원문정보
초록
영어
Recently, user authentication scheme in e-commerce and m-commerce has been becoming one of important security issues. In 2008, Bindu et al. proposed an improved remote user authentication scheme preserving user anonymity. In this paper, we analyze the security of Bindu et al.’s authentication scheme, and we demonstrate that their scheme is still insecure against the man-in-the-middle attack, the password guessing attack, and does not provide the user anonymity. Also, we propose an enhanced scheme to withstand the security weaknesses of Bindu et al.’s scheme, even if the secret information stored in the smart card is revealed. As a result of security analysis, we prove that the enhanced scheme is secure for the various attacks known by literatures, and provides the user anonymity, the session key agreement, and the mutual authentication between the user and the server.
목차
1. Introduction
2. Reviews of Bindu, et al.’s Scheme
2.1. Registration Phase
2.2. Login Phase
2.3. Authentication Phase
3. Security Weaknesses of Bindu, et al.’s Scheme
3.1. Man-in-the-middle Attack
3.2. Password Guessing Attack
3.3. User Anonymity
4. The Enhanced Scheme
4.1. Registration Phase
4.2. Login Phase
4.3. Authentication Phase
5. Security Analysis and Performance Evaluations of the Enhanced Scheme
5.1. Security Analysis
5.2. Performance Evaluations
6. Conclusions
References