A lightweight password‐based authentication protocol using smart card

Summary With its simplicity and feasibility, password‐based remote user authentication becomes a popular way to control remote access to network. These years, numerous password‐based authentication schemes have been proposed. Recently, Maitra et al proposed a smart card–based scheme which claims to...

Full description

Saved in:
Bibliographic Details
Published in:International journal of communication systems 2017-11, Vol.30 (16), p.n/a
Main Authors: Wang, Chenyu, Wang, Ding, Xu, Guoai, Guo, Yanhui
Format: Article
Language:English
Subjects:
2‐factor remote user authentication
Access control
discrete logarithm problem
offline‐password guessing attack
Private networks
RAS cryptosystem
Remote control
smart card
Smart cards
Virtual networks
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Summary With its simplicity and feasibility, password‐based remote user authentication becomes a popular way to control remote access to network. These years, numerous password‐based authentication schemes have been proposed. Recently, Maitra et al proposed a smart card–based scheme which claims to be resistant to various attacks. Unfortunately, we found some important flaws in this scheme. Therefore, in this paper, we will demonstrate that the scheme of Maitra et al is not secure enough as claimed: neither resisting against off‐line password guessing attack and insider attack nor preserve forward secrecy. To overcome those flaws, we put forward an improved new scheme which not only is resistant to all known attacks but also provides many attractive attributes, such as user revocation and re‐register. Also, we compared the scheme with other related schemes, the result proved the superiority of our scheme. Particularly, we show a new way (beyond the conventional Deffie‐Hellman approach) to achieve forward secrecy. Furthermore, we put some efforts into exploring the design principle of authentication schemes. We demonstrate that the scheme of Maitra et al is vulnerable to various attacks. We propose a new scheme, which not only is resistant to all known attacks but also provides many attractive attributes. We show a new way (beyond the conventional Deffie‐Hellman approach) to achieve forward secrecy.
ISSN:1074-5351
1099-1131
DOI:10.1002/dac.3336