Premium
Robust smart‐card‐based remote user password authentication scheme
Author(s) -
Chen BaeLing,
Kuo WenChung,
Wuu LihChyau
Publication year - 2014
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.2368
Subject(s) - smart card , computer science , password , computer security , mutual authentication , s/key , scheme (mathematics) , authentication (law) , login , challenge–response authentication , key (lock) , multi factor authentication , authentication protocol , computer network , mathematical analysis , mathematics
SUMMARY Smart‐card‐based remote user password authentication schemes are commonly used for providing authorized users a secure method for remotely accessing resources over insecure networks. In 2009, Xu et al . proposed a smart‐card‐based password authentication scheme. They claimed their scheme can withstand attacks when the information stored on the smart card is disclosed. Recently, Sood et al . and Song discovered that the smart‐card‐based password authentication scheme of Xu et al . is vulnerable to impersonation and internal attacks. They then proposed their respective improved schemes. However, we found that there are still flaws in their schemes: the scheme of Sood et al . does not achieve mutual authentication and the secret key in the login phase of Song's scheme is permanent and thus vulnerable to stolen‐smart‐card and off‐line guessing attacks. In this paper, we will propose an improved and efficient smart‐card‐based password authentication and key agreement scheme. According to our analysis, the proposed scheme not only maintains the original secret requirement but also achieves mutual authentication and withstands the stolen‐smart‐card attack. Copyright © 2012 John Wiley & Sons, Ltd.