TY - GEN
T1 - Cryptanalysis and improvement of a smart card-based identity authentication scheme
AU - Fan, Siqiong
AU - Cao, Zhenfu
AU - Dong, Xiaolei
PY - 2014
Y1 - 2014
N2 - Remote user authentication scheme has been widely adopted in the cyberworld to provide security and privacy because of various online threats and insecure communications. In the past few decades, many smart card-based authentication schemes are put forward. In such schemes, a user only need to maintain an identity and a password and employ a smart card to fulfill the authentication with a remote server. In 2014, Lee et al. put forward an authentication scheme using smart based on the hash function. However, we find that novel as it is, the scheme still has some severe security and performance weaknesses such as a verification table should stored in their scheme, it is easy to suffer the stolen verifier attack. Besides, it has the problem of synchronization between the server and users, failure of protecting users' anonymity and it is unfriendly to users since the inability of supporting changing the password freely. In this paper, we propose an improved authentication scheme supporting the Diffie-Hellman key exchange protocol using hash functions and the ElGamal cryptosystem. Besides the drawbacks in Lee et al.'s scheme, our proposed scheme overcomes the offline password guessing attack, man-in-the-middle attack and so on. At last, we show that our scheme is more suitable and secure for practical use.
AB - Remote user authentication scheme has been widely adopted in the cyberworld to provide security and privacy because of various online threats and insecure communications. In the past few decades, many smart card-based authentication schemes are put forward. In such schemes, a user only need to maintain an identity and a password and employ a smart card to fulfill the authentication with a remote server. In 2014, Lee et al. put forward an authentication scheme using smart based on the hash function. However, we find that novel as it is, the scheme still has some severe security and performance weaknesses such as a verification table should stored in their scheme, it is easy to suffer the stolen verifier attack. Besides, it has the problem of synchronization between the server and users, failure of protecting users' anonymity and it is unfriendly to users since the inability of supporting changing the password freely. In this paper, we propose an improved authentication scheme supporting the Diffie-Hellman key exchange protocol using hash functions and the ElGamal cryptosystem. Besides the drawbacks in Lee et al.'s scheme, our proposed scheme overcomes the offline password guessing attack, man-in-the-middle attack and so on. At last, we show that our scheme is more suitable and secure for practical use.
KW - Anonymity
KW - Authentication
KW - Privacy
KW - Security
KW - Smart card
UR - https://www.scopus.com/pages/publications/84950291450
U2 - 10.1049/cp.2014.1279
DO - 10.1049/cp.2014.1279
M3 - 会议稿件
AN - SCOPUS:84950291450
SN - 9781849199094
T3 - IET Conference Publications
BT - IET Conference Publications
PB - Institution of Engineering and Technology
T2 - 2014 International Conference on Information and Network Security, ICINS 2014
Y2 - 14 November 2014 through 16 November 2014
ER -