Password-based remote user authentication and key agreement protocol

Abstract

Password-based remote user authentication is a hotspot in authentication protocol research.The security of a proposed remote user authentication scheme was analyzed.Whereby it used nonce random and had very low computational costs.However,this scheme still has many security faults.The weakness of the scheme was demonstrated.Password-based remote user authentication and key agreement protocol(PUAKP),a novel nonce and hash-based remote user authentication scheme and key agreement using smart cards were also presented.In order to avoid the risk of message replay attack,the scheme uses nonce random instead of using time stamps.PUAKP has many merits: it lets users freely choose and change password at their own will;it provides mutual authentication between two entities;it has more lower computational costs;it resists man-in-the-middle attack;in addition,it has wrong password sensitivity;and it has password nontransparency to system and strong security reparability.Furthermore,the session key has freshness,confidentiality,known-key security and forward security.