An Exquisite Authentication Scheme with Key Agreement Preserving User Anonymity
In 2009, Liao et al. proposed an exquisite mutual authentication scheme with key agreement using smart cards to access a network system legally and securely. Liao et al.’s scheme adopted a transformed identity (TID) to avoid identity duplication. However, we find out that an adversary may exploit TID to achieve offline guessing attack. Liao et al.’s scheme is also exposed to man-in-the-middle attack and their claimed theorems and proofs are incorrect. We conduct detailed analysis of flaws in the scheme and its security proof. This paper proposes an improved scheme to overcome these problems and preserve user anonymity that is an issue in e-commerce applications.
KeywordsMutual authentication key agreement transformed identity user anonymity
Unable to display preview. Download preview PDF.
- 1.Bellovin, S.M., Merritt, M.: Encryped key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on research in security and privacy, pp. 72–84. IEEE Computer Society, Los Alamitos (1992)Google Scholar
- 2.Botko, V., Mackenzie, P., Patel, S.: Provable secure password-authenticated key exchange using Diffie-Hellman. pp.156–171 (2000)Google Scholar
- 4.Wu, T.: The Secure Remote Password protocol. In: Internet Society Network and Distributed Systems Security Symposium (NDSS), pp. 97–111 (1998)Google Scholar