| Revista: | Journal of applied research and technology |
| Base de datos: | PERIÓDICA |
| Número de sistema: | 000372952 |
| ISSN: | 1665-6423 |
| Autores: | Lee, Y. C1 |
| Instituciones: | 1WuFeng University, Department of Security Technology and Management, Chiayi. Taiwán |
| Año: | 2013 |
| Periodo: | Ago |
| Volumen: | 11 |
| Número: | 4 |
| Paginación: | 597-603 |
| País: | México |
| Idioma: | Inglés |
| Tipo de documento: | Artículo |
| Enfoque: | Aplicado, descriptivo |
| Resumen en inglés | Due to the open environment, all network systems suffer from various security threats. The remote user authentication scheme is a secure mechanism to allow users obtaining a variety of information services through insecure channels. For efficiency and security, many remote user authentication schemes identify users with smart cards. However, many smart card based schemes are vulnerable to lots of attacks. Recently, Hsiang et al. proposed a smart card based remote authentication scheme. In this article, we show that their scheme is vulnerable to the smart-card-loss-attack. That is, if an unauthorized person obtains the smart card, he/she can guess the correct password to masquerade as a legitimate user to login the system. The attack is caused by the smart card outputs fixed message for the same inputs. We propose an improved scheme to fix the flaw. The improved scheme withstands the off-line password guessing attack, parallel session attack and smart-card-loss-attack. Moreover, it also has the merits of providing mutual authentication, no verification table and users can freely update their passwords |
| Disciplinas: | Ciencias de la computación |
| Palabras clave: | Redes, Seguridad en cómputo, Seguridad de redes, Autenticación, Usuarios remotos |
| Keyword: | Computer science, Networks, Computing security, Networks security, Authentication, Remote users |
| Texto completo: | Texto completo (Ver HTML) |
