원문정보
초록
영어
To keep the pace with the development of internet technology, remote user authentication techniques become more and more important to protect user’s privacy. Recently, Kumari, et al., presented an improved remote user authentication scheme with key agreement based on dynamic-identity using smart card. This scheme allows legal users to change the password at his will without the need to connect the server. They claimed that their scheme could resist smart card stolen or loss attack, user impersonation and server masquerading attack, and provide user anonymity and untraceability and so on. However, our research indicates that their scheme is completely unsafe. Furthermore, the scheme can’t provide the proper mutual authentication. In this manuscript, we will propose a new scheme, which can withstand those attacks mentioned above and provide the perfect user anonymity and forward secrecy. Security analysis makes it clear that the improved scheme apparently is more secure and practical.
목차
1. Introduction
2. Review of Kumari, et al., Scheme
2.1. Registration Phase
2.2. Login phase
2.3. Authentication Phase
2.4. Password Change Phase
3. Cryptanalysis of Kumari, et al., Scheme
3.1. Smart Card Stolen or Loss Attack
3.2. User Impersonation
3.3. Server Masquerading Attack
3.4. User’s Identity is Traceable
3.5. Lack of the Forward Secrecy
4. The Proposed Scheme
4.1. Registration Phase
4.2. Login Phase
4.3. Authentication Phase
4.4. Password Change Phase
5. Security Analysis of the Proposed Scheme
5.1. Users’ Anonymity and Untraceability
5.2. Off-line Password Guessing Attack
5.3. Smart Card Stolen or Loss Attack
5.4. Resist Server Masquerading and user Impersonation Attack
5.5. Provides Forward Secrecy
5.6. Resist Replay Attack
5.7. Insider Attack
5.8. Provides Mutual Authentication
5.9. Provides Session Key
6. Performance and Efficient Comparison
7. Conclusions
References