Distribution & Access For Publication Downloads News About Us Contact Us
Paper Titles
Intelligent Vehicular Warning System for VANET
p.164
Service Level Approximations for a Call Center with Two Customer Types
p.169
Passive Magnetic Bearing Design for a Small Wind Generator System
p.174
ACE Inhibitory, Antitumor and Antioxidant Activities of Submerged Culture Materials of Three Medicinal Mushrooms
p.179
Security Weaknesses and Improvements of a Remote User Authentication Scheme Preserving User Anonymity
p.184
A Hybrid Clustering Algorithm Based on Rough Set and Shared Nearest Neighbors
p.189
The Characteristics of High-Temperature Synthesized YAG:Ce Nano-Phosphors
p.194
Experimental Study on Continuous Gasification Characteristics and Mechanism of Pine with Air/Steam
p.199
The Concept of Extensible Authentication Protocol for Mobile Equipment to Heterogeneous Network (EAP-M2H)
p.204

Security Weaknesses and Improvements of a Remote User Authentication Scheme Preserving User Anonymity

Article Preview

Abstract:

In 2008, Bindu et al. proposed an improvement to Chien et al.'s remote password authentication scheme preserving user anonymity, and has asserted that the scheme is secure against replay attack, guessing attack, insider attack and man-in-the-middle attack, etc. However, in this paper, we have shown that Bindu et al.'s scheme is still insecure against man-in-the-middle attack and password guessing attack, and does not provide user anonymity. Also, we propose an improved scheme to withstand these weaknesses, while preserving their merits, even if the secret information stored in the smart card is revealed. As a result of analysis, the proposed scheme is secure against user impersonation attack, server masquerading attack, password guessing attack and does provide user anonymity. And we can see that the proposed scheme is relatively more effective than Bindu et al.'s scheme.

You might also be interested in these eBooks
Innovation in Materials Science and Emerging Technology View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volume 145)

Pages:

184-188

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.145.184

Citation:

Cite this paper

Online since:

December 2011

Authors:

Young Hwa An

Keywords:

Authentication, Man-in-the-Middle Attack, Password Guessing Attack, User Anonymity

Export:

RIS, BibTeX

Price:

Permissions:

Request Permissions

References

[1] M.S. Hwang and L.H. Li, A New Remote User Authentication Scheme Using Smart Cards, IEEE Transactions on Consumer Electronics, Vol. 46, pp.28-30 (2000).

DOI: 10.1109/30.826377

Google Scholar

[2] C.W. Lin, C.S. Tsai and M.S. Hwang, A New Strong-Password Authentication Scheme Using One-Way Hash Functions, Journal of Computer and Systems Sciences International, vol. 45, no. 4, pp.623-626 (2006).

DOI: 10.1134/s1064230706040137

Google Scholar

[3] M.L. Das, A. Sxena and V.P. Gulathi, A Dynamic ID-based Remote User Authentication Scheme, IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp.629-631 (2004).

DOI: 10.1109/tce.2004.1309441

Google Scholar

[4] H.Y. Chien and C.H. Chen, A Remote Password Authentication Preserving User Anonymity, Proceedings of the 19th International Conference on Advanced Information Networking and Applications(AINA '05), (2005).

DOI: 10.1109/aina.2005.54

Google Scholar

[5] C.S. Bindu, P.C.S. Reddy and B. Satyanarayana, Improved Remote User Authentication Scheme Preserving User Anonymity, International Journal of Computer Science and Network Security, Vol. 8, No. 3, pp.62-66 (2008).

Google Scholar

[6] P. Kocher, J. Jaffe and B. Jun, Differential Power Analysis, Proceedings of Advances in Cryptology, pp.388-397 (1999).

Google Scholar

[7] T. S. Messerges, E. A. Dabbish and R.H. Sloan, Examining Smart-Card Security under the Threat of Power Analysis Attacks, IEEE Transactions on Computers, Vol. 51, No. 5, pp.541-552 (2002).

DOI: 10.1109/tc.2002.1004593

Google Scholar

Scientific.Net is a registered brand of Trans Tech Publications Ltd
© 2024 by Trans Tech Publications Ltd. All Rights Reserved