원문정보
초록
영어
Remote user authentication scheme with key agreement is a very practical mechanism to verify a remote user and then provide secure communication. Furthermore, many network environments have been becoming multi-server based due to the rapid growth of computer networks. Therefore, more and more researches have been focused on proposing smart card based remote authentication scheme with session key agreement for multi-server environment. Recently, Tsaur, Li and Lee (2012) proposed such a novel scheme which adopts a self-verified timestamp technique to help the smart card based authentication scheme not only effectively achieve password-authenticated key agreement but also avoid the difficulty of implementing clock synchronization in multi-server environments. They claimed that their scheme is against various attacks and more efficient. However, we observe that Tsaur-Li-Lee's scheme is still vulnerable to off-line password guessing attack, insider attack and malicious user attack. Besides, Tsaur-Li-Lee's scheme has no password change phase and also suffers from weaknesses of static identity and inefficiency in wrong password detection. In this paper, we propose an improved dynamic identity based scheme to eliminate all the security and efficiency weaknesses without decreasing other security performances.
목차
1. Introduction
2. Review of Tsaur-Li-Lee's Scheme
2.1. Registration Phase
2.2. Log-in and Session Key Agreement Phase
3. Weaknesses of Tsaur-Li-Lee's Scheme
3.1. Off-line Password Guessing Attack
3.2. Privileged Insider Attack
3.3. Malicious User Attack
3.4. Low Efficiency in Wrong Password Detection
3.5. No password Change Phase
3.6. Weakness of Static User's Identity
4. Our Proposed Scheme
4.1. Registration Phase
4.2. Login Phase
4.3. Authentication and Session Key Agreement Phase
4.4. Authentication and Session Key Agreement Phase
5. Security Analysis
5.1. User's Anonymity
5.2. Resist off-line Dictionary Attack
5.3. Resist Insider Attack
5.4. Resist Malicious User Attack
5.5. Efficiency Improvement in Wrong Password Detection
5.6. Cost and Functionality Analysis
6. Conclusions
Acknowledgements
References