Title: An enhanced anonymous remote user authentication scheme using smart card in insecure communication channel

Authors: Subhasish Banerjee; Manash Pratim Dutta; Chandan Tilak Bhunia

Addresses: Department of Computer Science and Engineering, National Institute of Technology, Arunachal Pradesh, India ' Department of Computer Science and Engineering, National Institute of Technology, Arunachal Pradesh, India ' Department of Computer Science and Engineering, National Institute of Technology, Arunachal Pradesh, India

Abstract: To prove the legitimacy among the users and to ensure the secure communication over the insecure network the remote user authentication using smart card and password is one of the simplest and efficient mechanisms. In this context, Kumari et al. proposed an improved remote user authentication scheme and claimed, their scheme is more user friendly, can resist various possible attacks at very low cost than existing ones. Unfortunately, during our research we have found this is not the case, their scheme cannot sustain against all those attacks for which the scheme was meant. In this paper, we have pointed out that their scheme not only can suffer from user anonymity problem but also fails to resist against offline password guessing attack, server masquerading attack and can create the risk of session key agreement too. Then, while retaining the original merits of their scheme we propose an efficient and modified scheme to overcome from aforesaid weaknesses, but at low computational cost.

Keywords: authentication; smart card; dynamic-ID.

DOI: 10.1504/IJCNDS.2017.087392

International Journal of Communication Networks and Distributed Systems, 2017 Vol.19 No.4, pp.482 - 499

Received: 30 Nov 2015
Accepted: 25 Oct 2016
Published online: 14 Oct 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article