Cryptanalysis and Improvement of a Password-Based Remote User Authentication Scheme without Smart Cards

Authors

  • Debiao He Wuhan University
  • Ding Wang Peking University
  • Shuhua Wu Information Engineering University, Zhengzhou

DOI:

https://doi.org/10.5755/j01.itc.42.2.2554

Keywords:

password-based, smart card, mutual authentication

Abstract

Recently, Chen et al. [B. Chen, W. Kuo, L. Wuu, A secure password-based remote user authentication scheme without smart cards, Information Technology and Control 41(1) (2012) 53-59] proposed a secure password-based remote user authentication scheme without smart cards and claimed that their scheme could withstand various attacks. Although Chen et al.’s scheme has many benefits; we find that it is vulnerable to the device stolen attack and the privileged insider attack. We also find that their scheme does not support perfect forward secrecy and no key control. Therefore, we propose an improved scheme to overcome weaknesses and maintain the benefits of the original scheme.

DOI: http://dx.doi.org/10.5755/j01.itc.42.2.2554

Downloads

Published

2013-05-31

Issue

Vol. 42 No. 2 (2013)

Section

Articles

License

Copyright terms are indicated in the Republic of Lithuania Law on Copyright and Related Rights, Articles 4-37.