Recently, user authentication scheme in e-commerce and m-commerce has been becoming one of important security issues. In 2008, Bindu et al. proposed an improved remote user authentication scheme preserving user anonymity. In this paper, we analyze the security of Bindu et al.’s authentication scheme, and we demonstrate that their scheme is still insecure against the man-in-the-middle attack, the password guessing attack, and does not provide the user anonymity. Also, we propose an enhanced scheme to withstand the security weaknesses of Bindu et al.’s scheme, even if the secret information stored in the smart card is revealed. As a result of security analysis, we prove that the enhanced scheme is secure for the various attacks known by literatures, and provides the user anonymity, the session key agreement, and the mutual authentication between the user and the server.
목차
Abstract 1. Introduction 2. Reviews of Bindu, et al.’s Scheme 2.1. Registration Phase 2.2. Login Phase 2.3. Authentication Phase 3. Security Weaknesses of Bindu, et al.’s Scheme 3.1. Man-in-the-middle Attack 3.2. Password Guessing Attack 3.3. User Anonymity 4. The Enhanced Scheme 4.1. Registration Phase 4.2. Login Phase 4.3. Authentication Phase 5. Security Analysis and Performance Evaluations of the Enhanced Scheme 5.1. Security Analysis 5.2. Performance Evaluations 6. Conclusions References
보안공학연구지원센터(IJMUE) [Science & Engineering Research Support Center, Republic of Korea(IJMUE)]
설립연도
2006
분야
공학>컴퓨터학
소개
1. 보안공학에 대한 각종 조사 및 연구
2. 보안공학에 대한 응용기술 연구 및 발표
3. 보안공학에 관한 각종 학술 발표회 및 전시회 개최
4. 보안공학 기술의 상호 협조 및 정보교환
5. 보안공학에 관한 표준화 사업 및 규격의 제정
6. 보안공학에 관한 산학연 협동의 증진
7. 국제적 학술 교류 및 기술 협력
8. 보안공학에 관한 논문지 발간
9. 기타 본 회 목적 달성에 필요한 사업
간행물
간행물명
International Journal of Multimedia and Ubiquitous Engineering
간기
월간
pISSN
1975-0080
수록기간
2008~2016
등재여부
SCOPUS
십진분류
KDC 505DDC 605
이 권호 내 다른 논문 / International Journal of Multimedia and Ubiquitous Engineering Vol.8 No1