SECURE SMART CARD BASED PASSWORD AUTHENTICATION SCHEME WITH USER ANONYMITY

Chun-Ta Li

Abstract


Recently, a smart card based authentication and key agreement scheme preserving the user anonymity was proposed by Wang, Juang and Lei, that is designed to provide users with secure activities in ubiquitous computing environments. The authors proved that their scheme delivers important security properties and functionalities, such as without maintaining password/verification tables, freedom on password selection and alteration, mutual authentication, user anonymity, no time synchronization problem, key agreement implementation, forgery attack resistance and computation efficiency. However, we show that Wang et al.'s scheme has potential security flaws, which enable malicious attackers to counterfeit an application server to spoof the victim client and damage the security of session key and the property of user anonymity. In this paper, we propose an enhanced version of Wang et al.'s scheme to remedy these flaws. The proposed scheme not only ensures the merits of their scheme but also enhances the security of their scheme without raising any computation cost.

http://dx.doi.org/10.5755/j01.itc.40.2.431


Keywords


network security; password authentication; smart card; ubiquitous computing environments; user anonymity

Full Text: PDF

Print ISSN: 1392-124X 
Online ISSN: 2335-884X