Home > Papers

Security Enhancement to a User Authentication Scheme for Multi-Server Environment
ZENG Peng * #
Shanghai Key Laboratory of Trustworthy Computing, East China Normal University, Shanghai 200062
*Correspondence author
#Submitted by
Funding: Research Fund for the Doctoral Program of Higher Education of China (No.20110076120016)
Opened online: 4 November 2014
Accepted by: none
Citation: ZENG Peng.Security Enhancement to a User Authentication Scheme for Multi-Server Environment[OL]. [ 4 November 2014] http://en.paper.edu.cn/en_releasepaper/content/4615680
User authentication schemes for multi-server setting allow a remote user to obtain services from multiple servers without the need to separately register with every individual server.In general, user authentication schemes for a multi-server environment should provide the following properties: single registration,low computation, no need for verification table, mutual authentication and key agreement, and security.Recently Wang, Juang, and Lei proposed a privacy-preservation user authentication scheme based on the quadratic residue and claimed the scheme meets all five requirements.In this paper, we demonstrate that their scheme is, unfortunately, vulnerable to a previously unpublished parallel-session attack.In other words, this attack enables a malicious user to impersonate legitimate users and obtain services from participating application servers without the victims' knowledge.We then show how the flaw in Wang emph{et al.}'s scheme can be fixed.
Keywords:information security;multi-server; mutual authentication; password; smart card; privacy

For this paper

  • PDF (0B)
  • ● Revision 0   
  • ● Print this paper
  • ● Recommend this paper to a friend
  • ● Add to my favorite list

    Saved Papers

    Please enter a name for this paper to be shown in your personalized Saved Papers list


Add yours

Related Papers


PDF Downloaded 67
Bookmarked 0
Recommend 5
Comments Array
Submit your papers