An Exquisite Authentication Scheme with Key Agreement Preserving User Anonymity

  • Mijin Kim
  • Seungjoo Kim
  • Dongho Won
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6318)

Abstract

In 2009, Liao et al. proposed an exquisite mutual authentication scheme with key agreement using smart cards to access a network system legally and securely. Liao et al.’s scheme adopted a transformed identity (TID) to avoid identity duplication. However, we find out that an adversary may exploit TID to achieve offline guessing attack. Liao et al.’s scheme is also exposed to man-in-the-middle attack and their claimed theorems and proofs are incorrect. We conduct detailed analysis of flaws in the scheme and its security proof. This paper proposes an improved scheme to overcome these problems and preserve user anonymity that is an issue in e-commerce applications.

Keywords

Mutual authentication key agreement transformed identity user anonymity 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bellovin, S.M., Merritt, M.: Encryped key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on research in security and privacy, pp. 72–84. IEEE Computer Society, Los Alamitos (1992)Google Scholar
  2. 2.
    Botko, V., Mackenzie, P., Patel, S.: Provable secure password-authenticated key exchange using Diffie-Hellman. pp.156–171 (2000)Google Scholar
  3. 3.
    Jablon, D.P.: Strong password-only authenticated key exchange. ACM SIGCOMM Computer Communication Review 26(5), 5–26 (1996)CrossRefGoogle Scholar
  4. 4.
    Wu, T.: The Secure Remote Password protocol. In: Internet Society Network and Distributed Systems Security Symposium (NDSS), pp. 97–111 (1998)Google Scholar
  5. 5.
    Yang, G., Wong, D.S., Wong, H., Deng, X.: Two-factor mutual authentication based on smart cards and passwords. Journal of computer and system sciences 74(7), 1160–1172 (2008)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Hwang, M.S., Lee, C.C., Tang, Y.L.: A simple remote user authentication scheme. Mathematical and Computer Modeling 36, 103–107 (2002)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Chien, H.Y., Jan, J.K.: Robust and simple authentication protocol. Computer Journal 46, 193–201 (2003)CrossRefMATHGoogle Scholar
  8. 8.
    Juang, W.S.: Efficient password authenticated key agreement using smart cards. Computers and Security 23(2), 167–173 (2004)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Liao, C.H., Chen, H.C., Wang, C.T.: An exquisite mutual authentication scheme with key agreement using smart card. An International Journal of Computing and Informatics (Informatica) 33(2), 125–132 (2009)MathSciNetMATHGoogle Scholar
  10. 10.
    Kocher, P., Jaffe, J., June, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examming smart card security under the threat of power analysis attacks. IEEE Transactions on Computer 51(5), 541–552 (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Mijin Kim
    • 1
  • Seungjoo Kim
    • 1
  • Dongho Won
    • 1
  1. 1.School of Information and Communication EngineeringSungkyunkwan UniversitySuwonRepublic of Korea

Personalised recommendations