Gyeongju-si: Advanced Institute of Convergence I T
Remote user authentication has become an essential part in e-commerce and mobile-commerce to provide security over the Internet. Recently, Chung et al. proposed a very robust and complicated authentication scheme for resource-limited devices using non-tamper-resistant smart cards with many merits. However, in this paper, we will show that Chung et al.’s scheme is vulnerable to the generic man-in-the-middle attack, and thus it fails to achieve mutual authentication. We will then present an improved simple and elegant scheme to get rid of its weaknesses while retaining all of its merits. One of the promising features of our scheme is that it simply applies the Diffie-Hellman key agreement mechanism to achieve mutual authentication, session key exchange, and perfect forward secrecy.
Journal of Convergence Information Technology 8(2), pp.795-803