Analysis and improvements of dynamic identity-based remote user authentication scheme

Computer Engineering and Applications ›› 2014, Vol. 50 ›› Issue (22): 126-129.

Previous Articles Next Articles

Analysis and improvements of dynamic identity-based remote user authentication scheme

QU Juan1, ZOU Limin1, TAN Xiaoling2

1.School of Mathematics and Statistics, Chongqing Three Gorges University, Chongqing 404000, China
2.School of Electronic and Information Engineering, Chongqing Three Gorges University, Chongqing 404000, China

Online:2014-11-15 Published:2014-11-13

基于动态ID的远程认证方案的分析和改进

屈娟1，邹黎敏1，谭晓玲2

1.重庆三峡学院数学与统计学院，重庆 404000
2.重庆三峡学院电子与信息工程学院，重庆 404000

Abstract

Abstract: In this paper, Duan et al.’s scheme is analyzed. It is showed that this scheme is insecure against offline-guessing attack, replay attack, forgery attack and a session key doesn’t be provided after mutual authentication. An improved scheme is proposed that overcomes the above-mentioned security flaws with not affecting the merits of the original scheme. The proposed scheme not only allows the users to choose and change their passwords freely, but also generates a session key agreed by the user and the server.

Key words: user authentication, smart card, offline password guessing attack, mutual authentication

摘要： 分析了段晓毅等人提出的动态ID的远程认证方案，发现该方案不能抵御离线密码字猜测攻击，重放攻击，冒充服务器攻击，且在相互认证后不能提供会话密钥。提出了一个改进方案，改进后的方案克服了以上的安全缺陷，且用户可自由选择登录系统的密码，相互认证后用户和服务器共享一个会话密钥。

关键词: 用户认证, 智能卡, 离线密码字猜测攻击, 相互认证

QU Juan1, ZOU Limin1, TAN Xiaoling2. Analysis and improvements of dynamic identity-based remote user authentication scheme[J]. Computer Engineering and Applications, 2014, 50(22): 126-129.

屈娟1，邹黎敏1，谭晓玲2. 基于动态ID的远程认证方案的分析和改进[J]. 计算机工程与应用, 2014, 50(22): 126-129.

[1]	ZOU Jianwen, ZHAO Bo, LI Xiang, LIU Yifan, LI Jiayue. tPUF-Based Security Access Scheme for IoT Devices [J]. Computer Engineering and Applications, 2021, 57(2): 119-126.
[2]	MEI Songqing, DENG Xiaoru. Ultra-Lightweight Mobile RFID Authentication Protocol for Bit Replacement Operations [J]. Computer Engineering and Applications, 2020, 56(3): 100-105.
[3]	SU Bin1，3, CHENG Ling2, CUI Baojiang1. Mobile RFID authentication protocol for low-cost tags [J]. Computer Engineering and Applications, 2018, 54(16): 68-75.
[4]	LI Xinning, ZHOU Zhiping, LIU Lele. Multi sensor information analysis of mobile phone user authentication scheme [J]. Computer Engineering and Applications, 2018, 54(1): 140-145.
[5]	MA Yuanjia1, LIU Daowei2. Improved mutual authentication with backward security for RFID protocols [J]. Computer Engineering and Applications, 2017, 53(9): 136-140.
[6]	LIU Yi1, YANG Ling1, YANG Yubin2. Scalable RFID mutual authentication protocol based on Rabin algorithm [J]. Computer Engineering and Applications, 2017, 53(2): 15-20.
[7]	PI Lan1，2, WU Chuankun1. Improved remote asynchronous authentication scheme with smart card [J]. Computer Engineering and Applications, 2014, 50(8): 61-65.
[8]	WANG Xiaomei, ZHANG Qiujian. Mutual authentication for RFID based on elliptic curve and zero knowledge [J]. Computer Engineering and Applications, 2013, 49(15): 97-100.
[9]	TANG Hongbin, LIU Xinsong. Enhanced smart card based remote user authentication scheme [J]. Computer Engineering and Applications, 2012, 48(19): 61-65.
[10]	XIANG Jinping1，XIE Qi2. Improvement of remote password authentication scheme based on one-way Hash function [J]. Computer Engineering and Applications, 2011, 47(19): 105-107.
[11]	YAO Lin^1，2，FAN Qing-na²，KONG Xiang-wei¹. Authentication scheme based on biometric encryption for pervasive computing environments [J]. Computer Engineering and Applications, 2010, 46(32): 108-111.
[12]	WANG Chong-xia¹，ZHU Yan-qin² . Design and research of dynamic password user authentication protocol [J]. Computer Engineering and Applications, 2010, 46(18): 71-73.
[13]	LI Xing. Efficient remote user authentication scheme based on random nonce [J]. Computer Engineering and Applications, 2008, 44(19): 116-117.
[14]	ZHANG Yi²,CUI Tian-xi^1,2,TANG Hong^1,2. Mutual authentication in GSM based on Elliptic Curve Cryptography and combined public key technology [J]. Computer Engineering and Applications, 2008, 44(19): 109-111.
[15]	LAI Xin¹,HUANQ Xiao-fang²,HE Da-ke¹. 3G authentication and key agreement scheme based on NTRU [J]. Computer Engineering and Applications, 2008, 44(15): 103-105.

Analysis and improvements of dynamic identity-based remote user authentication scheme

基于动态ID的远程认证方案的分析和改进

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics