A security risk of depending on synchronized clocks
ACM SIGOPS Operating Systems Review
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Password authentication with insecure communication
Communications of the ACM
Privacy Protection for Transactions of Digital Goods
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
A password authentication scheme over insecure networks
Journal of Computer and System Sciences
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Information hiding, anonymity and privacy: a modular approach
Journal of Computer Security - Special issue on WITS'02
An improved identity-based key agreement protocol and its security proof
Information Sciences: an International Journal
An improved smart card based password authentication scheme with provable security
Computer Standards & Interfaces
Coupling-Based Internal Clock Synchronization for Large-Scale Dynamic Distributed Systems
IEEE Transactions on Parallel and Distributed Systems
Two robust remote user authentication protocols using smart cards
Journal of Systems and Software
Robust authentication and key agreement scheme preserving the privacy of secret key
Computer Communications
New dynamic ID authentication scheme using smart cards
International Journal of Communication Systems
WAINA '12 Proceedings of the 2012 26th International Conference on Advanced Information Networking and Applications Workshops
A modified remote user authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
Robust smart-cards-based user authentication scheme with user anonymity
Security and Communication Networks
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Systematic design of a family of attack-resistant authentication protocols
IEEE Journal on Selected Areas in Communications
Secure password-based remote user authentication scheme with non-tamper resistant smart cards
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
On the security of an improved password authentication scheme based on ECC
ICICA'12 Proceedings of the Third international conference on Information Computing and Applications
Journal of Medical Systems
Hi-index | 0.00 |
Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. The design of secure remote user authentication schemes based on elliptic curve crypto-graphy (ECC) for mobile applications is still quite a challenging problem, though many schemes have been published lately. In this paper, we analyze an efficient ID-based scheme for mobile client-server environment without the MapToPoint function introduced by He et al. in 2012. This proposal attempts to overcome many of the well known security and efficiency shortcomings of previous schemes, and it also carries a claimed proof of security in the random oracle model. However, notwithstanding its formal security arguments, we show that He et al.'s protocol even cannot attain the basic goal of mutual authentication by demonstrating its vulnerabilities to reflection attack and parallel session attack. Besides these two security vulnerabilities, their scheme also suffers from some practical pitfalls such as user anonymity violation and clock synchronization problem. In addition, we carry out an investigation into their security proof and propose some changes to the scheme so that it can achieve at least its basic security goal, in the hope that similar mistakes are no longer made in the future.