Security analysis of a user registration approach

详细信息    查看全文

• 作者：Min Luo ; Jingyin Zhang ; Debiao He ; Jian Shen
• 关键词：Elliptic curve cryptography ; Authentication scheme ; Mobile environment ; Key agreement
• 刊名：The Journal of Supercomputing
• 出版年：2016
• 出版时间：March 2016
• 年：2016
• 卷：72
• 期：3
• 页码：900-903
• 全文大小：321 KB
• 参考文献：1.Chou CH, Tsai KY, Lu CF (2013) Two ID-based authenticated schemes with key agreement for mobile environments. J Supercomput 66(2):973–988CrossRef
  2.Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J Supercomput 69(1):395–411MathSciNet CrossRef
  3.Shi RH, Zhong H (2015) Comments on two schemes of identity-based user authentication and key agreement for mobile client–server networks. J Supercomput. doi:10.​1007/​s11227-015-1496-7
  
• 作者单位：Min Luo (1) (2)
  Jingyin Zhang (1)
  Debiao He (3)
  Jian Shen (4)
  
  1. School of Computer Science, Wuhan University, Wuhan, China
  2. Co-Innovation Center for Information Supply and Assurance Technology, Anhui University, Hefei, China
  3. State Key Lab of Software Engineering, Wuhan University, Wuhan, China
  4. School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing, China
  
• 刊物类别：Computer Science
• 刊物主题：Programming Languages, Compilers and Interpreters
  Processor Architectures
  Computer Science, general
  
• 出版者：Springer Netherlands
• ISSN：1573-0484

文摘

Recently, Shi and Zhong (J Supercomput. doi:10.​1007/​s11227-015-1496-7, 2015) proposed an efficient user registration approach to overcome security weakness in previous approaches. They claimed that their approach is secure against various attacks. However, in this paper, we point out that their approach is vulnerable to the impersonation attack, i.e., a legal user can impersonate another user to the server. The analysis shows that their approach cannot overcome security weakness in previous approaches.