Revista: | Journal of applied research and technology |
Base de datos: | PERIÓDICA |
Número de sistema: | 000380490 |
ISSN: | 1665-6423 |
Autores: | Lee, Yung-Cheng1 Hsieh, Yi-Chih2 Lee, Pei-Ju3 You, Peng-Sheng4 |
Instituciones: | 1WuFeng University, Department of Security Technology and Management, Chiayi. Taiwán 2National Formosa University, Department of Industrial Management, Yunlin. Taiwán 3University of Pittsburgh, School of Information Science and Technology, Pittsburgh, Pensilvania. Estados Unidos de América 4National Chiayi University, Graduate Institute of Marketing and Logistics/Transportation, Chiayi. Taiwán |
Año: | 2014 |
Periodo: | Dic |
Volumen: | 12 |
Número: | 6 |
Paginación: | 1063-1072 |
País: | México |
Idioma: | Inglés |
Tipo de documento: | Artículo |
Enfoque: | Experimental, aplicado |
Resumen en inglés | Nowadays, we can easily obtain variety of services through networks. But due to the open environment, networks are vulnerable to many security threats. The remote user authentication scheme is one of the most widely used mechanisms for servers to authorize users to access the services. In 2009, Ramasamy and Muniyandi proposed a discrete logarithm based remote authentication scheme with smart cards. Their scheme provides mutual authentication and withstands the denial of service attack, forgery attack and parallel session attack. In this article, we show that their scheme is not a practical solution for remote access. It lacks key agreement mechanism and users cannot choose or update passwords freely. Moreover, their scheme cannot resist the stolen-verifier attack, off-line guessing attack, impersonation attack and smart-card-loss-attack. We propose an improved scheme to remedy the drawbacks. The improved scheme has the merits of providing mutual authentication and key agreement, while forward and backward secrecy are ensured as well. The users can choose and update their passwords freely. Furthermore, the scheme can also withstand many attacks such as the smart-card-loss-attack, the replay attack, the off-line guessing attack, the insider attack, the impersonation attack and the parallel session attack |
Disciplinas: | Ingeniería |
Palabras clave: | Ingeniería de telecomunicaciones, Autenticación, Seguridad de redes, Tarjetas inteligentes |
Keyword: | Engineering, Telecommunications engineering, Authentication, Networks security, Smart cards |
Texto completo: | Texto completo (Ver HTML) |