| 摘要: | With the purpose of accessing numerous network resources and services with user anonymity, various dynamic identity(ID)-based user authentication schemes have been proposed. Recently, Khan et al. have pointed out the security weaknesses of the dynamic ID-based user authentication scheme of Wang et al. and proposed an improved version of dynamic ID-based user authentication scheme for remote login systems. They claimed that their scheme can withstand various security attacks and provide user anonymity. However, we found that the scheme of Khan et al. cannot preserve user anonymity if login message and system parameters are collected by the attacker. To ensure user anonymity, in this paper, we propose a new dynamic ID-based user authentication scheme for remote login environments and the proposed scheme enables the user’s real identity to mask periodically when the user logs into the remote server. Compared with the related schemes, the proposed scheme satisfies more admired criteria and it is suitable even for applications in low-power computing environments. Finally, we formally prove the security of the proposed scheme by employing the Burrows–Abadi–Needham logic. |
