Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments

被引:19
作者
Chung, Hao-Rung [2 ]
Ku, Wei-Chi [1 ]
Tsaur, Maw-Jinn [3 ]
机构
[1] Natl Taichung Univ, Dept Comp & Informat Sci, Taichung, Taiwan
[2] Fu Jen Catholic Univ, Dept Comp Sci & Informat Engn, Taipei, Taiwan
[3] Fu Jen Catholic Univ, Grad Inst Appl Sci & Engn, Taipei, Taiwan
关键词
Authentication; Password; Reparability; Smart card; Verification table; EFFICIENT; SECURITY; CRYPTANALYSIS;
D O I
10.1016/j.csi.2008.09.020
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Recently, Wang et al. showed that two new verifier-free remote user password authentication schemes, Ku-Chen's scheme and Yoon et al.'s scheme, are Vulnerable to an off-line password guessing attack, a forgery attack, and a denial-of-service attack, and then proposed an improved scheme for the real application in resource-limited environments. Unfortunately, we find that Wang et al.'s scheme is still vulnerable to an impersonation attack and an off-line password guessing attack. In addition, Wang et al.'s scheme is not easily reparable and is unable to provide perfect forward secrecy. Finally, we propose an improved scheme with better security strength. (C) 2008 Elsevier B.V. All rights reserved.
引用
收藏
页码:863 / 868
页数:6
相关论文
共 27 条
[1]   Cryptanalysis of a remote user authentication scheme using smart cards [J].
Chan, CK ;
Cheng, LM .
IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, 2000, 46 (04) :992-993
[2]  
Chang CC, 2003, INFORMATICA-LITHUAN, V14, P289
[3]   A new method for using hash functions to solve remote user authentication [J].
Chen, Tzung-Her ;
Lee, Wei-Bin .
COMPUTERS & ELECTRICAL ENGINEERING, 2008, 34 (01) :53-62
[4]   An efficient and practical solution to remote authentication: Smart card [J].
Chien, HY ;
Jan, JK ;
Tseng, YM .
COMPUTERS & SECURITY, 2002, 21 (04) :372-375
[5]  
Diffie W., 1992, Designs, Codes and Cryptography, V2, P107, DOI 10.1007/BF00124891
[6]  
Diffie W., 1992, IEICE T, V2, P107
[7]   A PUBLIC KEY CRYPTOSYSTEM AND A SIGNATURE SCHEME BASED ON DISCRETE LOGARITHMS [J].
ELGAMAL, T .
IEEE TRANSACTIONS ON INFORMATION THEORY, 1985, 31 (04) :469-472
[8]   An improved bilinear pairing based remote user authentication scheme [J].
Goriparthi, Thulasi ;
Das, Manik Lal ;
Saxena, Ashutosh .
COMPUTER STANDARDS & INTERFACES, 2009, 31 (01) :181-185
[9]  
Haller N. M., 1994, Proceedings Internet Society Symposium on Network and Distributed System Security 1994, P151
[10]  
Hsu CL, 2004, COMP STAND INTER, V26, P167, DOI [10.1016/S0920-5489(03)00094-1, 10.1016/s0920-5489(03)00094-1]