Title: Cryptanalysis and improvement of a DoS-resistant ID-based password authentication scheme without using smart card

Authors: Wenbo Shi; Debiao He; Shuhua Wu

Addresses: Department of Electronic Engineering, Northeastern University at Qinhuangdao, Qinhuangdao, 066004, China ' School of Mathematics and Statistics, Wuhan University, Wuhan, 430072, China ' Department of Networks Engineering, Information Science and Technology Institute, Zhengzhou, 450002, China

Abstract: An authentication scheme allows the user and the server to authenticate each other and establish a session key for future communication in an open network. Very recently, Wen et al. proposed a DoS-resistant ID-based password authentication scheme without using smart card. They claimed that their scheme could overcome various attacks. However, in this paper, we will point out that Wen et al.'s scheme is vulnerable to an impersonation attack and a privileged insider attack. To overcome weaknesses, we also propose an improved scheme. The analysis shows our scheme not only overcomes weaknesses in Wen et al.'s scheme but also has better performance. Then our scheme is more suitable for practical applications.

Keywords: key agreement scheme; mutual authentication; impersonation attacks; privileged insider attacks; cryptanalysis; denial of service; DoS attacks; ID-based password authentication; open networks; network security.

DOI: 10.1504/IJICT.2014.057971

International Journal of Information and Communication Technology, 2014 Vol.6 No.1, pp.39 - 48

Received: 20 Mar 2012
Accepted: 18 Dec 2012

Published online: 22 Nov 2013 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article