Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards
Wen-Shenq Juang
Sian-Teng Chen
Horng-Twu Liaw
Dept. of Inf. Manage., Nat. Kaohsiung First Univ. of Sci. & Technol., Kaohsiung;
This paper appears in: Industrial Electronics, IEEE Transactions on
Publication Date: June 2008
Volume: 55,
Issue: 6
On page(s): 2551-2556
ISSN: 0278-0046
INSPEC Accession Number: 10006649
Digital Object Identifier: 10.1109/TIE.2008.921677
Current Version Published: 2008-05-28
Abstract
User authentication and key agreement is an important security primitive for creating a securely distributed information system. Additionally, user authentication and key agreement is very useful for providing identity privacy to users. In this paper, we propose a robust and efficient user authentication and key agreement scheme using smart cards. The main merits include the following: 1) the computation and communication cost is very low; 2) there is no need for any password or verification table in the server; 3) a user can freely choose and change his own password; 4) it is a nonce-based scheme that does not have a serious time-synchronization problem; 5) servers and users can authenticate each other; 6) the server can revoke a lost card and issue a new card for a user without changing his identity; 7) the privacy of users can be protected; 8) it generates a session key agreed upon by the user and the server; and 9) it can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
