|
|
Frontiers of Information Technology & Electronic Engineering
ISSN 2095-9184 (print), ISSN 2095-9230 (online)
2015 Vol.16 No.4 P.259-271
A lightweight authentication scheme with user untraceability
Abstract: With the rapid growth of electronic commerce and associated demands on variants of Internet based applications, application systems providing network resources and business services are in high demand around the world. To guarantee robust security and computational efficiency for service retrieval, a variety of authentication schemes have been proposed. However, most of these schemes have been found to be lacking when subject to a formal security analysis. Recently, Chang et al. (2014) introduced a formally provable secure authentication protocol with the property of user-untraceability. Unfortunately, based on our analysis, the proposed scheme fails to provide the property of user-untraceability as claimed, and is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this paper, we demonstrate the details of these malicious attacks. A security enhanced authentication scheme is proposed to eliminate all identified weaknesses.
Key words: Authentication, Privacy, Security, Smart card, Untraceability
创新点:本研究所提出的鉴别机制主要利用杂凑函数(Hash function)作为机制内的资讯保护技术,并以一套新设计的讯息传递逻辑成功完成多个体间的相互身分鉴别,如此将可同时达到计算安全与轻量化效能两大效益。
方法:藉由使用者注册(Registration)、登入与鉴别(Login and authentication)、密码变更(Password change)等三大阶段来完成并良好管理使用者身分鉴别与讯息传输安全。
结论:本论文主要针对现有网路环境下的商务架构,进行使用者身分鉴别机制设计。在协定安全度方面,根据传输逻辑分析与安全正式化分析结果,所提方法的安全可行性已被成功证实。在效能方面,本研究比近期所提出的几份相关机制(Tsai et al., 2013;Chang et al., 2014;Kumari and Khan, 2014)皆更为有效率(表2、3)。
关键词组:
References:
Open peer comments: Debate/Discuss/Question/Opinion
<1>
DOI:
10.1631/FITEE.1400232
CLC number:
TP309
Download Full Text:
Downloaded:
2741
Download summary:
<Click Here>Downloaded:
1932Clicked:
6923
Cited:
2
On-line Access:
2015-04-03
Received:
2014-07-03
Revision Accepted:
2014-11-13
Crosschecked:
2015-03-04