Authors: Hyunseung Lee, Donghyun Choi, Yunho Lee, Dongho Won, Seungjoo Kim

Abstract:

In Public Wireless LANs(PWLANs), user anonymity is an essential issue. Recently, Juang et al. proposed an anonymous authentication and key exchange protocol using smart cards in PWLANs. They claimed that their proposed scheme provided identity privacy, mutual authentication, and half-forward secrecy. In this paper, we point out that Juang et al.'s protocol is vulnerable to the stolen-verifier attack and does not satisfy user anonymity.

Keywords: PWLANs, user privacy, smart card, authentication, key exchange

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1073561

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1337

References:

[1] Lamport L. "Password authentication with insecure communication," Communications of the ACM, 1981;24(11):770-.2.
[2] Awasthi A, Lal S. "A remote user authentication scheme using smart cards with forward secrecy," IEEE Trans. Consumer Electronic, 2003;49(4):1246-.8.
[3] Awasthi A, Lal S. "An enhanced remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, 2004;50(2):583-.6.
[4] Juang W. "Efficient password authenticated key agreement using smart card," Computers & Security, 2004;23:167-.73.
[5] Ku W, Chen S. "Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, 2004;50(1):204-.7.
[6] Kumar M. "New remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, 2004;50(2):597-.600.
[7] Kwon T, Park Y, Lee H. "Security analysis and improvement of the efficient password-based authentication protocol," IEEE Communications Letters, 2005;9(1):93-.5.
[8] Park Y, Park S. "Two factor authenticated key exchange (TAKE) protocol in public wireless LANs," IEICE Trans. Communications 2004;E87-B(5):1382-.5.
[9] Sun H. "An efficient use authentication scheme using smart cards," IEEE Trans. Consumer Electronic, 2000;46(4):958-.61.
[10] Wang X, Zhang W, Zhang J, Khan M. "Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards," Computer Standards & Interfaces, 2007;29(5):507-.12.
[11] Yang C, Hwang M. "Cryptanalysis of simple authenticated key agreement protocols," IEICE Trans. Communications, 2004;E87-A(8):2174-.6.
[12] Yang C, Wang R. "Cryptanalysis of a user friendly remote authentication scheme with smart cards," Computer Security, 2004;23:425-.7.
[13] Zhenchuan Chai, Zhenfu Cao, Rongxing Lu, "Efficient Password-Based Authentication and Key Exchange Scheme Preserving User Privacy," Wireless Algorithms, Systems, and Applications 2006, Vol. 4138, pp. 467-477.
[14] Young Man PARK, Sang Kyu PARK, "Two factor authenticated key exchange(TAKE) protocol in public wireless LANs," IEICE Trans. Communications, 2004, E87-B(5), pp. 1382-1385.
[15] Wen-Shenq Juang, Jing-Lin Wu, "Two efficient two-factor authenticated key exchange protocols in public wireless LANs," Computers and Electrical Engineering, 2008, Vol. 10, pp. 1-8.
[16] Tzu-Chang YEH , Hsiao-Yun SHEN, Jing-Jang HWANG, "A Secure One-Time Password Authentication Scheme Using Smart Cards," 2002, Vol.E85-B No.11, pp.2515-2518.