Remote mutual authentication is an important part of security, along with confidentiality and integrity, for systems that allow remote access over untrustworthy networks, like the Internet. In 2006, Shieh-Wang pointed out the weakness of Juang's remote mutual authentication scheme using smart card and further proposed a novel remote user authentication scheme using smart card. However, this paper demonstrates that Shieh-Wang's scheme still does not provide perfect forward secrecy and is vulnerable to a privileged insider's attack. We also present an improved scheme based on the Elliptic Curve Diffie-Hellman problem (ECDHP) and secure one-way hash function, in order to isolate such security problems.
Authentication, password, key agreement, cryptanalysis, smart card, elliptic curve cryptosystem
"Remote mutual authentication and key agreement scheme based on elliptic curve cryptosystem,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 19:
3, Article 2.
Available at: https://journals.tubitak.gov.tr/elektrik/vol19/iss3/2