文章基本信息

标题：Secure Password-based Remote User Authentication Scheme Against Smart Card Security Breach
本地全文：下载
作者：Wang, Ding ; Ma, Chun-Guang ; Zhang, Qi-Ming 等
期刊名称：Journal of Networks
印刷版ISSN：1796-2056
出版年度：2013
卷号：8
期号：1
页码：148-155
DOI：10.4304/jnw.8.1.148-155
语种：English
出版社：Academy Publisher
摘要：It is a challenge for password authentication protocols using non-tamper resistant smart cards to achieve user anonymity, forward secrecy, immunity to various attacks and high performance at the same time. In 2011, Li and Lee showed that both Hsiang-Shih’s password-based remote user authentication schemes are vulnerable to various attacks if the smart card is non-tamper resistant. Consequently, an improved scheme was developed to preclude the identified weaknesses and claimed that it is secure against smart card loss attacks. In this paper, however, we will show that Li-Lee’s scheme still cannot withstand offline password guessing attack under the non-tamper resistance assumption of the smart card. In addition, their scheme is also vulnerable to denial of service attack and fails to provide user anonymity and forward secrecy. As our main contribution, a robust scheme is presented to cope with the aforementioned defects, while keeping the merits of different password authentication schemes using smart cards. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several hard security threats that are difficult to be tackled at the same time in previous scholarship.
关键词：cryptanalysis;authentication protocol;network security;smart card;non-tamper resistant;user anonymity