Title: Cryptanalysis and improvement of a DoS-resistant ID-based password authentication scheme without using smart card
Authors: Wenbo Shi; Debiao He; Shuhua Wu
Addresses: Department of Electronic Engineering, Northeastern University at Qinhuangdao, Qinhuangdao, 066004, China ' School of Mathematics and Statistics, Wuhan University, Wuhan, 430072, China ' Department of Networks Engineering, Information Science and Technology Institute, Zhengzhou, 450002, China
Abstract: An authentication scheme allows the user and the server to authenticate each other and establish a session key for future communication in an open network. Very recently, Wen et al. proposed a DoS-resistant ID-based password authentication scheme without using smart card. They claimed that their scheme could overcome various attacks. However, in this paper, we will point out that Wen et al.'s scheme is vulnerable to an impersonation attack and a privileged insider attack. To overcome weaknesses, we also propose an improved scheme. The analysis shows our scheme not only overcomes weaknesses in Wen et al.'s scheme but also has better performance. Then our scheme is more suitable for practical applications.
Keywords: key agreement scheme; mutual authentication; impersonation attacks; privileged insider attacks; cryptanalysis; denial of service; DoS attacks; ID-based password authentication; open networks; network security.
International Journal of Information and Communication Technology, 2014 Vol.6 No.1, pp.39 - 48
Received: 20 Mar 2012
Accepted: 18 Dec 2012
Published online: 22 Nov 2013 *