Title :
Comments on a Secret-Key-Privacy-Preserving Authentication and Key Agreement Scheme
Author :
Chang, Ya-Fen ; Lin, Jhih-Yi ; Yen, Yuo-Ju
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Nat. Taichung Inst. of Technol., Taichung, Taiwan
Abstract :
Lots applications need involved parties to share common session keys for specific requirements. For example, the shared key can be the seed to determine locations to hide secret data into an image. Wang et al. proposed an authentication scheme with key agreement based on the elliptic curve discrete logarithm problem in 2011. They claimed that their scheme had seven advantages. (1) A verification table is not required in the server. (2) The client´s password can be changed easily, and the server cannot obtain the client´s password. (3) Their scheme could resist all well-known security threats. (4) No time synchronization is needed. (5)The client and the server can share a common session key. (6) Their scheme is efficient and practical. (7) Their scheme can protect the privacy of the client´s secret information. After we analyze Wang et al.´s scheme thoroughly, we find that their scheme suffers from three threats. In this paper, we will show the perceived security threats of Wang et al.´s scheme in detail.
Keywords :
client-server systems; message authentication; public key cryptography; client password; client secret information privacy; elliptic curve discrete logarithm problem; image hiding; key agreement scheme; secret data hiding; secret key privacy preserving authentication; security threats; Authentication; Bismuth; Law; Servers; Smart cards; anthentication; password; smart card;
Conference_Titel :
Genetic and Evolutionary Computing (ICGEC), 2011 Fifth International Conference on
Conference_Location :
Xiamen
Print_ISBN :
978-1-4577-0817-6
Electronic_ISBN :
978-0-7695-4449-6
DOI :
10.1109/ICGEC.2011.48
