Gyeongju-si: Advanced Institute of Convergence I T
Password authentication has been adopted as one of the most popular solutions in protecting network environment resources from unauthorized access. Most password authentication schemes are unfavorable for many applications because they are based on static IDs, which an attacker can use to trace and identify a users requests. This paper proposes a new two-factor dynamic ID-based remote-user authentication scheme. The proposed scheme guarantees security when either a users password or smart card is compromised (but not both). This work only uses simple operations, for instance, a one-way hash function and an exclusive-OR operation. The proposed scheme provides mutual authentication, user anonymity, perfect forward / backward secrecy and resists replay attack, password guessing attack, stolen-verifier attack, spoofing server attack, and impersonation user attack.
Journal of Convergence Information Technology 8(3), pp.837-844