An exquisite authentication scheme with key agreement preserving user anonymity

Mijin Kim; Seungjoo Kim; Dongho Won

doi:10.1007/978-3-642-16515-3_31

An exquisite authentication scheme with key agreement preserving user anonymity

Mijin Kim, Seungjoo Kim, Dongho Won

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In 2009, Liao et al. proposed an exquisite mutual authentication scheme with key agreement using smart cards to access a network system legally and securely. Liao et al.'s scheme adopted a transformed identity (TID) to avoid identity duplication. However, we find out that an adversary may exploit TID to achieve offline guessing attack. Liao et al.'s scheme is also exposed to man-in-the-middle attack and their claimed theorems and proofs are incorrect. We conduct detailed analysis of flaws in the scheme and its security proof. This paper proposes an improved scheme to overcome these problems and preserve user anonymity that is an issue in e-commerce applications.

Original language	English
Title of host publication	Web Information Systems and Mining - International Conference, WISM 2010, Proceedings
Pages	244-253
Number of pages	10
Edition	M4D
DOIs	https://doi.org/10.1007/978-3-642-16515-3_31
Publication status	Published - 2010
Externally published	Yes
Event	2010 International Conference on Web Information Systems and Mining, WISM 2010 - Sanya, China Duration: 2010 Oct 23 → 2010 Oct 24

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Number	M4D
Volume	6318 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	2010 International Conference on Web Information Systems and Mining, WISM 2010
Country/Territory	China
City	Sanya
Period	10/10/23 → 10/10/24

Keywords

Key agreement
Mutual authentication
Transformed identity
User anonymity

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-642-16515-3_31

Cite this

Kim, M., Kim, S., & Won, D. (2010). An exquisite authentication scheme with key agreement preserving user anonymity. In Web Information Systems and Mining - International Conference, WISM 2010, Proceedings (M4D ed., pp. 244-253). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6318 LNCS, No. M4D). https://doi.org/10.1007/978-3-642-16515-3_31

An exquisite authentication scheme with key agreement preserving user anonymity. / Kim, Mijin; Kim, Seungjoo; Won, Dongho.
Web Information Systems and Mining - International Conference, WISM 2010, Proceedings. M4D. ed. 2010. p. 244-253 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6318 LNCS, No. M4D).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kim, M, Kim, S & Won, D 2010, An exquisite authentication scheme with key agreement preserving user anonymity. in Web Information Systems and Mining - International Conference, WISM 2010, Proceedings. M4D edn, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. M4D, vol. 6318 LNCS, pp. 244-253, 2010 International Conference on Web Information Systems and Mining, WISM 2010, Sanya, China, 10/10/23. https://doi.org/10.1007/978-3-642-16515-3_31

Kim M, Kim S, Won D. An exquisite authentication scheme with key agreement preserving user anonymity. In Web Information Systems and Mining - International Conference, WISM 2010, Proceedings. M4D ed. 2010. p. 244-253. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); M4D). doi: 10.1007/978-3-642-16515-3_31

Kim, Mijin ; Kim, Seungjoo ; Won, Dongho. / An exquisite authentication scheme with key agreement preserving user anonymity. Web Information Systems and Mining - International Conference, WISM 2010, Proceedings. M4D. ed. 2010. pp. 244-253 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); M4D).

@inproceedings{18dd1d9db71546eeaaa04830593e0c14,

title = "An exquisite authentication scheme with key agreement preserving user anonymity",

abstract = "In 2009, Liao et al. proposed an exquisite mutual authentication scheme with key agreement using smart cards to access a network system legally and securely. Liao et al.'s scheme adopted a transformed identity (TID) to avoid identity duplication. However, we find out that an adversary may exploit TID to achieve offline guessing attack. Liao et al.'s scheme is also exposed to man-in-the-middle attack and their claimed theorems and proofs are incorrect. We conduct detailed analysis of flaws in the scheme and its security proof. This paper proposes an improved scheme to overcome these problems and preserve user anonymity that is an issue in e-commerce applications.",

keywords = "Key agreement, Mutual authentication, Transformed identity, User anonymity",

author = "Mijin Kim and Seungjoo Kim and Dongho Won",

year = "2010",

doi = "10.1007/978-3-642-16515-3_31",

language = "English",

isbn = "3642165141",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

number = "M4D",

pages = "244--253",

booktitle = "Web Information Systems and Mining - International Conference, WISM 2010, Proceedings",

edition = "M4D",

note = "2010 International Conference on Web Information Systems and Mining, WISM 2010 ; Conference date: 23-10-2010 Through 24-10-2010",

}

TY - GEN

T1 - An exquisite authentication scheme with key agreement preserving user anonymity

AU - Kim, Mijin

AU - Kim, Seungjoo

AU - Won, Dongho

PY - 2010

Y1 - 2010

N2 - In 2009, Liao et al. proposed an exquisite mutual authentication scheme with key agreement using smart cards to access a network system legally and securely. Liao et al.'s scheme adopted a transformed identity (TID) to avoid identity duplication. However, we find out that an adversary may exploit TID to achieve offline guessing attack. Liao et al.'s scheme is also exposed to man-in-the-middle attack and their claimed theorems and proofs are incorrect. We conduct detailed analysis of flaws in the scheme and its security proof. This paper proposes an improved scheme to overcome these problems and preserve user anonymity that is an issue in e-commerce applications.

AB - In 2009, Liao et al. proposed an exquisite mutual authentication scheme with key agreement using smart cards to access a network system legally and securely. Liao et al.'s scheme adopted a transformed identity (TID) to avoid identity duplication. However, we find out that an adversary may exploit TID to achieve offline guessing attack. Liao et al.'s scheme is also exposed to man-in-the-middle attack and their claimed theorems and proofs are incorrect. We conduct detailed analysis of flaws in the scheme and its security proof. This paper proposes an improved scheme to overcome these problems and preserve user anonymity that is an issue in e-commerce applications.

KW - Key agreement

KW - Mutual authentication

KW - Transformed identity

KW - User anonymity

UR - http://www.scopus.com/inward/record.url?scp=78649524257&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-16515-3_31

DO - 10.1007/978-3-642-16515-3_31

M3 - Conference contribution

AN - SCOPUS:78649524257

SN - 3642165141

SN - 9783642165146

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 244

EP - 253

BT - Web Information Systems and Mining - International Conference, WISM 2010, Proceedings

T2 - 2010 International Conference on Web Information Systems and Mining, WISM 2010

Y2 - 23 October 2010 through 24 October 2010

ER -

An exquisite authentication scheme with key agreement preserving user anonymity

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this