Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards  被引量：2

作　　者：WANG Ding MA Chun-guang 

机构地区：[1]College of Computer Science and Technology, Harbin Engineering University, Harbin 150001, China [2]Automobile Management Institute of PLA, Bengbu 233011, China

出　　处：《The Journal of China Universities of Posts and Telecommunications》2012年第5期104-114,共11页中国邮电高校学报（英文版）

基　　金：supported by the National Natural Science Foundation of China(61170241,61073042)

摘　　要：With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. pointed out that Wang et al.＇s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.＇s scheme still cannot achieve the claimed security goals and report its following problems： （1） It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; （2） It fails to provide forward secrecy; （3） It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. pointed out that Wang et al.＇s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.＇s scheme still cannot achieve the claimed security goals and report its following problems： （1） It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; （2） It fails to provide forward secrecy; （3） It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.

关 键 词：CRYPTANALYSIS authentication protocol smart card non-tamper resistant forward secrecy 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术] TN492[自动化与计算机技术—计算机科学与技术]