Open Access
Subscription Access
Revisiting the “An Improved Remote user Authentication Scheme with Key Agreement”
Recently, Kumari et al. pointed out that Chang et al.’s scheme “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update” has several drawbacks and does not provide any session key agreement. Hence, they proposed an improved remote user authentication scheme with key agreement based on Chang et al. protocol. They claimed that the improved method is secure. However, we found that their improvement still has both anonymity breach and smart card loss password guessing attack which cannot be violated in the ten basic requirements advocated for a secure identity authentication using smart card by Liao et al. Thus, we modify their protocol to encompass these security functionalities which are needed in a user authentication system using smart card.
Keywords
User Authentication, Key Agreement, Cryptanalysis, Smart Card, Password Change, Untraceable, Dynamic Identity, Anonymity, Remote User Authentication.
User
Font Size
Information
- Chun-Ta Li, Min-Shiang Hwang , “An efficient biometrics-based remote user authentication Scheme using smart cards”, Journal of Network and Computer Applications, Volume 33, Issue 1, January 2010, Pages 1–5
- Wen-Chung Kuo, Hong-Ji Wei, Jiin-Chiou Cheng, “An efficient and secure anonymous mobility network authentication Scheme”, journal of information security and applications 19 (2014) 18-24
- Jue-Sam Chou, Yalin Chen, “An Efficient Two-Pass Anonymous Identity Authentication Protocol Using a Smart Card”, Vol 63, No. 8;Aug 2013
- Ding Wang, Ping Wang, “Understanding security failures of two-factor authentication Schemes for real-time applications in hierarchical wireless sensor networks”, Ad Hoc Networks 20 (2014) 1–15
- “Preserving privacy for free: Efficient and provably secure two-factor authentication Scheme with user anonymity”, Ding Wang, Nan Wang b, Ping Wang, Sihan Qing, Information SCiences 321 (2015) 162–178
- Muhamed Turkanovic´, Boštjan Brumen, Marko Hölbl, “A novel user authentication and key agreement Scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion”, Ad Hoc Networks 20 (2014) 96–112
- Kaiping Xue, Peilin Hong, Changsha Ma, “A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture”, Journal of Computer and System SCiences 80 (2014) 195–206
- Ding Wang, Ping Wang, “On the anonymity of two-factor authentication Schemes for wireless sensor networks: Attacks, principle and solutions” Computer Networks 73 (2014) 41–57
- Chun-Ta Li, Cheng-Chi Lee , “A novel user authentication and privacy preserving Scheme with smart cards for wireless communications”, Mathematical and Computer Modelling 55 (2012) 35–44
- Ding Wang, Ping Wang,“Understanding security failures of two-factor authentication Schemes for real-time applications in hierarchical wireless sensor networks”, Ad Hoc Networks 20 (2014) 1–15
- Mohammad Sabzinejad Farasha, Muhamed Turkanovic, Saru Kumaric,Marko Hölblb,“An efficient user authentication and key agreement Scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment” Ad Hoc Networks 36 (2016) 152–176
- Celia Li, Uyen Trang Nguyen, Hoang Lan Nguyen, Nurul Huda, “Efficient authentication for fast handover in wireless mesh networks”, computers & securit y 37( 2013) I 24 -I 42
- I-En Liao, Cheng-Chi Lee, Min-Shiang Hwang, “A password authentication Scheme over insecure networks”, Journal of Computer and System SCiences, Vol. 72, No. 4, pp. 727-740, 2006.
- Kumari, Saru, Muhammad Khurram Khan, and Xiong Li. "An improved remote user authentication Scheme with key agreement." Computers & Electrical Engineering 40.6 (2014): 1997-2012.
- Chang, Ya‐Fen, Wei-Liang Tai, and Hung-Chin Chang. "Untraceable dynamic-identity-based remote user authentication Scheme with verifiable password update." International Journal of Communication Systems 27.11 (2014): 3430-3440.
- M.-C. Chuang and M. C. Chen, "An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics," Expert Systems with Applications, vol. 41, pp. 1411-1418, 2014.
- M. Karuppiah and R. Saravanan, "A secure remote user mutual authentication scheme using smart cards," Journal of Information Security and Applications, vol. 19, pp. 282-294, 2014.
- D. Mishra, A. K. Das, and S. Mukhopadhyay, "A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards," Expert Systems with Applications, vol. 41, pp. 8129-8143, 2014.
- A. K. Das and A. Goswami, "A robust anonymous biometric-based remote user authentication scheme using smart cards," Journal of King Saud University - Computer and Information Sciences, vol. 27, pp. 193-210, 2015.
- V. Odelu, A. K. Das, and A. Goswami, "An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card," Journal of Information Security and Applications, vol. 21, pp. 1-19, 2015.
- D. Wang, N. Wang, P. Wang, and S. Qing, "Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity," Information Sciences, 2015.
- Gupta, A., Tripathi, M., Shaikh, T. J., & Sharma, A., “A Lightweight Anonymous User Authentication and Key Establishment Scheme for Wearable Devices”, Computer Networks, 2018.
Abstract Views: 278
PDF Views: 0