Cryptanalysis and Improvement of a Password-Based Remote User Authentication Scheme without Smart Cards

Debiao He, Ding Wang, Shuhua Wu

Abstract


Recently, Chen et al. [B. Chen, W. Kuo, L. Wuu, A secure password-based remote user authentication scheme without smart cards, Information Technology and Control 41(1) (2012) 53-59] proposed a secure password-based remote user authentication scheme without smart cards and claimed that their scheme could withstand various attacks. Although Chen et al.’s scheme has many benefits; we find that it is vulnerable to the device stolen attack and the privileged insider attack. We also find that their scheme does not support perfect forward secrecy and no key control. Therefore, we propose an improved scheme to overcome weaknesses and maintain the benefits of the original scheme.

DOI: http://dx.doi.org/10.5755/j01.itc.42.2.2554


Keywords


password-based; smart card; mutual authentication

Full Text: PDF

Print ISSN: 1392-124X 
Online ISSN: 2335-884X