Professional Documents
Culture Documents
1,2
I. INTRODUCTION
Password-based authentication technique is one of the most
convenient methods for remote user authentication. In 1981,
Lamport [1] introduced the first well-known password-based
remote user authentication scheme. Afterwards, Chang and
Wu [2] proposed a remote password authentication scheme
using smart cards based on the Chinese remainder theorem. In
1999, Yang and Shieh [3] proposed another password
authentication scheme with smart cards. However, the
weakness and improvements of [3] are subsequently addressed
in [4]. Wang et al. [5] showed that the scheme in [4] is still
insecure. Then, Hwang and Li [7] proposed a new remote user
authentication scheme using smart cards, but Shen et al. [8]
observed that Hwang and Lis scheme is insecure and
proposed a modified scheme in [8]. It has been observed that
the existing schemes are based on static login request. The
static login request authentication methods cannot resist direct
wiretapping attacks, and thus, are not suitable for public
network environment. The main drawback of these static
techniques is that an adversary can impersonate a valid login
on intercepting the login request sent by the user to the remote
system. This is because the login identity (ID) is directly or
indirectly related to other parameters of the login request.
There are many applications (e.g., digital library) where the
subscribers need to login for viewing or downloading the
documents. In such systems, instead of using a static login-ID,
a dynamic login-ID based login session authentication would
offer a secure framework. In this work, we propose a dynamic
remote user authentication scheme using smart cards. In our
scheme, the registered user is assigned a smart card containing
*
314 ADCOM-2004
A. Registration Phase
(i)
(ii)
(iii)
(iv)
(v)
It is noted that S can store IDi , Bi and x to the smart card and
publishes other public parameters e, N, g and h(.), but these
public parameters should be available at the terminal where
users want to access the remote system.
B.
Authentication Phase
(ii)
(iii)
(iv)
(ii)
(iii)
(i)
(ii)
CONCLUSION
REFERENCES
[1]