Abstract
Authentication is one of the fundamental mechanisms to enable a legitimate user to log into a remote server in an insecure environment. Many authentication protocols have been proposed in the literature for preventing unauthorized parties from access resources. Recently, Chen et al. proposed a password-based remote user authentication and key agreement scheme using common storage devices, such as USB sticks. They claimed that the scheme can withstand off-line dictionary attacks even if the authentication information stored in the device is obtained by the adversary. However, we observe that Chen et al.’s scheme is insecure against off-line dictionary attacks in this case. To remedy this security flaw, we propose an improved authentication protocol without using smart cards. Compared with the previous schemes, our scheme not only provides more security guarantees, but also is more efficient both in computation and communication cost.DOI: http://dx.doi.org/10.5755/j01.itc.42.2.2079
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
