Article Preview
Top1. Introduction
Wireless technology, since their inception has spread rapidly throughout the world and this trend has spurred its domain of application to come up with solutions to real world problems. Unlike wired systems, wireless networks give us enormous freedom to connect with near and far remote devices. In parallel with these advancements of wireless applications, varied modes of security threats have also seen from the attackers (Sile Technology Europe GmbH, 2008). The channel is open to all and the attackers can intercept the messages communicated over the channel. The attackers then use the intercepted messages in next sessions for their own benefits and cause severe attacks like user impersonation, traceability of targeted users, etc. To mitigate these issues, an additional level of security must be imposed and the security protocols must address the threats effectively. Wireless security is required to check the authenticity of the participating entities (i.e. client and server) as well as the messages communicated over insecure channel (Dubash, 2016; Idris and Kassim, 2016). A server must verify the identity of the user in prior to allow them to use the resources. In user authentication protocols, user gets access to the server only if their secretly shared credentials like username and password are matched. Recent age applications provide smart card based authentication in which some user secrets are stored in the smart card (Chen et al., 2012). Smart card technology ensures strong authentication and protect confidential password files, biometric template through which a legitimate user get access to the server.
In 2009, Juang et al. proposed two protocols based on two factor authentication. In the first protocol, the identity of user is sent openly with other encrypted information. In the second protocol, identity protected scheme was proposed. Lee et al. in the year of 2010 found that the protocols proposed by Juang et al. consists of more number of rounds and second protocol does not provide identity protection properly. Lee et al. proposed another two protocols to enhance the security. However, we found that the second protocol proposed by Lee et al. is vulnerable to user traceability, impersonation attack and the scheme has no facility of password change. Chen et al. (2012), proposed a password based user authentication scheme without smart cards. This scheme has flaws like no user anonymity, User Traceability, no forward secrecy, prone to insider attack, and no facility for users to change the password. He et al. in the year of 2013 proposed an improved authentication scheme of Chen et al. However, this scheme solved only the forward secrecy problem and other weaknesses remained as they were. In 2015, Sood et al. proposed a secure authentication scheme for IoT and cloud servers. However, this scheme is vulnerable to user traceability, no identity protection, insider attack, and weak mutual authentication. Choudhury et al. (2011) proposed a smart card based strong user authentication framework for cloud computing. This scheme provides a smart card to the user during registration phase and the user is required to insert the smart card as well as the user identity and password during login time. In 2012, He et al. proposed a secure authentication scheme for telecare medicine information systems based on smart cards. Wang et al. (Wang, 2014), proposed an enhanced authentication scheme based on elliptic curve cryptography. Tso et al., in the year of 2015, proposed an efficient password authentication scheme based on smart card. The protocols (based on smart cards) discussed in the literature review mainly have the weaknesses of no user anonymity, user traceability, and smart card stolen attack. Furthermore, protocol proposed by Tso et al. (2014) is vulnerable to desynchronization and DoS attack.