{"title":"重温“一种改进的具有密钥协议的远程用户认证方案”","authors":"Yalin Chen, Jue-Sam Chou, I. C. Liao","doi":"10.13005/OJCST11.04.03","DOIUrl":null,"url":null,"abstract":"Recently, Kumari et al., pointed out that Chang et al.’s scheme “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update” has several drawbacks and does not provide any session key agreement. Hence, they proposed an improved remote user authentication scheme with key agreement based on Chang et al.’s protocol. They claimed that the improved method is secure. However, we found that their improvement still has both anonymity breach and smart card loss password guessing attack which cannot be violated in the ten basic requirements advocated for a secure identity authentication using smart card by Liao et al. Thus, we modify their protocol to encompass these security functionalities which are needed in a user authentication system using smart card.","PeriodicalId":270258,"journal":{"name":"Oriental journal of computer science and technology","volume":"7 3","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Revisiting the “An Improved Remote user Authentication Scheme with Key Agreement”\",\"authors\":\"Yalin Chen, Jue-Sam Chou, I. C. Liao\",\"doi\":\"10.13005/OJCST11.04.03\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently, Kumari et al., pointed out that Chang et al.’s scheme “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update” has several drawbacks and does not provide any session key agreement. Hence, they proposed an improved remote user authentication scheme with key agreement based on Chang et al.’s protocol. They claimed that the improved method is secure. However, we found that their improvement still has both anonymity breach and smart card loss password guessing attack which cannot be violated in the ten basic requirements advocated for a secure identity authentication using smart card by Liao et al. Thus, we modify their protocol to encompass these security functionalities which are needed in a user authentication system using smart card.\",\"PeriodicalId\":270258,\"journal\":{\"name\":\"Oriental journal of computer science and technology\",\"volume\":\"7 3\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Oriental journal of computer science and technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.13005/OJCST11.04.03\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Oriental journal of computer science and technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.13005/OJCST11.04.03","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Revisiting the “An Improved Remote user Authentication Scheme with Key Agreement”
Recently, Kumari et al., pointed out that Chang et al.’s scheme “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update” has several drawbacks and does not provide any session key agreement. Hence, they proposed an improved remote user authentication scheme with key agreement based on Chang et al.’s protocol. They claimed that the improved method is secure. However, we found that their improvement still has both anonymity breach and smart card loss password guessing attack which cannot be violated in the ten basic requirements advocated for a secure identity authentication using smart card by Liao et al. Thus, we modify their protocol to encompass these security functionalities which are needed in a user authentication system using smart card.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
