Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Two-factor mutual authentication based on smart cards and passwords
Journal of Computer and System Sciences
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A simple remote user authentication scheme
Mathematical and Computer Modelling: An International Journal
| Hi-index | 0.00 |
In 2009, Liao et al. proposed an exquisite mutual authentication scheme with key agreement using smart cards to access a network system legally and securely. Liao et al.'s scheme adopted a transformed identity (TID) to avoid identity duplication. However, we find out that an adversary may exploit TID to achieve offline guessing attack. Liao et al.'s scheme is also exposed to man-in-the-middle attack and their claimed theorems and proofs are incorrect. We conduct detailed analysis of flaws in the scheme and its security proof. This paper proposes an improved scheme to overcome these problems and preserve user anonymity that is an issue in e-commerce applications.