Cryptanalysis and Improvement of a Remote User Authentication Scheme for Resource-limited Environment
Wang Ding①③ Ma Chun-guang① Weng Chen② Jia Chun-fu②
①(College of Computer Science and Technology, Harbin Engineering University, Harbin 150001, China) ②(College of Information Technology Science, Nankai University, Tianjin 300071, China) ③(Department of Training, Automobile Management Institute of PLA, Bengbu 233011, China)
Abstract:Recently Fang et al. (2011) proposed a password-based remote user authentication scheme using smart cards for resource-constrained environment, and claimed that their scheme was secure and practical. However, it is found that their scheme can not achieve the claimed security, it is vulnerable to offline password guessing attack, parallel session attack and known key attack. In addition, the password change phase of their scheme is not user-friendly and practical. Consequently, an improved scheme is presented and analyzed, the analysis shows that new scheme eliminates the defects of Fang et al.’s scheme while keeping the merit of high performance, suitable for resource-constrained and security-concerned application scenarios.
汪定, 马春光, 翁臣, 贾春福. 一种适于受限资源环境的远程用户认证方案的分析与改进[J]. 电子与信息学报, 2012, 34(10): 2520-2526.
Wang Ding, Ma Chun-Guang, Weng Chen, Jia Chun-Fu. Cryptanalysis and Improvement of a Remote User Authentication Scheme for Resource-limited Environment. , 2012, 34(10): 2520-2526.