期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2015
卷号:9
期号:5
页码:255-268
DOI:10.14257/ijsia.2015.9.5.25
出版社:SERSC
摘要:To keep the pace with the development of internet technology, remote user authentication techniques become more and more important to protect user's privacy. Recently, Kumari, et al., presented an improved remote user authentication scheme with key agreement based on dynamic-identity using smart card. This scheme allows legal users to change the password at his will without the need to connect the server. They claimed that their scheme could resist smart card stolen or loss attack, user impersonation and server masquerading attack, and provide user anonymity and untraceability and so on. However, our research indicates that their scheme is completely unsafe. Furthermore, the scheme can't provide the proper mutual authentication. In this manuscript, we will propose a new scheme, which can withstand those attacks mentioned above and provide the perfect user anonymity and forward secrecy. Security analysis makes it clear that the improved scheme apparently is more secure and practical.
关键词:key agreement; dynamic-identity; user anonymity and untraceability; smart ; card
