Abstract
With the rapid growth of electronic commerce and associated demands on variants of Internet based applications, application systems providing network resources and business services are in high demand around the world. To guarantee robust security and computational efficiency for service retrieval, a variety of authentication schemes have been proposed. However, most of these schemes have been found to be lacking when subject to a formal security analysis. Recently, Chang et al. (2014) introduced a formally provable secure authentication protocol with the property of user-untraceability. Unfortunately, based on our analysis, the proposed scheme fails to provide the property of user-untraceability as claimed, and is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this paper, we demonstrate the details of these malicious attacks. A security enhanced authentication scheme is proposed to eliminate all identified weaknesses.
Original language | English |
---|---|
Pages (from-to) | 259-271 |
Number of pages | 13 |
Journal | Frontiers of Information Technology and Electronic Engineering |
Volume | 16 |
Issue number | 4 |
DOIs | |
State | Published - 21 Apr 2015 |
Keywords
- Authentication
- Privacy
- Security
- Smart card
- Untraceability