng mechansm, t can be classfed among charged partes n terms of prepay servces, real-tme servces and servce sessons. Under a prepay servce stuaton, the payer prepays before usng specfc servces. In the case of real-tme servces, the payer s payment takes place on-lne and mmedately. In a servce sesson, after enjoyng specfc servces the payer connects to servce provders for makng payments. Usng our scheme, whch proposes prepay and sesson-based servces n order to prevent the network servces from potental abuse attacks, securty mechansms requre the charged partes to provde bllng authentcaton and mpostor preventon. We call ths approach as a secured bllng servce wth two-factor user authentcaton n WSN envronments. The nvolved phases of our bllng servce are based on Das s scheme [1]. The detals of the enhanced and revsed scheme are descrbed n the followng subsectons. 4.1. The regstraton phase. When a user U wants to regster wth the WSNs, the regstraton steps work as follows: Step R1. U freely chooses hs/her password P W and sends a regstraton request (ID, P W, n) to GW-node through a secured channel, where n represents the maxmum number of sessons for a prepay servce. Step R2. Upon recevng the regstraton request, GW-node computes the one-tme master key N = H(ID K sno#) and sends N and sno# to U through a secured channel, where sno# s a unque servce number generated by GW-node. Then, U generates a seres of one-tme hash-chan sgnature keys for prepay servce wth desgnated sessons. U computes the followng parameters: Step R3. U computes the nth one-tme sgnature key KS n = H(N ) and the other rth one-tme sgnature key KS r 1 = H(KS r ), where r = n, (n 1),..., 1. Step R4. U sgns the ntal one-tme sgnature key by ts prvate key to get the sgnature Sg = E SK {KS 0 }, where SK s U s prvate key. Note that one-tme hash-chan keys K r wll be used n the reverse order of ther producton durng the subsequent rth sessons, where r = 1, 2,..., n. Step R5. U sends {ID, Sg, KS 0 } to the GW-node through a secured channel.

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION 4827 User GW-node 1. Send {ID, P W, n} 2. Send N, sno# 3. Compute KS r 4. Sgn KS 0 5. Send {ID, Sg, KS 0 } 7. Issue smart card 6. Mantan RT Fgure 3. Regstraton phase of the proposed scheme Step R6. GW-node verfes the valdty of Sg. If t holds, GW-node computes M = H(ID K sno#) H(P W ). Then, the GW-node stores {H( ), ID, M, KS 0, H(P W ), x a } nto the personalzed smart card and mantans a regstraton table (RT ) for a prepay servce and the format of RT s shown as follows: User Servce Master Intal User Sessons dentty number key parameter sgnature ID sno# n N KS 0 Sg where the 1st feld of RT records the user s dentty, the 2nd feld records the unque servce number, the 3rd feld records a maxmum number of sessons for a prepay servce, the 4th feld records the one-tme master key, the 5th and 6th felds record ntal parameter KS 0 and ts sgnature, respectvely. Step R7. GW-node ssues the smart card to U n a secure manner. Fgures 2 and 3 show the producton of one-way hash-chan keys and the detaled steps of regstraton phase, respectvely. 4.2. The authentcaton phase. Ths phase s further dvded nto logn phase and verfcaton phase. The detaled steps of the authentcaton phase of our proposed scheme are depcted n Fgure 4. 4.2.1. Logn phase. If the user U wants to logn to the network, n the rth sesson, the logn steps work as follows: Step A1. U nserts hs/her smart card to a termnal. Step A2. U nputs ID, P W and KS r, where r = 1, 2,..., n. Step A3. The smart card computes H(P W ) and H(KS r ) and checks whether the nputted values are the same as the stored ones or not. Step A4. If they are not match, the smart card termnates the logn phase; otherwse, the smart card replaces KS r wth KS r 1 and performs the followng steps: The smart card computes DID = M H(P W ) = H(ID K sno#) and C r = DID KS r.

4828 C.-T. LI, C.-C. LEE, L.-J. WANG AND C.-J. LIU The smart card sends the logn request M r = {ID, C r, sno#, T r, H(DID sno# T r )} to the GW-node, where T r s the current tmestamp of U s system. 4.2.2. Verfcaton phase. Upon recevng M r = {ID, C r, sno#, T r, H(DID sno# T r )} from U at tme Ts r, the verfcaton steps work as follows: Step A5. GW-node checks the correctness of the tmestamp. If the tme nterval between T r and Ts r s greater than T, GW-node rejects the logn request. The T s the expected tme nterval for a transmsson delay. Step A6. GW-node then computes DID s = H(ID K sno#) and KS r = C r DID s. Step A7. If KS r 1 equals H(KS r Step A8. GW-node replaces KS r ), the GW-node accepts U s logn request. wth KS r 1 ; otherwse GW-node rejects U s logn s retreved from GW-node s regstraton table. request. Note that KS r 1 Then the GW-node computes A r = H(DID S n x a T r s ), where S n s some nearest sensor node s dentty to respond to the query/data that U s lookng for and Ts r s the current tmestamp of GW-node s system. The GW-node sends Ms r = {DID, A r, Ts r } to some nearest sensor node S n. Step A9. S n verfes the correctness of the tmestamp Ts r. Step A10. S n computes A r = H(DID S n x a Ts r ). If A r = A r and the tmestamp are correct, the S n responds to U s query. 5. Analyss of the Proposed Scheme. In ths secton, we shall verfy the securty that our proposed scheme provdes and dscuss the relevant cost for provdng such securty. 5.1. Securty analyss. As stated n Secton 3, we assume that a smart card has a possblty of permttng authorzed users from retrevng the parameter. When ths assumpton s held, Das s scheme unavodably prevents unauthorzed user U e from masqueradng a legal user U and GW-node stll beleve that t s communcatng wth the user U. In the followng, we wll descrbe securty contents of our proposed scheme. (1) For masquerade attacks, n our mproved verson H(K) and H(ID P W ) are computed as DID = H(ID K sno#) and C r = DID KS r, and the value of K and KS r are only known by GW-node and the user, respectvely. Moreover, due to the property of one-way hash functon t s computatonally nfeasble for the attacker to compute K gven the ntercepted values of ID and sno#. Therefore, unlke n Das s scheme, the attacker cannot forge a vald value of DID to pass the authentcaton of GW-node and the masquerade attack s prevented n our proposed scheme. (2) For off-lne and on-lne password guessng attacks, n our scheme H(P W ) s only computed n user s system and snce U logns to GW-node by presentng M r nstead of H(ID P W ), the attacker cannot drectly obtan H(ID P W ). Furthermore, when a user loses hs/her smart card, wthout the knowledge of P W and KS r, no one can apply the smart card to produce a vald logn request. As a result, the attacker U e cannot guess P W by performng off-lne and on-lne guessng attacks on M r. Thus, the proposed scheme can resst the password guessng attacks. (3) For unknown user attacks, a regstered user U must derve DID = H(ID K sno#) from M and nput one-tme sgnature key KS r to get the verfcaton of the DID s and KS r from GW-node. Therefore, our scheme wll restran U to share hs/her secret nformaton to other non-regstered user U n even f U n can successfully guess the secret value DID from H(DID sno# T r ). Because U n does not have the vald one-tme sgnature key KS r, t s dffcult for U n to mplement the unknown user attacks by constructng the logn nformaton C r. Moreover, only regstered

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION 4829 user can submt the vald logn request M r to GW-node wth correspondng KS r and GW-node can re-compute the hash value of a gven sgnature key KS r to verfy f t equals the prevously receved sgnature by checkng KS r 1? = H(KS r ). If the equaton holds, GW-node makes sure that M r s sent by U and beleves that M r s not replay nformaton because M r contans the current tmestamp T r. Fnally, the regstered user U can permts the connecton wth GW-node and GW-node can charge for provdng U the authorzed access n WSNs. User GW-node S-node 1. Insert smart card 2. Input ID, P W, KS r 3. Check H(P W ), H(KS r ) 4. Replace KS r wth KSr 1 Send M r 5. Check T r 6. Compute DID s, KS r 7. Verfy KS r=1? = H(KS r ) 8. Replace KS r wth KS r 1 Send M r s 9. Check T r s Query response / data 10. Verfy A r? = A r Else no response and termnate the operaton Fgure 4. Authentcaton phase of the proposed scheme 5.2. Performance analyss. In ths subsecton, the performance comparsons of our proposed scheme and other related schemes are summarzed n Table 2. From Table 2, the computatonal costs of Das s scheme requre 8 hashng operatons for a successful user authentcaton. Contrary to our scheme, the computatonal costs are very low,.e., only 7 hashng operatons are requred. Therefore, our scheme acheves effcency, compared wth Das s scheme. Consderng functonalty requrements, the proposed scheme s well suted to WSNs as t acheves the mportant securty goals of bllng servce and ressts varous attacks, and Das s scheme does not provde bllng servce and cannot wthstand guessng and masquerade attacks.

4830 C.-T. LI, C.-C. LEE, L.-J. WANG AND C.-J. LIU Table 2. Performance comparsons of our scheme wth other related schemes Wong s Tseng s Das s Our scheme [24] scheme [22] scheme [1] scheme Logn phase 3H 2H 3H 3H Authentcaton phase 1H 2H 5H 4H Resst replay attacks NO NO YES YES Resst stolen-verfer attacks NO NO YES YES Resst guessng attacks NO NO NO YES Resst masquerade attacks NO NO NO YES Bllng servce NO NO NO YES H: number of H( ) operaton. 6. Conclusons. In ths paper, we show that Das s two-factor user authentcaton scheme s stll vulnerable to the attacks that many logged n users wth the same logn-d and needs more securty mechansms between the user and GW-node. To solve the problems of Das s scheme, we proposed a secure bllng servce based on one-tme sgnature key to prevent from above-mentoned attacks. The proposed servce wll not add addtonal computatonal cost to the smart card n authentcaton phase and makes proposed bllng servce qute applcable to two-factor authentcaton cryptosystems n dstrbuted networkng envronments. Acknowledgment. Ths research was partally supported by the Natonal Scence Councl, Tawan, under contracts no: NSC 99-2221-E-165-001 and NSC 99-2221-E-030-022. REFERENCES [1] M. L. Das, Two-factor user authentcaton n wreless sensor networks, IEEE Transactons on Wreless Communcatons, vol.8, no.3, pp.1086-1090, 2009. [2] M. L. Das, A. Saxena and V. P. Gulat, A dynamc ID-based remote user authentcaton scheme, IEEE Transactons on Consumer Electroncs, vol.50, no.2, pp.629-631, 2004. [3] W. Dffe and M. E. Hellman, New drectons n cryptography, IEEE Transactons on Informaton Theory, vol.it-22, pp.644-654, 1976. [4] L. C. Ko, A novel dynamc user authentcaton scheme for wreless sensor networks, Proc. of IEEE ISWCS, pp.608-612, 2008. [5] C. C. Lee, M. S. Hwang and I. E. Lao, Securty enhancement on a new authentcaton scheme wth anonymty for wreless envronments, IEEE Transactons on Industral Electroncs, vol.53, no.5, pp.1683-1687, 2006. [6] C.-T. L, M.-S. Hwang and Y.-P. Chu, A secure and effcent communcaton scheme wth authentcated key establshment and prvacy preservaton for vehcular ad hoc networks, Computer Communcatons, vol.31, no.12, pp.2803-2814, 2008. [7] C.-T. L, M.-S. Hwang and C.-Y. Lu, An electronc votng protocol wth denable authentcaton for moble ad hoc networks, Computer Communcatons, vol.31, no.10, pp.2534-2540, 2008. [8] C.-T. L, M.-S. Hwang and Y.-P. Chu, Further mprovement on a novel prvacy preservng authentcaton and access control scheme for pervasve computng envronments, Computer Communcatons, vol.31, no.18, pp.4255-4258, 2008. [9] C.-T. L, M.-S. Hwang and Y.-P. Chu, Improvng the securty of a secure anonymous routng protocol wth authentcated key exchange for ad hoc networks, Internatonal Journal of Computer Systems Scence and Engneerng, vol.23, no.3, pp.227-234, 2008. [10] C.-T. L, M.-S. Hwang and Y.-P. Chu, An effcent sensor-to-sensor authentcated path-key establshment scheme for secure communcatons n wreless sensor networks, Internatonal Journal of Innovatve Computng, Informaton and Control, vol.5, no.8, pp.2107-2124, 2009. [11] C.-T. L and Y.-P. Chu, Cryptanalyss of threshold password authentcaton aganst guessng attacks n ad hoc networks, Internatonal Journal of Network Securty, vol.8, no.2, pp.166-168, 2009.

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION 4831 [12] C.-T. L, C. H. We and Y. H. Chn, A secure event update protocol for peer-to-peer massvely multplayer onlne games aganst masquerade attacks, Internatonal Journal of Innovatve Computng, Informaton and Control, vol.5, no.12(a), pp.4715-4723, 2009. [13] C.-T. L and M.-S. Hwang, An onlne bometrcs-based secret sharng scheme for multparty cryptosystem usng smart cards, Internatonal Journal of Innovatve Computng, Informaton and Control, vol.6, no.5, pp.2181-2188, 2010. [14] C.-T. L, An effcent and secure communcaton scheme for trusted computng envronments, Journal of Computers, vol.20, no.3, pp.17-24, 2009. [15] C.-T. L, M.-S. Hwang and S.-M. Chen, A batch verfyng and detectng the llegal sgnatures, Internatonal Journal of Innovatve Computng, Informaton and Control, vol.6, no.12, pp.5311-5320, 2010. [16] C.-T. L, C.-H. We, C.-C. Lee, Y.-H. Chn and L.-J. Wang, A secure and undenable bllng protocol among charged partes for grd computng envronments, Internatonal Journal of Innovatve Computng, Informaton and Control, vol.6, no.11, pp.5061-5076, 2010. [17] C.-T. L and M.-S. Hwang, An effcent bometrcs-based remote user authentcaton scheme usng smart cards, Journal of Network and Computer Applcatons, vol.33, no.1, pp.1-5, 2010. [18] C.-T. L and C.-C. Lee, A novel user authentcaton and prvacy preservng scheme wth smart cards for wreless communcatons, Mathematcal and Computer Modellng, 2011. [19] C.-T. L, C.-C. Lee and L.-J. Wang, A two-factor user authentcaton scheme provdng mutual authentcaton and key agreement over nsecure channels, Journal of Informaton Assurance and Securty, vol.5, no.2, pp.201-208, 2010. [20] C.-T. L, C.-C. Lee and L.-J. Wang, On the securty enhancement of an effcent and secure event sgnature protocol for P2P MMOGs, The 2010 Internatonal Conference on Computatonal Scence and Its Applcatons, LNCS, vol.6016, pp.599-609, 2010. [21] R. L. Rvest, A. Shamr and L. Adleman, A method for obtanng dgtal sgnatures and publc key cryptosystems, Communcatons of the ACM, vol.21, pp.120-126, 1978. [22] H. R. Tseng, R. H. Jan and W. Yang, An mproved dynamc user authentcaton scheme for wreless sensor networks, Proc. of IEEE Globecom, pp.986-990, 2007. [23] R. Watro, D. Kong, S. Cut, C. Gardner, C. Lynn and P. Kruus, TnyPK: Securng sensor networks wth publc key technology, Proc. of ACM Workshop on Securty of Ad Hoc and Sensor Networks, pp.59-64, 2004. [24] K. Wong, Y. Zheng, J. Cao and S. Wang, A dynamc user authentcaton scheme for wreless sensor networks, Proc. of IEEE Internatonal Conference on Sensor Networks, Ubqutous, and Trustworthy Computng, pp.244-251, 2006. [25] C. C. Wu, W. B. Lee and W. J. Tsaur, A secure authentcaton scheme wth anonymty for wreless communcatons, IEEE Communcate Letters, vol.12, no.10, pp.722-723, 2008. [26] P. Zeng, Z. Cao, K. K. R. Choo and S. Wang, On the anonymty of some authentcaton schemes for wreless communcatons, IEEE Communcate Letters, vol.13, no.3, pp.170-171, 2009.