|
|
|
|
|
Modified Dynamic ID-based User Authentication Scheme Resisting Smart-Card-Theft Attack |
|
PP: 967-976 |
|
Author(s) |
|
Toan Thinh Truong,
Minh Triet Tran,
Anh Duc Duong,
|
|
Abstract |
|
Wireless environments such as GSM, 3G, and 4G are more and more popular. Consequently, communications in such
networks need to be guarded. It is necessary to have a secure mutual authentication scheme to defend transactions between user and
service provider against illegitimate adversaries. Especially, users are those vulnerable to attacks and there are many authentication
schemes with smart-card proposed to protect them. Recently, Yung-Cheng Lee has suggested a dynamic identity based user
authentication scheme to resist smart-card-theft attack. Nevertheless, he assumed that smart-card is tamperproof. In our opinion, this
is not appropriate because Kocher and Messerges pointed that smart-card’s confidential information could be extracted by physically
monitoring its power consumption. Therefore, design of Yung-Cheng Lee cannot withstand this kind of attack. In addition, anyone who
is a legal member can masquerade server or other legal users in his scheme. Moreover, legitimacy verification only starting from server
side truly makes Lee’s scheme be impractical. In this paper, we present an improvement to his scheme to isolate such problems. |
|
|
|
|
|