Premium
A lightweight password‐based authentication protocol using smart card
Author(s) -
Wang Chenyu,
Wang Ding,
Xu Guoai,
Guo Yanhui
Publication year - 2017
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.3336
Subject(s) - computer science , forward secrecy , password , computer security , smart card , secrecy , scheme (mathematics) , password cracking , revocation , authentication (law) , s/key , dictionary attack , challenge–response authentication , computer network , authentication protocol , encryption , public key cryptography , overhead (engineering) , mathematical analysis , mathematics , operating system
Summary With its simplicity and feasibility, password‐based remote user authentication becomes a popular way to control remote access to network. These years, numerous password‐based authentication schemes have been proposed. Recently, Maitra et al proposed a smart card–based scheme which claims to be resistant to various attacks. Unfortunately, we found some important flaws in this scheme. Therefore, in this paper, we will demonstrate that the scheme of Maitra et al is not secure enough as claimed: neither resisting against off‐line password guessing attack and insider attack nor preserve forward secrecy. To overcome those flaws, we put forward an improved new scheme which not only is resistant to all known attacks but also provides many attractive attributes, such as user revocation and re‐register. Also, we compared the scheme with other related schemes, the result proved the superiority of our scheme. Particularly, we show a new way (beyond the conventional Deffie‐Hellman approach) to achieve forward secrecy. Furthermore, we put some efforts into exploring the design principle of authentication schemes.