2,202 research outputs found
Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity
Dynamic ID-based remote user authentication schemes ensure efficient and
anonymous mutual authentication between entities. In 2013, Khan et al. proposed
an improved dynamic ID-based authentication scheme to overcome the security
flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that
Khan et al. does not satisfies the claim of the user's privacy and proposed an
efficient authentication scheme with user anonymity. The Sun and Cao's scheme
achieve improvement over Khan et al.'s scheme in both privacy and performance
point of view. Unfortunately, we identify that Sun and Cao's scheme does not
resist password guessing attack. Additionally, Sun and Cao's scheme does not
achieve forward secrecy
Cryptanalysis and improvement of chen-hsiang-shih's remote user authentication scheme using smart cards
Recently, Chen-Hsiang-Shih proposed a new dynamic ID-based remote user authentication scheme. The authors claimed that their scheme was more secure than previous works. However, this paper demonstrates that theirscheme is still unsecured against different kinds of attacks. In order to enhance the security of the scheme proposed by Chen-Hsiang-Shih, a new scheme is proposed. The scheme achieves the following security goals: without verification table, each user chooses and changes the password freely, each user keeps the password secret, mutual authentication, the scheme establishes a session key after successful authentication, and the scheme maintains the user's anonymity. Security analysis and comparison demonstrate that the proposed scheme is more secure than Das-Saxena-Gulati's scheme, Wang et al.'s scheme and Chen-Hsiang-Shih.Peer ReviewedPostprint (published version
Improving Air Interface User Privacy in Mobile Telephony
Although the security properties of 3G and 4G mobile networks have
significantly improved by comparison with 2G (GSM), significant shortcomings
remain with respect to user privacy. A number of possible modifications to 2G,
3G and 4G protocols have been proposed designed to provide greater user
privacy; however, they all require significant modifications to existing
deployed infrastructures, which are almost certainly impractical to achieve in
practice. In this article we propose an approach which does not require any
changes to the existing deployed network infrastructures or mobile devices, but
offers improved user identity protection over the air interface. The proposed
scheme makes use of multiple IMSIs for an individual USIM to offer a degree of
pseudonymity for a user. The only changes required are to the operation of the
authentication centre in the home network and to the USIM, and the scheme could
be deployed immediately since it is completely transparent to the existing
mobile telephony infrastructure. We present two different approaches to the use
and management of multiple IMSIs
- …