A Secure Identification and Key agreement protocol with user Anonymity (SIKA) Kumar Mangipudi1* and Rajendra Katti1March 11th, 2005
FiledMarch 11th, 2005Anonymity is a desirable security feature in addition to providing user identification and key agreement during a user’s login process. Recently, Yang et al., proposed an efficient user identification and key distribution protocol while preserving user anonymity. Their protocol addresses a weakness in the protocol proposed by Wu and Hsu. Unfortunately, Yang’s protocol poses a vulnerability that can be exploited to launch a Denial-of-Service (DoS) attack. In this paper, we cryptanalyze Yang’s protocol and present the DoS attack. We further secure their protocol by proposing a Secure Identification and Key agreement protocol with user Anonymity (SIKA) that overcomes the above limitation while achieving security features like identification, authentication, key agreement and user anonymity.