标题：An Efficient and Secure Smart Card Based Authentication Scheme
作者：Chen, Chien-Ming; Xiang, Bin; Wang, King-Hang; Zhang, Yong; Wu, Tsu-Yang
作者机构：[Chen, Chien-Ming; Wu, Tsu-Yang] Shandong Univ Sci & Technol, Coll Comp Sci & Engn, Qingdao, Shandong, Peoples R China.; [Xiang, Bin] Harbin Inst Te 更多
通讯作者：Wu, TY;Wu, TY;Wu, TY;Wu, TsuYang
通讯作者地址：[Wu, TY]Shandong Univ Sci & Technol, Coll Comp Sci & Engn, Qingdao, Shandong, Peoples R China;[Wu, TY]Fujian Univ Technol, Fujian Prov Key Lab Big Dat 更多
来源：JOURNAL OF INTERNET TECHNOLOGY
关键词：Authentication key agreement; Biometric; Elliptic-curve cryptosystem;; Smart card; BAN logic
摘要：Remote user authentication schemes are helpful to provide authenticity between users and a remote server in network-based services. In order to meet the security requirements, many related schemes have been proposed. Recently, Moon et al. proposed a smart card based three-factor authentication scheme and claimed that the scheme prevented various attacks. However, just in the same year, Li et al. suggested a new insider attack scenario and pointed out that Moon et al.'s scheme suffers from a user anonymity violation attack, a user impersonation attack, and a server masquerade attack under this scenario. In this study, it is demonstrated that without the new attack scenario, Moon et al.'s scheme is still insecure against a traceability attack, an offline identity-guessing attack, an impersonation attack, and a man-in-the-middle attack. Based on Moon et al.'s scheme, a new three-factor authenticated key agreement scheme is proposed. The proposed scheme is validated by widely accepted BAN logic. In addition, the proposed scheme can satisfy various types of functional features and prevent various security attacks.