Weakness of remote authentication scheme of Chen <i>et al</i>.

Tang, Hongbin; Xin-song, Liu; Chen, Jianying

doi:10.1002/dac.2534

Cited by 6 publications

(8 citation statements)

References 19 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to the analysis in the documents , we show nine security characters of smart‐card‐based AKE schemes. And we will discuss the security of schemes mentioned in Sections 5 and 6 under these conditions.…”

Section: Preliminariesmentioning

confidence: 99%

See 1 more Smart Citation

An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity

2014

Security Comm Networks

View full text Add to dashboard Cite

Recently, Li proposed an authenticated key exchange (AKE) scheme based on elliptic curve cryptosystem with smart cards in two versions. We point out that the two versions of Li's scheme are not secure and then we present an improved authentication scheme to overcome general disadvantages. Also, we deem that the notion of forward security is old for modern AKE schemes based on smart cards and enhance it as strong forward security. We prove that our scheme is secure with a formal security model containing the feature of strong forward security. Then, via the concrete security analysis and comparison, our scheme resists common attacks and has general security characters. Compared with other schemes, our scheme has low time, storage, and communication cost. It is suitable for communicating applications in network. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Section: Preliminariesmentioning

confidence: 99%

“…Many attacks and security characters have been presented. Some experts made reviews to point out historical schemes' problems in particular . Recently, two aspects of security for smart‐card‐based schemes have been concentrated.…”

Section: Introductionmentioning

confidence: 99%

An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity

2014

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…In recent years, many smart card-based password AKE [8][9][10][11][12][13][14][15][16][17][18] and biometric-based AKE with smart card [19][20][21][22][23], which are designed to realize stronger secure remote authentication than onefactor AKE, have been proposed. However, most of them lack the strict proof of security and do not really meet the security requirements of two-factor authentication.…”

Section: Previous Workmentioning

confidence: 99%

Two‐factor authentication scheme using attribute and password

Wei

Liu

2014

Int J Communication

View full text Add to dashboard Cite

In this study, based on attribute and password, we introduce a new kind of two-factor authentication protocol that has various applications such as anonymous authentication and privacy protection. Specifically, our proposal is constructed by introducing password authentication into the generic framework of attribute-based authentication. Consequently, it not only achieves two-factor authentication, but also enjoys the advantages of attribute authentication and password authentication simultaneously. Furthermore, to formally evaluate the security of the proposed protocol, we present the corresponding security model, within which the detailed security proof of the proposal is given.

show abstract

“…For remote user authentication systems [1], the concept of two-factor security came into existence after pioneered work by Hwang-Li [2]. Since then, an ample research [3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20] has been conducted in this field. In fact, two-factor security [21] is a step ahead of authentication systems based on singlefactor, which is generally a password.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’

Kumari

Khan

2013

Int J Communication

View full text Add to dashboard Cite

SUMMARY With the use of smart card in user authentication mechanisms, the concept of two‐factor authentication came into existence. This was a forward move towards more secure and reliable user authentication systems. It elevated the security level by requiring a user to possess something in addition to know something. In 2010, Sood et al. and Song independently examined a smart‐card‐based authentication scheme proposed by Xu et al. They showed that in the scheme of Xu et al., an internal user of the system can turn hostile to impersonate other users of the system. Both of them also proposed schemes to improve the scheme of Xu et al. Recently, Chen et al. identified some security problems in the improved schemes proposed by Sood et al. and Song. To fix these problems, Chen et al. presented another scheme, which they claimed to provide mutual authentication and withstand lost smart card attack. Undoubtedly, in their scheme, a user can also verify the legitimacy of server, but we find that the scheme fails to resist impersonation attacks and privileged insider attack. We also show that the scheme does not provide important features such as user anonymity, confidentiality to air messages, and revocation of lost/stolen smart card. Besides, the scheme defies the very purpose of two‐factor security. Furthermore, an attacker can guess a user's password from his or her lost/stolen smart card. To meet these challenges, we propose a user authentication method with user anonymity. We show through analysis and comparison that the proposed scheme exhibits enhanced efficiency in contrast to related schemes, including the scheme of Chen et al. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

Weakness of remote authentication scheme of Chen et al.

Cited by 6 publications

References 19 publications

An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity

An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity

Two‐factor authentication scheme using attribute and password

Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’

Contact Info

Product

Resources

About