• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

A User Anonymous Mutual Authentication Protocol

Vol. 10, No.9, September 30, 2016
10.3837/tiis.2016.09.026, Download Paper (Free):

Abstract

Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author’s claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server’s reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.’s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Saru Kumari, Xiong Li, Fan Wu, Ashok Kumar Das, Vanga Odelu and Muhammad Khurram Khan, "A User Anonymous Mutual Authentication Protocol," KSII Transactions on Internet and Information Systems, vol. 10, no. 9, pp. 4508-4528, 2016. DOI: 10.3837/tiis.2016.09.026

[ACM Style]
Kumari, S., Li, X., Wu, F., Das, A. K., Odelu, V., and Khan, M. K. 2016. A User Anonymous Mutual Authentication Protocol. KSII Transactions on Internet and Information Systems, 10, 9, (2016), 4508-4528. DOI: 10.3837/tiis.2016.09.026