Cryptology ePrint Archive: Report 2016/023

Improved on an improved remote user authentication scheme with key agreement

Yalin Chen1 and Jue-Sam Chou*2 and I - Chiung Liao3

Abstract: Recently, Kumari et al. pointed out that Chang et al.’s scheme “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update” not only has several drawbacks, but also does not provide any session key agreement. Hence, they proposed an improved remote user authentication Scheme with key agreement on Chang et al.’s Scheme. After cryptanalysis, they confirm the security properties of the improved scheme. However, we determine that the scheme suffers from both anonymity breach and he smart card loss password guessing attack, which are in the ten basic requirements in a secure identity authentication using smart card, assisted by Liao et al. Therefore, we modify the method to include the desired security functionality, which is significantly important in a user authentication system using smart card.

Category / Keywords: user authentication, key agreement, cryptanalysis, smart card, password change, untraceable, dynamic identity, anonymity, remote user authentication

Date: received 10 Jan 2016

Contact author: jschou at mail nhu edu tw

Available format(s): PDF | BibTeX Citation

Version: 20160112:075803 (All versions of this report)

Short URL: ia.cr/2016/023

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]