Robust smart‐card‐based remote user password authentication scheme |
| |
| Authors: | Bae‐Ling Chen Wen‐Chung Kuo Lih‐Chyau Wuu |
| |
| Affiliation: | 1. Graduate School of Engineering Science and Technology, National Yunlin University of Science and Technology, #123, Sec. 3, University Rd., Douliu, Yunlin, Taiwan;2. Department of Computer Science and Information Engineering, National Yunlin University of Science and Technology, #123, Sec. 3, University Rd., Douliu, Yunlin, Taiwan;3. Institute of Computer Science and Information Engineering, National Yunlin University of Science and Technology, #123, Sec. 3, University Rd., Douliu, Yunlin, Taiwan |
| |
| Abstract: | Smart‐card‐based remote user password authentication schemes are commonly used for providing authorized users a secure method for remotely accessing resources over insecure networks. In 2009, Xu et al. proposed a smart‐card‐based password authentication scheme. They claimed their scheme can withstand attacks when the information stored on the smart card is disclosed. Recently, Sood et al. and Song discovered that the smart‐card‐based password authentication scheme of Xu et al. is vulnerable to impersonation and internal attacks. They then proposed their respective improved schemes. However, we found that there are still flaws in their schemes: the scheme of Sood et al. does not achieve mutual authentication and the secret key in the login phase of Song's scheme is permanent and thus vulnerable to stolen‐smart‐card and off‐line guessing attacks. In this paper, we will propose an improved and efficient smart‐card‐based password authentication and key agreement scheme. According to our analysis, the proposed scheme not only maintains the original secret requirement but also achieves mutual authentication and withstands the stolen‐smart‐card attack. Copyright © 2012 John Wiley & Sons, Ltd. |
| |
| Keywords: | smart card session key agreement mutual authentication internal attack stolen‐smart‐card attack |
|
|
