Authors: Marimuthu Karuppiah
Addresses: School of Computing Science and Engineering, VIT University, Vellore-632014, Tamilnadu, India
Abstract: User authentication is the process of verifying the legitimacy of a user. Until now, several authentication schemes using smart card proposed in the literature and each proposed scheme has its own merits and demerits. A common attribute among most of the proposed schemes is that the user identity is static in all the transaction sessions, which may reveal some facts about that user and can create threat of identity theft during the communication. In this paper, we have defined all the security requirements and all the goals an ideal remote user authentication scheme should satisfy and achieve. We have presented the results of our survey about remote user authentication schemes for client-server model. All the schemes are vulnerable to various attacks and do not meet the goals. In the future, we look forward to an ideal remote user authentication scheme, which meets all the security requirements and achieves all the goals can be developed. We should confidence that the attacks and goals we offer here can also aid future researchers develop better schemes.
Keywords: remote user authentication; remote authentication; smart cards; anonymity; security; offline password guessing attacks; forward secrecy; remote users; impersonation attacks; session key agreement; replay attacks.
International Journal of Internet Protocol Technology, 2016 Vol.9 No.2/3, pp.107 - 120
Received: 12 Jan 2016
Accepted: 03 Jun 2016
Published online: 29 Sep 2016 *