A secure password-based authentication and key agreement scheme using smart cards. (August 2015)
- Record Type:
- Journal Article
- Title:
- A secure password-based authentication and key agreement scheme using smart cards. (August 2015)
- Main Title:
- A secure password-based authentication and key agreement scheme using smart cards
- Authors:
- Mishra, Dheerendra
Das, Ashok Kumar
Chaturvedi, Ankita
Mukhopadhyay, Sourav - Abstract:
- Abstract: Authentication schemes present a user-friendly and scalable mechanism to establish the secure and authorized communication between the remote entities over the insecure public network. Later, several authentication schemes have proposed in the literature. However, most of the existing schemes do not satisfy the desirable attributes, such as resistance against known attacks and user anonymity. In 2012, Chen et al. designed a robust authentication scheme to erase the weaknesses of Sood et al.'s scheme. In 2013, Jiang et al. showed that Chen et al.'s scheme is vulnerable to password guessing attack. Furthermore, Jiang et al. presented an efficient solution to overcome the shortcoming of Chen et al.'s scheme. We demonstrate that Jiang et al.'s scheme does not withstand insider attack, on-line and off-line password guessing attacks, and user impersonation attack. Their scheme also fails to provide user's anonymity. To overcome these drawbacks, we aim to propose an enhanced scheme, which reduces the computation overhead and satisfies all desirable security attributes, while retaining the original merits of Jiang et al.'s scheme. The proposed scheme is also comparable in terms of the communication and computational overheads with Jiang et al.'s scheme and other existing schemes. Furthermore, we simulate the enhanced scheme for the formal security analysis utilizing the widely-accepted AVISPA tool and show that the proposed scheme is resistant against active and passiveAbstract: Authentication schemes present a user-friendly and scalable mechanism to establish the secure and authorized communication between the remote entities over the insecure public network. Later, several authentication schemes have proposed in the literature. However, most of the existing schemes do not satisfy the desirable attributes, such as resistance against known attacks and user anonymity. In 2012, Chen et al. designed a robust authentication scheme to erase the weaknesses of Sood et al.'s scheme. In 2013, Jiang et al. showed that Chen et al.'s scheme is vulnerable to password guessing attack. Furthermore, Jiang et al. presented an efficient solution to overcome the shortcoming of Chen et al.'s scheme. We demonstrate that Jiang et al.'s scheme does not withstand insider attack, on-line and off-line password guessing attacks, and user impersonation attack. Their scheme also fails to provide user's anonymity. To overcome these drawbacks, we aim to propose an enhanced scheme, which reduces the computation overhead and satisfies all desirable security attributes, while retaining the original merits of Jiang et al.'s scheme. The proposed scheme is also comparable in terms of the communication and computational overheads with Jiang et al.'s scheme and other existing schemes. Furthermore, we simulate the enhanced scheme for the formal security analysis utilizing the widely-accepted AVISPA tool and show that the proposed scheme is resistant against active and passive attacks. … (more)
- Is Part Of:
- Journal of information security and applications. Volume 23(2015)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 23(2015)
- Issue Display:
- Volume 23, Issue 2015 (2015)
- Year:
- 2015
- Volume:
- 23
- Issue:
- 2015
- Issue Sort Value:
- 2015-0023-2015-0000
- Page Start:
- 28
- Page End:
- 43
- Publication Date:
- 2015-08
- Subjects:
- Remote user authentication -- Password -- User anonymity -- Security
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2015.06.003 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 8962.xml