2014
DOI: 10.1002/dac.2793
|View full text |Cite
|
Sign up to set email alerts
|

Design and analysis of an improved smartcard‐based remote user password authentication scheme

Abstract: SummaryWith the fast development of the Internet and the telecommunication technologies, internet users are carrying out various electronic transactions over internet by means of the authentication protocols. To ensure efficient and robust online transaction, security of authentication protocol turns out to be a great concern nowadays. As a result, smartcard‐based password authentication and session key agreement scheme receives significant attention in recent years. In the literature, various authentication s… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
73
0

Year Published

2014
2014
2018
2018

Publication Types

Select...
9

Relationship

3
6

Authors

Journals

citations
Cited by 77 publications
(73 citation statements)
references
References 26 publications
0
73
0
Order By: Relevance
“…Furthermore, in [23] Section 4.2, we can see that even the adversary guesses the password and identity simultaneously and the whole attack can be finished within limited time. Therefore, the adversary can exhaust the password and identity space simultaneously, and many scholars follow this principle [2,[24][25][26][27].…”
Section: Adversary Modelmentioning
confidence: 99%
“…Furthermore, in [23] Section 4.2, we can see that even the adversary guesses the password and identity simultaneously and the whole attack can be finished within limited time. Therefore, the adversary can exhaust the password and identity space simultaneously, and many scholars follow this principle [2,[24][25][26][27].…”
Section: Adversary Modelmentioning
confidence: 99%
“…Furthermore, we for the first time recommend distinguishing offline dictionary attack via verification value in smart card (hereafter called Attack I) from offline dictionary attack via verification value in channel (hereafter called Attack II). When talking about offline dictionary attack, most papers [36,51,52] ignore the difference between them and collectively call them as offline dictionary attack (offline-password guessing attack). Although the basic principles of these two attacks are the same, the key parameters transmitted in the insecure channel or in smart card, having no "camouflage" by random numbers or other special parameters only owned by the user or the server, the adversary can get a verification (usually it is the key parameter for the server or the user to verify the validity of the other one) to perform dictionary attack.…”
Section: A Deep Exploration To Offline Dictionary Attackmentioning
confidence: 99%
“…Additionally, the proposed scheme only needs lightweight symmetric-key operations compared with the Xu-Zhu-Feng scheme. On the other hand, there are several schemes [30][31][32][33][34][35][36] that use synchronization mechanism(s) to preserve the tenacity of the one-time identity between legal users and authenticated servers. We notice that all of these schemes using similar steps to obtain user anonymity fail to resist de-synchronization attacks, which means that the synchronization of one-time identities between two entities is broken when an attacker prevents single message flow.…”
Section: Comparisonmentioning
confidence: 99%