Security enhancements of smart card-based remote user password authentication scheme with session key agreement

Author

Young-Hwa An

Author_Institution

Div. of Comput. & Media Inf. Eng., Kangnam Univ., Yongin, South Korea

fYear

2015

fDate

1-3 July 2015

Firstpage

669

Lastpage

674

Abstract

Smart card-based user authentication schemes have been proposed recently to improve the security drawbacks in user authentication scheme. Li et al., in 2013, proposed an enhanced smart card-based remote user password authentication scheme which can withstand the security drawbacks of Chen et al.´s scheme. In this paper, we show that Li et al.´s scheme is vulnerable to user impersonation attack, server masquerading attack, password guessing attack and does not provide mutual authentication between the user and the server. Also, we propose the enhanced scheme with session key agreement to overcome the security drawbacks of Li et al.´s scheme, even if the secret values stored in the smart card is revealed. As a result, the enhanced scheme is relatively more secure than the related scheme in terms of security.

Keywords

message authentication; smart cards; password guessing attack; remote user password authentication scheme; security drawback; security enhancement; server masquerading attack; session key agreement; smart card; user impersonation attack; Authentication; Bismuth; Law; Servers; Smart cards; Authentication; Password Guessing Attack; Server Masquerading Attack; Session Key Agreement; User Impersonation Attack;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Communication Technology (ICACT), 2015 17th International Conference on

Conference_Location

Seoul

Print_ISBN

978-8-9968-6504-9

Type

conf

DOI

10.1109/ICACT.2015.7224880

Filename

7224880