Abstract
Password-based authentication schemes are the most widely used techniques for remote user authentication. Recently, Khan proposed an improvement to Wu-Chieu scheme to prevent the server spoofing attack and to allow the users to update their passwords freely and securely. In this paper, we do a cryptanalysis of khan's scheme and show that his scheme is vulnerable to the parallel session attack. Furthermore, his scheme is also susceptible to the impersonation attack and the guessing attack provided that the information stored in the smart card is disclosed by an adversary. We also propose a novel and secure remote user mutual authentication scheme which is immune to the presented attacks.
| Original language | English |
|---|---|
| Publication status | Published - Feb 2009 |
| Event | 11th International Conference on Advanced Communication Technology - Gangwon, Korea Duration: 15 Feb 2009 → 18 Feb 2009 |
Conference
| Conference | 11th International Conference on Advanced Communication Technology |
|---|---|
| Period | 15/02/09 → 18/02/09 |
Bibliographical note
Organising Body: Electronics and Telecommunications Research Institute (ETRI) National Information Society Agency (NIA) Global IT Research Institute (GIRI)Keywords
- Computer science and informatics