Title :
Enhancing the Security of a "More Efficient & Secure Dynamic ID-Based Remote User Authentication Scheme\´
Author :
Khan, Muhammad Khurram
Author_Institution :
Center of Excellence in Inf. Assurance (CoEIA), King Saud Univ. Riyadh, Riyadh, Saudi Arabia
Abstract :
Recently, Wang et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. They claimed that their scheme preserves anonymity of a user, has the features of strong password chosen by the server, and protected from several attacks. However, in this paper, we point out that Wang et al.´s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme: does not provide anonymity of a user during authentication, user has no choice in choosing his password, vulnerable to insider attack, no provision for revocation of lost or stolen smart card, and does provide session key agreement. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Wang et al.´s scheme and is more secure and efficient for practical application environment.
Keywords :
authorisation; smart cards; secure dynamic ID-based remote user authentication; security enhancement; session key agreement; smart cards; user anonymity; Authentication; Computer crime; Electronic mail; IP networks; Information security; Large-scale systems; Network servers; Protection; Smart cards; Web server; authentication; cryptanalysis; password; smart card;
Conference_Titel :
Network and System Security, 2009. NSS '09. Third International Conference on
Conference_Location :
Gold Coast, QLD
Print_ISBN :
978-1-4244-5087-9
Electronic_ISBN :
978-0-7695-3838-9
DOI :
10.1109/NSS.2009.100
