AN IMPROVED DOS-RESISTANT ID-BASED PASSWORD AUTHENTICATION SCHEME WITHOUT USING SMART CARD  

作　　者：Wen Fengtong Li Xuelei Cui Shenjun 

机构地区：[1]School of Mathematics, University of Jinan, Jinan 250022, China

出　　处：《Journal of Electronics(China)》2011年第4期580-586,共7页电子科学学刊（英文版）

基　　金：Supported by the Natural Science Foundation of Shandong Province (No. Y2008A29);the Science and Technique Foundation of Shandong Province (No. 2008GG30009008)

摘　　要：In 2010,Hwang,et al.proposed a 'DoS-resistant ID-based password authentication scheme using smart cards' as an improvement of Kim-Lee-Yoo's 'ID-based password authentication scheme'.In this paper,we cryptanalyze Hwang,et al.'s scheme and point out that the revealed session key could threat the security of the scheme.We demonstrate that extracting information from smart cards is equal to knowing the session key.Thus known session key attacks are also effective under the as-sumption that the adversary could obtain the information stored in the smart cards.We proposed an improved scheme with security analysis to remedy the weaknesses of Hwang,et al.'s scheme.The new scheme does not only keep all the merits of the original,but also provides several additional phases to improve the flexibility.Finally,the improved scheme is more secure,efficient,practical,and convenient,because elliptic curve cryptosystem is introduced,the expensive smart cards and synchronized clock system are replaced by mobile devices and nonces.In 2010,Hwang,et al.proposed a ＇DoS-resistant ID-based password authentication scheme using smart cards＇ as an improvement of Kim-Lee-Yoo＇s ＇ID-based password authentication scheme＇.In this paper,we cryptanalyze Hwang,et al.＇s scheme and point out that the revealed session key could threat the security of the scheme.We demonstrate that extracting information from smart cards is equal to knowing the session key.Thus known session key attacks are also effective under the as-sumption that the adversary could obtain the information stored in the smart cards.We proposed an improved scheme with security analysis to remedy the weaknesses of Hwang,et al.＇s scheme.The new scheme does not only keep all the merits of the original,but also provides several additional phases to improve the flexibility.Finally,the improved scheme is more secure,efficient,practical,and convenient,because elliptic curve cryptosystem is introduced,the expensive smart cards and synchronized clock system are replaced by mobile devices and nonces.

关 键 词：AUTHENTICATION Key agreement Forward security Mobile device Nonce 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]