Journal
INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS
Volume 27, Issue 2, Pages 377-389Publisher
WILEY
DOI: 10.1002/dac.2368
Keywords
smart card; session key agreement; mutual authentication; internal attack; stolen-smart-cardattack
Funding
- National Science Council of Taiwan [NSC 100-2221-E-150-068]
Ask authors/readers for more resources
Smart-card-based remote user password authentication schemes are commonly used for providing authorized users a secure method for remotely accessing resources over insecure networks. In 2009, Xu etal. proposed a smart-card-based password authentication scheme. They claimed their scheme can withstand attacks when the information stored on the smart card is disclosed. Recently, Sood etal. and Song discovered that the smart-card-based password authentication scheme of Xu etal. is vulnerable to impersonation and internal attacks. They then proposed their respective improved schemes. However, we found that there are still flaws in their schemes: the scheme of Sood etal. does not achieve mutual authentication and the secret key in the login phase of Song's scheme is permanent and thus vulnerable to stolen-smart-card and off-line guessing attacks. In this paper, we will propose an improved and efficient smart-card-based password authentication and key agreement scheme. According to our analysis, the proposed scheme not only maintains the original secret requirement but also achieves mutual authentication and withstands the stolen-smart-card attack. Copyright (c) 2012 John Wiley & Sons, Ltd.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available