| Article ID | Journal | Published Year | Pages | File Type |
|---|---|---|---|---|
| 455483 | Computers & Electrical Engineering | 2012 | 7 Pages |
In 2009, Wang et al. presented a dynamic ID-based remote user authentication scheme and claimed that their scheme was more efficient and secure. In this paper, we point out that their scheme is not secure against impersonation attacks launched by any adversary at anytime and could leak some key information to legal users, who can launch an off-line guessing attack. If the adversary could get the secret information stored in the smart cards someway, their scheme will be completely broken down. In addition, their scheme does not provide anonymity for the users, and lacks the functionalities of revocation, key exchange and secret renew for users and servers. Furthermore, we propose a more secure and robust scheme, which does not only cover all the above security flaws and weaknesses, but also provides more functionalities.
Graphical abstractFigure optionsDownload full-size imageDownload as PowerPoint slideHighlights► We cryptanalyzed wang et al.’s scheme and claimed that their scheme was not secure. ► We propose a more secure and robust scheme. ► Our scheme achieves the property of revocation, off-line password change. ► We compare our scheme with other related works.
