Security Analysis and Improvements of a Password-Based Mutual Authentication Scheme with Session Key Agreement
نویسندگان
چکیده
Password-based authentication schemes have been widely adopted to protect resources from unauthorized access. In 2008, Chang-Lee proposed a friendly password-based mutual authentication scheme to avoid the security weaknesses of Wu-Chieu’s scheme. In this paper, we demonstrate that Chang-Lee’s scheme is vulnerable to user impersonation attack, server masquerading attack, password guessing attack, and insider attack. Also, we propose an improved scheme to overcome the security weaknesses of Chang-Lee’s scheme, even if secret information stored in the smart card is revealed. As a result of security analysis, we prove that the proposed scheme is secure for the various attacks and provides session key agreement.
منابع مشابه
Security Analysis of Lightweight Authentication Scheme with Key Agreement using Wireless Sensor Network for Agricultural Monitoring System
Wireless sensor networks have many applications in the real world and have been developed in various environments. But the limitations of these networks, including the limitations on the energy and processing power of the sensors, have posed many challenges to researchers. One of the major challenges is the security of these networks, and in particular the issue of authentication in the wireles...
متن کاملMutual Authentication Scheme with Smart Cards and Password under Trusted Computing
Only identities of the server and the user are authenticated in traditional smart cards based password authentication schemes, but the platform does not be verified, and which cannot provide enough protection on personal information of the user. A mutual authentication scheme based on smart cards and password is proposed under trusted computing, in which hash functions are used to authenticate ...
متن کاملEfficient remote mutual authentication and key agreement
A smart card based scheme is very practical to authenticate remote users. In 2004, Juang [Juang WS. Efficient password authenticated key agreement using smart cards. Computers and Security 2004;23:167–73] proposed a mutual authentication scheme using smart cards. The advantages in the scheme include freely chosen passwords, no verification tables, low communication and computation cost, and ses...
متن کاملA Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting
The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation effi...
متن کاملSecure Smart Card Based Password Authentication Scheme with User Anonymity
Recently, a smart card based authentication and key agreement scheme preserving the user anonymity was proposed by Wang, Juang and Lei, that is designed to provide users with secure activities in ubiquitous computing environments. The authors proved that their scheme delivers important security properties and functionalities, such as without maintaining password/verification tables, freedom on ...
متن کامل