Author :
Truong, Toan-thinh ; Tran, Minh-Triet ; Duong, Anh-duc
Abstract :
Mobile devices (e.g., PDA, mobile phone, and notebook PC) become necessary for a convenient and modern life. Users can use them to access many applications, for example online shopping, mobile pay TV, internet banking, which have been deployed on internet or wireless networks easily. Therefore, secure communications in such wireless environments are more and more important because they protect transactions between users and servers from illegal adversaries. Especially, users are people vulnerable to attacks and there are many authentication schemes proposed to guarantee them. Recently, Islam and Biswas have proposed a more efficient and secure ID-based scheme for mobile devices on ECC to enhance security for authentication. They claimed that their scheme truly is more secure than previous ones and it can resist various attacks. However, it is not true because their scheme is vulnerable to known session-specific temporary information attack, and denial of service resulting from leaking server´s database. In this paper, we present an improvement to their scheme in order to isolate such problems.
Keywords :
mobile computing; public key cryptography; telecommunication security; transaction processing; ECC; communication security; denial of service; elliptic curve cryptosystem; illegal adversary; key agreement scheme; mobile device; secure ID-based remote mutual authentication; security enhancement; server database leakage; session-specific temporary information attack; temporary information attack; transaction protection; vulnerability; wireless environment; Authentication; Computer crime; Databases; Mobile handsets; Resists; Servers; Authentication; Dynamic ID; Impersonation; Password; Session key; Smart card; elliptic curve cryptosystem;
