As anonymity increasingly becomes a necessary and legitimate aim in many applications, a number of anonymous authentication schemes have been suggested over the years. Among the many schemes is Lee and Kwon's password-based authentication scheme for wireless environments. Compared with previous schemes, Lee and Kwon's scheme not only improves anonymity by employing random temporary IDs but also provides user-friendliness by allowing human-memorable passwords. In this letter, we point out that Lee and Kwon's scheme, despite its many merits, is vulnerable to off-line password guessing attacks and a forgery attack. In addition, we show how to eliminate these vulnerabilities.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Woongryul JEON, Jeeyeon KIM, Junghyun NAM, Youngsook LEE, Dongho WON, "An Enhanced Secure Authentication Scheme with Anonymity for Wireless Environments" in IEICE TRANSACTIONS on Communications,
vol. E95-B, no. 7, pp. 2505-2508, July 2012, doi: 10.1587/transcom.E95.B.2505.
Abstract: As anonymity increasingly becomes a necessary and legitimate aim in many applications, a number of anonymous authentication schemes have been suggested over the years. Among the many schemes is Lee and Kwon's password-based authentication scheme for wireless environments. Compared with previous schemes, Lee and Kwon's scheme not only improves anonymity by employing random temporary IDs but also provides user-friendliness by allowing human-memorable passwords. In this letter, we point out that Lee and Kwon's scheme, despite its many merits, is vulnerable to off-line password guessing attacks and a forgery attack. In addition, we show how to eliminate these vulnerabilities.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.E95.B.2505/_p
Copy
@ARTICLE{e95-b_7_2505,
author={Woongryul JEON, Jeeyeon KIM, Junghyun NAM, Youngsook LEE, Dongho WON, },
journal={IEICE TRANSACTIONS on Communications},
title={An Enhanced Secure Authentication Scheme with Anonymity for Wireless Environments},
year={2012},
volume={E95-B},
number={7},
pages={2505-2508},
abstract={As anonymity increasingly becomes a necessary and legitimate aim in many applications, a number of anonymous authentication schemes have been suggested over the years. Among the many schemes is Lee and Kwon's password-based authentication scheme for wireless environments. Compared with previous schemes, Lee and Kwon's scheme not only improves anonymity by employing random temporary IDs but also provides user-friendliness by allowing human-memorable passwords. In this letter, we point out that Lee and Kwon's scheme, despite its many merits, is vulnerable to off-line password guessing attacks and a forgery attack. In addition, we show how to eliminate these vulnerabilities.},
keywords={},
doi={10.1587/transcom.E95.B.2505},
ISSN={1745-1345},
month={July},}
Copy
TY - JOUR
TI - An Enhanced Secure Authentication Scheme with Anonymity for Wireless Environments
T2 - IEICE TRANSACTIONS on Communications
SP - 2505
EP - 2508
AU - Woongryul JEON
AU - Jeeyeon KIM
AU - Junghyun NAM
AU - Youngsook LEE
AU - Dongho WON
PY - 2012
DO - 10.1587/transcom.E95.B.2505
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E95-B
IS - 7
JA - IEICE TRANSACTIONS on Communications
Y1 - July 2012
AB - As anonymity increasingly becomes a necessary and legitimate aim in many applications, a number of anonymous authentication schemes have been suggested over the years. Among the many schemes is Lee and Kwon's password-based authentication scheme for wireless environments. Compared with previous schemes, Lee and Kwon's scheme not only improves anonymity by employing random temporary IDs but also provides user-friendliness by allowing human-memorable passwords. In this letter, we point out that Lee and Kwon's scheme, despite its many merits, is vulnerable to off-line password guessing attacks and a forgery attack. In addition, we show how to eliminate these vulnerabilities.
ER -