| 摘要: | In this paper,we show the cryptanalysis of Chen's smart card based re-mote user authentication scheme,recently proposed by Chen, Hsiang and Shih, that is designed to provide users with secure activities over insecure networking environments. We show that Chen et al.'s scheme has poten-tial security vulnerabilities, which enable malicious attackto damage the security of authentications such as power analysis attack, password guessing attack, masquerade attack,no perfect forward/backward secrecy, and key agreement unfairness. We further propose an enhanced version of smart card based password authentication scheme with corresponding remedies to eliminate all identified security weaknesses in Chen et al.'s scheme. Performance analysis shows that our scheme is still cost-efficient for the real application in the resource-limited environment. |
