Abstract
Security of data communication becomes a crucial challenge due to the rapid development of computer and information technologies. To ensure security of resource transmission, engineers have proposed numerous schemes for protection. Anonymity is one of the important properties of remote authentication schemes to preserve user privacy. Besides, it can avoid unauthorized entities from using the user ID and other intercepted information to forge legal login messages. In 2009, Wang et al. proposed a dynamic ID-based remote user authentication scheme without any verification table which provides user anonymity and resists stolen-verifier and DOS attacks. However, Khan et al. pointed out that Wang et al.’s scheme cannot achieve user anonymity. Further, Khan et al. proposed an improved scheme to overcome the mentioned defect. In this paper, we demonstrate that Khan et al.’s scheme is vulnerable to stolen-verifier and DOS attacks and propose a new authentication scheme without any verification table. The proposed scheme not only achieves user anonymity but also resists replay, stolen-verifier, and DOS attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Awasthi, A.K.: Comment on a dynamic ID-based remote user authentication scheme. Transaction on Cryptology 1(02), 15–16 (2004)
Chien, H.Y., Chen, C.H.: A remote authentication scheme preserving user anonymity. In: Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA 2005), Washington, DC, USA, vol. 2, pp. 245–248 (2005)
Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 50(2), 629–631 (2004)
Debiao, H., Jianhua, C., Jin, H.: Weaknesses of a dynamic ID-based remote user authentication scheme. International Journal of Electronic Security and Digital Forensics 3(4), 355–362 (2010)
Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics 46(1), 28–30 (2000)
Khan, M.K., Kim, S.K., Alghathbar, K.: Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme. Computer Communications 34, 305–309 (2011)
Lamport, L.: Password authentication with insecure communication. Communications of ACM 24(11), 770–772 (1981)
Liao, Y.P., Wang, S.S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(1), 24–29 (2009)
Wang, Y.Y., Liu, J.Y., Xia, F.X., Dan, J.: A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 32(4), 583–585 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ying, M., Guowei, L., Laomo, Z. (2012). A Novel Remote Authentication Scheme Based-On Password for Anonymous Users. In: Qu, X., Yang, Y. (eds) Information and Business Intelligence. IBI 2011. Communications in Computer and Information Science, vol 267. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29084-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-642-29084-8_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29083-1
Online ISBN: 978-3-642-29084-8
eBook Packages: Computer ScienceComputer Science (R0)