An improved remote user authentication scheme with key agreement |
| |
Authors: | Saru Kumari Muhammad Khurram Khan Xiong Li |
| |
Affiliation: | 1. Department of Mathematics, Agra College, Agra, India;2. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia;3. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan 411201, China |
| |
Abstract: | In distributed systems, user authentication schemes based on password and smart card are widely used to ensure only authorized access to the protected services. Recently, Chang et al. presented an untraceable dynamic-identity-based user authentication scheme with verifiable-password-update. In this research, we illustrate that Chang et al.’s scheme violates the purpose of dynamic-identity contrary to authors’ claim. We show that once the smart card of an arbitrary user is lost, passwords of all registered users are at risk. Using information from an arbitrary smart card, an adversary can impersonate any user of the system. In addition, its password change phase has loopholes and is misguiding. The scheme has no provision for session key agreement and the smart card lacks any verification mechanism. Then we come-up with an improved remote user authentication scheme with the session key agreement, and show its robustness over related schemes. |
| |
Keywords: | |
本文献已被 ScienceDirect 等数据库收录! |
|