An Improved Password-Based Remote User Authentication Protocol without Smart Cards

Authors

  • Qi Jiang School of Computer Science and Technology, Xidian University
  • Jianfeng Ma School of Computer Science and Technology, Xidian University
  • Guangsong Li Department of Information Research, Information Engineering University
  • Zhuo Ma School of Computer Science and Technology, Xidian University

DOI:

https://doi.org/10.5755/j01.itc.42.2.2079

Keywords:

mutual authentication, password, remote access, off-line dictionary attack

Abstract

Authentication is one of the fundamental mechanisms to enable a legitimate user to log into a remote server in an insecure environment. Many authentication protocols have been proposed in the literature for preventing unauthorized parties from access resources. Recently, Chen et al. proposed a password-based remote user authentication and key agreement scheme using common storage devices, such as USB sticks. They claimed that the scheme can withstand off-line dictionary attacks even if the authentication information stored in the device is obtained by the adversary. However, we observe that Chen et al.’s scheme is insecure against off-line dictionary attacks in this case. To remedy this security flaw, we propose an improved authentication protocol without using smart cards. Compared with the previous schemes, our scheme not only provides more security guarantees, but also is more efficient both in computation and communication cost.

DOI: http://dx.doi.org/10.5755/j01.itc.42.2.2079

Author Biography

Qi Jiang, School of Computer Science and Technology, Xidian University

Qi Jiang received the B.S. degree in Computer Science from Shaanxi Normal University in 2005 and Ph.D. degree in Computer Science from Xidian University in 2011. He is now with the School of Computer Science and Technology, Xidian University. His research interests include security protocols and wireless network security, etc.

Downloads

Published

2013-05-31

Issue

Section

Articles