Authors: EUNJUN YOON
Abstract: Remote mutual authentication is an important part of security, along with confidentiality and integrity, for systems that allow remote access over untrustworthy networks, like the Internet. In 2006, Shieh-Wang pointed out the weakness of Juang's remote mutual authentication scheme using smart card and further proposed a novel remote user authentication scheme using smart card. However, this paper demonstrates that Shieh-Wang's scheme still does not provide perfect forward secrecy and is vulnerable to a privileged insider's attack. We also present an improved scheme based on the Elliptic Curve Diffie-Hellman problem (ECDHP) and secure one-way hash function, in order to isolate such security problems.
Keywords: Authentication, password, key agreement, cryptanalysis, smart card, elliptic curve cryptosystem
Full Text: PDF