A Two-Factor User Authentication Scheme Providing Mutual Authentication and Key Agreement over Insecure Channels
摘要:
Yoon et al. proposed a user-friendly remote user authentication scheme using passwords and smart cards in 2005. The security of their scheme is based on one-way hash function and they claimed that their scheme is secured from attacks and achievable for proving mutual authentication, freely choosing password, no verification tables, and involving very lightweight hashing operations. Unfortunately, we discovered that Yoon et al.'s scheme is unable to withstand denial of service attack and performs only unilateral authentication (only user authentication). In this paper we consequently propose a novel version to eliminate the vulnerability. Furthermore, our enhanced scheme can also provide mutual authentication and key agreement between a remote server and login users. Finally, the nonce mechanism is applied in our scheme to protect such potential attacks in the case that an attacker may replay a previously eavesdropped login request message and the proposed scheme does not need to synchronize clock
