Abstract
In 2009, Liao et al. proposed an exquisite mutual authentication scheme with key agreement using smart cards to access a network system legally and securely. Liao et al.’s scheme adopted a transformed identity (TID) to avoid identity duplication. However, we find out that an adversary may exploit TID to achieve offline guessing attack. Liao et al.’s scheme is also exposed to man-in-the-middle attack and their claimed theorems and proofs are incorrect. We conduct detailed analysis of flaws in the scheme and its security proof. This paper proposes an improved scheme to overcome these problems and preserve user anonymity that is an issue in e-commerce applications.
This work was supported in part by the Ministry of Knowledge Economy, Korea, under the Information Technology Research Center (ITRC) support program supervised by the National IT Industry Promotion Agency (NIPA-2010-(C1090-1031-0005)) and in part by the Defense Acquisition Program Administration and Agency for Defense Development under Contract UD100002KD.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellovin, S.M., Merritt, M.: Encryped key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on research in security and privacy, pp. 72–84. IEEE Computer Society, Los Alamitos (1992)
Botko, V., Mackenzie, P., Patel, S.: Provable secure password-authenticated key exchange using Diffie-Hellman. pp.156–171 (2000)
Jablon, D.P.: Strong password-only authenticated key exchange. ACM SIGCOMM Computer Communication Review 26(5), 5–26 (1996)
Wu, T.: The Secure Remote Password protocol. In: Internet Society Network and Distributed Systems Security Symposium (NDSS), pp. 97–111 (1998)
Yang, G., Wong, D.S., Wong, H., Deng, X.: Two-factor mutual authentication based on smart cards and passwords. Journal of computer and system sciences 74(7), 1160–1172 (2008)
Hwang, M.S., Lee, C.C., Tang, Y.L.: A simple remote user authentication scheme. Mathematical and Computer Modeling 36, 103–107 (2002)
Chien, H.Y., Jan, J.K.: Robust and simple authentication protocol. Computer Journal 46, 193–201 (2003)
Juang, W.S.: Efficient password authenticated key agreement using smart cards. Computers and Security 23(2), 167–173 (2004)
Liao, C.H., Chen, H.C., Wang, C.T.: An exquisite mutual authentication scheme with key agreement using smart card. An International Journal of Computing and Informatics (Informatica) 33(2), 125–132 (2009)
Kocher, P., Jaffe, J., June, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examming smart card security under the threat of power analysis attacks. IEEE Transactions on Computer 51(5), 541–552 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, M., Kim, S., Won, D. (2010). An Exquisite Authentication Scheme with Key Agreement Preserving User Anonymity. In: Wang, F.L., Gong, Z., Luo, X., Lei, J. (eds) Web Information Systems and Mining. WISM 2010. Lecture Notes in Computer Science, vol 6318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16515-3_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-16515-3_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16514-6
Online ISBN: 978-3-642-16515-3
eBook Packages: Computer ScienceComputer Science (R0)