원문정보
초록
영어
Password-based authentication schemes have been widely adopted to protect resources from unauthorized access. In 2008, Chang-Lee proposed a friendly password-based mutual authentication scheme to avoid the security weaknesses of Wu-Chieu’s scheme. In this paper, we demonstrate that Chang-Lee’s scheme is vulnerable to user impersonation attack, server masquerading attack, password guessing attack, and insider attack. Also, we propose an improved scheme to overcome the security weaknesses of Chang-Lee’s scheme, even if secret information stored in the smart card is revealed. As a result of security analysis, we prove that the proposed scheme is secure for the various attacks and provides session key agreement.
목차
1. Introduction
2. Reviews of Chang-Lee’s Scheme
2.1. Registration Phase
2.2. Login Phase
2.3. Authentication Phase
3. Security Weaknesses of Chang-Lee’s Scheme
3.1. User Impersonation Attack
3.2. Server Masquerading Attack
3.3. Password Guessing Attack
3.4. Insider Attack
3.5. Mutual Authentication
4. The Proposed Scheme
4.1. Registration Phase
4.2. Login phase
4.3. Authentication Phase
5. Security Analysis of the Proposed Scheme
5.1. User Impersonation Attack
5.2. Server Masquerading Attack
5.3. Password Guessing Attack
5.4. Insider Attack
5.4. Insider Attack
5.6. Session Key Agreement
6. Conclusions
References