A Robust and Efficient Smart Card Oriented Remote User Authentication Protocol

Authentication and key agreement protocols are foundation for the security of distributed applications. In 2010, Yeh et al. proposed two authenticated key agreement protocols. The second protocol in Yeh et al. features user¡¦s anonymity. However, we found that the second scheme is vulnerable to replay attack, masquerade attack, and off-line password attack. In this paper, we first analyze Yeh et al.¡¦s security flaws, then, we propose a protocol that overcomes all the weaknesses of the aforementioned protocol.

[1]  Chunhua Su,et al.  Two robust remote user authentication protocols using smart cards , 2010, J. Syst. Softw..

[2]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[3]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[4]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[5]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[6]  Cheng-Chi Lee,et al.  Security enhancement for a dynamic ID-based remote user authentication scheme , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[7]  K. Okayama,et al.  Design and implementation of an authentication system in WIDE Internet environment , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.

[8]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[9]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[10]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..

[11]  Jianhua Li,et al.  Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2010, IEEE Transactions on Industrial Electronics.

[12]  Nai-Wei Lo,et al.  Cryptanalysis of two three-party encrypted key exchange protocols , 2009, Comput. Stand. Interfaces.