Password authentication with insecure communication
Communications of the ACM
Journal of Systems and Software
A remote user authentication scheme using hash functions
ACM SIGOPS Operating Systems Review
Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme
ACM SIGOPS Operating Systems Review
A hash-based strong-password authentication scheme without using smart cards
ACM SIGOPS Operating Systems Review
The advantages of elliptic curve cryptography for wireless security
IEEE Wireless Communications
IEEE Transactions on Consumer Electronics
Robust authentication and key agreement scheme preserving the privacy of secret key
Computer Communications
Modified token-update scheme for site authentication
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
Robust smart-cards-based user authentication scheme with user anonymity
Security and Communication Networks
Future Generation Computer Systems
An enhanced anonymous authentication and key exchange scheme using smartcard
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
A New Password-Based Multi-server Authentication Scheme Robust to Password Guessing Attacks
Wireless Personal Communications: An International Journal
Novel Untraceable Authenticated Key Agreement Protocol Suitable for Mobile Communication
Wireless Personal Communications: An International Journal
Hi-index | 0.98 |
For providing a secure distributed computer environment, efficient and flexible user authentication and key agreement is very important. In addition to user authentication and key agreement, identity privacy is very useful for users. In this paper, we propose an efficient and flexible password authenticated key agreement scheme using bilinear pairings. The main merits include: (1) there is no need for any password or verification table in the server; (2) users can choose or change his own password freely; (3) both the server and a user can authenticate each other; (4) it can protect the user's privacy; (5) the user and the server can generate a session key; (6) it does not have a serious synchronization-clock problem; (7) even if the secret information stored in a smart card is compromised, it can prevent the offline dictionary attack.