Journal
COMPUTERS & ELECTRICAL ENGINEERING
Volume 40, Issue 6, Pages 1997-2012Publisher
PERGAMON-ELSEVIER SCIENCE LTD
DOI: 10.1016/j.compeleceng.2014.05.007
Keywords
-
Categories
Funding
- National Natural Science Foundation of China [61371098, 61300220]
- Hunan Provincial Education Department [13C324]
Ask authors/readers for more resources
In distributed systems, user authentication schemes based on password and smart card are widely used to ensure only authorized access to the protected services. Recently, Chang et al. presented an untraceable dynamic-identity-based user authentication scheme with verifiable-password-update. In this research, we illustrate that Chang et al.'s scheme violates the purpose of dynamic-identity contrary to authors' claim. We show that once the smart card of an arbitrary user is lost, passwords of all registered users are at risk. Using information from an arbitrary smart card, an adversary can impersonate any user of the system. In addition, its password change phase has loopholes and is misguiding. The scheme has no provision for session key agreement and the smart card lacks any verification mechanism. Then we come-up with an improved remote user authentication scheme with the session key agreement, and show its robustness over related schemes. (C) 2014 Elsevier Ltd. All rights reserved.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available