Abstract
In recent years, several dynamic ID-based remote user authentication schemes have been proposed. In 2012, Wen and Li proposed a dynamic ID-based remote user authentication with key agreement scheme. They claimed that their scheme can resist impersonation attack and insider attack and provide anonymity for the users. However, we will show that Wen and Li's scheme cannot withstand insider attack and forward secrecy, does not provide anonymity for the users, and inefficiency for error password login. In this paper, we propose a novel ECC-based remote user authentication scheme which is immune to various known types of attack and is more secure and practical for mobile clients.
Highlights
Smart card authentication is that the most commonly used authentication method that legal users can access the resources provided by remote servers
Over the past few years, considerable authentication protocols [1,2,3,4,5,6,7] have been proposed. Most of these schemes are based on static ID and have some flaws such as server spoofing attack, insider attack, and impersonation attack
In 2011, Khan et al [12] showed that Wang et al.’s scheme does not provide anonymity of a user during authentication is vulnerable to insider attack and stolen smart card attack, and does not provide session key agreement and its user has no choice in choosing his password
Summary
Smart card authentication is that the most commonly used authentication method that legal users can access the resources provided by remote servers. In 2004, Das et al [8] presented a dynamic ID-based remote user authentication scheme using smart cards They pointed out that their scheme does not maintain any verifier table and can resist the replay attack, forgery attacks, guessing attacks, and insider attacks. Yeh et al [11] showed that Wang et al.’s scheme is insecure against replay attack, user impersonation attack, server counterfeit attack, manin-the-middle attack, and password guessing attacks They propose an enhanced protocol to overcome all identified security flaws. In 2011, Khan et al [12] showed that Wang et al.’s scheme does not provide anonymity of a user during authentication is vulnerable to insider attack and stolen smart card attack, and does not provide session key agreement and its user has no choice in choosing his password They cover all the flaws of Wang et al.’s scheme and propose an enhanced authentication scheme.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
