A lightweight authentication scheme with user untraceability

详细信息    查看全文

• 作者：Kuo-Hui Yeh (1)
  
  1. Department of Information Management ; National Dong Hwa University ; Taiwan ; 974 ; Hualien
  
• 关键词：Authentication ; Privacy ; Security ; Smart card ; Untraceability ; TP309
• 刊名：Journal of Zhejiang University - Science C
• 出版年：2015
• 出版时间：April 2015
• 年：2015
• 卷：16
• 期：4
• 页码：259-271
• 全文大小：701 KB
• 参考文献：1. Bellare, M, Rogaway, P (1994) Entity authentication and key distribution. LNCS 773: pp. 232-249
  2. Bellare, M, Pointcheval, D, Rogaway, P (2000) Authenticated key exchange secure against dictionary attacks. Advances in Cryptology-EUROCRYPT. pp. 139-155
  3. Blake-Wilson, S, Johnson, D, Menezes, A (1997) Key agreement protocols and their security analysis. 6th IMA Int. Conf. on Cryptography Coding. pp. 30-45
  4. Burrows, M, Abadi, M, Needham, R (1990) A logic of authentication. ACM Trans. Comput. Syst. 8: pp. 18-36 CrossRef
  5. Chang, CC, Lee, CY (2012) A secure single sign-on mechanism for distributed computer networks. IEEE Trans. Ind. Electron. 59: pp. 629-637 CrossRef
  6. Chang, YF, Tai, WL, Chang, HC (2014) Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 27: pp. 3430-3440
  7. He, D, Wu, S (2012) Security flaws in a smart card based authentication scheme for multi-server environment. Wirel. Pers. Commun. 70: pp. 323-329 CrossRef
  8. Hsiang, C, Shih, WK (2009) Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interf. 31: pp. 1118-1123 CrossRef
  9. Hsieh, W, Leu, J (2012) Exploiting hash functions to intensify the remote user authentication scheme. Comput. Secur. 31: pp. 791-798 CrossRef
  10. Huang, X, Chen, X, Li, J (2013) Further observations on smart-card-based password-authenticated key agreement in distributed systems. IEEE Trans. Parall. Distr. Syst. 25: pp. 1767-1775 CrossRef
  11. Juang, WS, Chen, ST, Liaw, HT (2008) Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 55: pp. 2551-2556 CrossRef
  12. Kumari, S, Khan, MK (2014) Cryptanalysis and improvement of a robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27: pp. 3939-3955 CrossRef
  13. Lamport, L (1981) Password authentication with insecure communication. Commun. ACM 24: pp. 770-772 CrossRef
  14. Li, CT, Lee, CC, Liu, CJ (2011) A robust remote user authentication scheme against smart card security breach. 25th Annual IFIPWG11 3Conf.: pp. 231-238
  15. Li, X, Qiu, W, Zheng, D (2010) Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57: pp. 793-800 CrossRef
  16. Li, X, Xiong, Y, Ma, J (2012) An efficient and security dynamic identity based authentication protocol for multiserver architecture using smart cards. J. Network Comput. Appl. 35: pp. 763-769 CrossRef
  17. Liao, YP, Wang, SS (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interf. 31: pp. 24-29 CrossRef
  18. Sood, SK, Sarje, AK, Singh, K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J. Network Comput. Appl. 34: pp. 609-618 CrossRef
  19. Sun, DZ, Huai, JP, Sun, JZ (2009) Improvements of Juang et al.鈥檚 password-authenticated key agreement scheme using smart cards. IEEE Trans. Ind. Electron. 56: pp. 2284-2291 CrossRef
  20. Tsai, JL, Lo, NW, Wu, TC (2013) Novel anonymous authentication scheme using smart cards. IEEE Trans. Ind. Inform. 9: pp. 2004-2013 CrossRef
  21. Wang, D, Ma, CG (2012) Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards. J. China Univ. Posts Telecommun. 19: pp. 104-114 CrossRef
  22. Wang, D, Wang, P (2013) Offline dictionary attack on password authentication schemes using smart cards. 16th Information Security Conf.. pp. 1-16
  23. Wang, D, Wang, P (2014) On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Comput. Networks 73: pp. 41-57 CrossRef
  24. Wang, D, Ma, C, Wang, P (2012) Pass: privacy preserving two-factor authentication scheme against smart card loss problem. Cryptology ePrint Archive 439: pp. 1-35
  25. Wang, D, Ma, C, Wang, P (2012) Secure password-based remote user authentication scheme with non-tamper resistant smart cards. 26th Annual IFIP Conf. on Data and Applications Security and Privacy. pp. 114-121
  26. Wang, D, He, D, Wang, P (2014) Anonymous twofactor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Depend. Secure Comput..
  27. Wang, G, Yu, J, Xie, Q (2013) Security analysis of a single sign-on mechanism for distributed computer networks. IEEE Trans. Ind. Inform. 9: pp. 294-302 CrossRef
  28. Wang, Y (2012) Password protected smart card and memory stick authentication against off-line dictionary attacks. 27th IFIP TC 11 Information Security and Privacy Conf.. pp. 489-500
  29. Yeh, KH, Lo, NW, Li, Y (2011) Cryptanalysis of Hsiang-Shih鈥檚 authentication scheme for multi-server architecture. Int. J. Commun. Syst. 24: pp. 829-836 CrossRef
  
• 刊物类别：Computer Science
• 刊物主题：Computer Science, general
  
• 出版者：Zhejiang University Press, co-published with Springer
• ISSN：1869-196X

文摘

With the rapid growth of electronic commerce and associated demands on variants of Internet based applications, application systems providing network resources and business services are in high demand around the world. To guarantee robust security and computational efficiency for service retrieval, a variety of authentication schemes have been proposed. However, most of these schemes have been found to be lacking when subject to a formal security analysis. Recently, Chang et al. (2014) introduced a formally provable secure authentication protocol with the property of user-untraceability. Unfortunately, based on our analysis, the proposed scheme fails to provide the property of user-untraceability as claimed, and is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this paper, we demonstrate the details of these malicious attacks. A security enhanced authentication scheme is proposed to eliminate all identified weaknesses.