Publication Type:
Journal Article
Source:
Information & Security: An International Journal, Volume 18, p.111-121 (2006)
Keywords:
Mutual Authentication,
Remote Authentication,
Smart Card,
User Impersonation.
Abstract:
Recently, Hwang and Li proposed a remote user authentication scheme that does not require a password table to verify the legitimacy of a legal user. This method uses smart cards. To benefit from this advantage, other research works have explored adding such features as reducing the computational cost, adopting user-friendly passwords, making it easier to change user passwords, etc. However, as cryptanalysis has evolved, a series of modifications that improve the known security flaws have been made subsequently. This article deals with a security problem found in a latest modification and improves it in order to construct a more secure function. The article also highlights a feature, mutual authentication between a server and users, found in many authentication protocols but seldom found in the considered series of modifications.