论文信息 - An Improved User Authentication and Key Agreement Scheme Providing User Anonymity

An Improved User Authentication and Key Agreement Scheme Providing User Anonymity

When accessing remote services over public networks, a user authentication mechanism is required because these activities are executed in an insecure communication environment. Recently, Wang et al. proposed an authentication and key agreement scheme preserving the privacy of secret keys and providing user anonymity. Later, Chang et al. indicated that their scheme suffers from two security flaws. First, it cannot resist DoS (denial-of-service) attack because the indicators for the next session are not consistent. Second, the user password may be modified by a malicious attacker because no authentication mechanism is applied before the user password is updated. To eliminate the security flaws and preserve the advantages of Wang et al.'s scheme, we propose an improvement in this paper.

Ya-Fen Chang | Pei-Yu Chang

[1] Chin-Laung Lei,et al. Robust authentication and key agreement scheme preserving the privacy of secret key , 2011, Comput. Commun..

[2] Hung-Min Sun,et al. An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[3] Robert H. Sloan,et al. Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[4] Ya-Fen Chang,et al. Comments on a Secret-Key-Privacy-Preserving Authentication and Key Agreement Scheme , 2011, 2011 Fifth International Conference on Genetic and Evolutionary Computing.

[5] Leslie Lamport,et al. Password authentication with insecure communication , 1981, CACM.

[6] Hung-Yu Chien,et al. An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[7] Wei-Chi Ku,et al. Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[8] Gwoboa Horng. Password Authentication Without Using a Password Table , 1995, Inf. Process. Lett..

[9] Xiaomin Wang,et al. Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.