Cryptology ePrint Archive: Report 2014/115

Comments on a novel user authentication and key agreement scheme

Jia-Lun Tsai

Abstract: In 2013, Sun et al. showed that the related works' authentication schemes proposed by [2-7] are vulnerable to an insider attack and fail to provide mutual authentication. These two attacks can be successfully plotted by an adversary, since the private key of the server can compute all the legal users’ private keys. They then proposed a new remote user authentication and key agreement scheme for the mobile client-server environment. However, we find that their scheme is still vulnerable to insider attack (Sun et al.) and how to avoid such an insider attack on the client-server environment is still an open problem.

Category / Keywords: applications / user authentication, key agreement, client-server environment, insider attack, mutual authentication

Date: received 14 Feb 2014

Contact author: crousekimo at yahoo com tw

Available format(s): PDF | BibTeX Citation

Version: 20140216:155136 (All versions of this report)

Short URL: ia.cr/2014/115

Discussion forum: Show discussion | Start new discussion