Password authentication with insecure communication
Communications of the ACM
Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
More Efficient and Secure Remote User Authentication Scheme using Smart Cards
ICPADS '05 Proceedings of the 11th International Conference on Parallel and Distributed Systems - Workshops - Volume 02
More secure remote user authentication scheme
Computer Communications
An improved smart card based password authentication scheme with provable security
Computer Standards & Interfaces
A new remote user authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
An efficient remote use authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
IEEE Transactions on Consumer Electronics
Cryptanalysis and improvement of sood et al.'s dynamic ID-Based authentication scheme
ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
Security analysis of a secure and practical dynamic identity-based remote user authentication scheme
WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Hi-index | 0.00 |
In 2000, Sun proposed an efficient smart card based remote user authentication scheme to improve the efficiency of Hwang and Li’s scheme. In 2002, Chien et al. demonstrated that Sun’s scheme only achieves unilateral user authentication so that only authentication server authenticates the legitimacy of the remote user and proposed a new remote user authentication scheme. In 2004, Hsu demonstrated that Chien et al.’s scheme is vulnerable to parallel session attack. In 2005, Lee et al. proposed an improved scheme to overcome this weakness while maintaining the merits of Chien et al.’s scheme. In 2005, Yoon and Yoo found that Lee et al.’s scheme is vulnerable to masquerading server attack and proposed an improved scheme. In 2009, Xu et al. demonstrated that Lee et al.’s scheme is vulnerable to offline password guessing attack and proposed an improved scheme. However, we found that Lee et al.’s scheme is also vulnerable to impersonation attack, malicious user attack and reflection attack. Moreover, Lee et al.’s scheme fails to protect the user’s anonymity in insecure communication channel. This paper presents an improved scheme to resolves the aforementioned problems, while keeping the merits of Lee et al.’s scheme.