A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS

Authors

  • Bae Ling Chen Graduate School of Engineering Science and Technology National Yunlin University of Science and Technology
  • Wen Chung Kuo Department of Computer Science and Information Engineering National Formosa University
  • Lih Chyau Wuu Institute of Computer Science and Information Engineering National Yunlin University of Science and Technology

DOI:

https://doi.org/10.5755/j01.itc.41.1.975

Keywords:

password-based, remote access, tamper-resistant, mutual authentication, impersonation attack

Abstract

There are many remote user authentication schemes proposed in literatures for preventing unauthorized parties from accessing resources in an insecure environment. Due to inherent tamper-resistance, most of them are based on smart card authentication schemes. Unfortunately, the cost of cards and readers make these schemes costly. In the real world, common storage devices, such as universal serial bus (USB) thumb drives, portable HDDs, mobile phones, Laptop or Desktop PCs, are widely used, and they are much cheaper or more convenient for storing user authentication information. However, since these devices do not provide tamper-resistance, it is a challenge to design a secure authentication scheme using these kinds of memory devices. In this paper, we will propose a secure password-based remote user authentication and key agreement scheme without using smart cards. According to our analysis, the proposed scheme guarantees mutual authentication and also resists off-line dictionary, replay, forgery, and impersonation attacks. Compared to related scheme, the proposed scheme’s computation cost is lower and the total message length is shorter. Therefore, our scheme is suitable even for applications in limited power computing environments.

DOI: http://dx.doi.org/10.5755/j01.itc.41.1.975

Downloads

Published

2012-04-09

Issue

Section

Articles