Password authentication with insecure communication
Communications of the ACM
A Remote Authentication Scheme Preserving User Anonymity
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
Security Enhancement for a Dynamic ID-Based Remote User Authentication Scheme
NWESP '05 Proceedings of the International Conference on Next Generation Web Services Practices
Improving the security of 'a flexible biometrics remote user authentication scheme'
Computer Standards & Interfaces
A secure dynamic ID based remote user authentication scheme for multi-server environment
Computer Standards & Interfaces
A more efficient and secure dynamic ID-based remote user authentication scheme
Computer Communications
More secure remote user authentication scheme
Computer Communications
Computer Standards & Interfaces
A public key cryptosystem and a signature scheme based on discrete logarithms
IEEE Transactions on Information Theory
A new remote user authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
An efficient remote use authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
A modified remote user authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
Cryptanalysis of a modified remote user authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
IEEE Transactions on Consumer Electronics
New remote user authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
A dynamic ID-based remote user authentication scheme
IEEE Transactions on Consumer Electronics
Weaknesses of a dynamic ID-based remote user authentication scheme
International Journal of Electronic Security and Digital Forensics
An efficient anonymous authentication protocol for mobile pay-TV
Journal of Network and Computer Applications
An improved dynamic ID-based remote user authentication with key agreement scheme
Computers and Electrical Engineering
Cryptanalysis and improvement of sood et al.'s dynamic ID-Based authentication scheme
ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
Review: Dynamic ID-based remote user password authentication schemes using smart cards: A review
Journal of Network and Computer Applications
Journal of Medical Systems
Security analysis of a secure and practical dynamic identity-based remote user authentication scheme
WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Encrypted remote user authentication scheme by using smart card
WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme
International Journal of Communication Systems
Modified efficient and secure dynamic ID-Based user authentication scheme
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
An Authentication Scheme for Secure Access to Healthcare Services
Journal of Medical Systems
Journal of Medical Systems
BICS'13 Proceedings of the 6th international conference on Advances in Brain Inspired Cognitive Systems
An improved dynamic ID-based remote user authentication with key agreement scheme
Journal of Electrical and Computer Engineering
Enhanced Dynamic Authentication Scheme (EDAS)
Information Systems Frontiers
Hi-index | 0.24 |
Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an insecure communication channel. Currently, smart card-based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the authentication purpose. Recently, Wang et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. They claimed that their scheme preserves anonymity of user, has the features of strong password chosen by the server, and protected from several attacks. However, in this paper, we point out that Wang et al.'s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme: does not provide anonymity of a user during authentication, user has no choice in choosing his password, vulnerable to insider attack, no provision for revocation of lost or stolen smart card, and does provide session key agreement. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Wang et al.'s scheme and is more secure and efficient for practical application environment.