A lightweight authentication scheme with user untraceability

• Published in: Frontiers of information technology & electronic engineering Vol. 16; no. 4; pp. 259 - 271
• Main Author: Yeh, Kuo-Hui
• Format: Journal Article
• Language: English
• Published: Heidelberg Zhejiang University Press 01.04.2015; Springer Nature B.V
• Subjects: Authentication; Business; Communications Engineering; Computational efficiency; Computer Hardware; Computer information security; Computer Science; Computer Systems Organization and Communication Networks; Counterfeit; Demand; Electrical Engineering; Electronic engineering; Electronics and Microelectronics; Information technology; Instrumentation; Networks; Security; Weight reduction; Privacy; Smart card; Untraceability; TP309; Security; Authentication
• ISSN: 2095-9184; 2095-9230
• DOI: 10.1631/FITEE.1400232

With the rapid growth of electronic commerce and associated demands on variants of Internet based applications, application systems providing network resources and business services are in high demand around the world. To guarantee robust security and computational efficiency for service retrieval, a variety of authentication schemes have been proposed. However, most of these schemes have been found to be lacking when subject to a formal security analysis. Recently, Chang et aL （2014） introduced a formally provable secure authentication protocol with the property of user-untraceability. Unfortunately, based on our analysis, the proposed scheme fails to provide the property of user-untraceability as claimed, and is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this paper, we demonstrate the details of these malicious attacks. A security enhanced authentication scheme is proposed to eliminate all identified weaknesses.