원문정보
초록
영어
Recently, more and more researches have been focused on proposing dynamic identity based remote authentication scheme for multi-server environment. In 2011, Lee, Lin and Chang proposed an improved scheme to remedy the weaknesses of Hsiang-Shih's scheme. However, we observe that Lee-Lin-Chang's scheme is still vulnerable to stolen smart card attack and malicious server attack. Besides, the password change phase of Lee-Lin-Chang's scheme is neither efficient enough nor convenient to users. In this paper, we propose an improved scheme to remove the aforementioned weaknesses and simultaneously not to decrease other security features. In the proposed scheme, there is no useful information can be obtained from the values stored in smart cards. Thus the stolen smart card attack can be blocked. To avoid malicious server attack, we move the user authentication process from service providing servers to the registration center, which can ensure each server has a different secret key. Through comparing with several schemes proposed recently, we demonstrate our proposed scheme is more secure and efficient. Therefore, the proposed scheme is more practicable.
목차
1. Introduction
2. Review of Lee-Lin-Chang's Scheme
2.1. Registration Phase
2.2. Login Phase
2.3. Verification Phase
2.4. Password Change Phase
3. Cryptanalysis of Lee-Lin-Chang's Scheme
3.1. Smart Card Stolen Attack
3.2. Malicious Server Attack
3.3. Weakness of Low Efficiency and Inconveniency in Password change Phase
4. Our Proposed Scheme
4.1. Registration Phase
4.2. Login Phase
4.3. Authentication and Session Key Agreement Phase
4.4. Password Change Phase
5. Security Analysis
5.1. Stolen Smart Card Attack
5.2. Off-Line Dictionary Attack
5.3. Malicious user attack
5.4. Malicious Server Attack
5.5. User's Anonymity
5.6. Efficiency and Conveniency in Password Change Phase
6. Cost and Functionality Analysis
7. Conclusions
Acknowledgements
References