Title: An Improved Mutual Authentication Scheme with Smart Cards and Password under Trusted Computing
Abstract: In the traditional smart card-based password authentication schemes, the authentication is only applied to verify both of server and user, but not applied to verify the platform. Recently, Yang, Ma, and Jiang proposed a mutual authentication scheme with smart cards and password under trusted computing. Their scheme was designed to authenticate the platform. They claimed that their scheme could withstand most of the possible attacks, such as secure session key agreement, user identity anonymity, password free changing, and platform certification updating. However, we will show that their scheme is vulnerable to on-line guessing password attack with smart card, and man-in-the-middle attack. In this article, we also propose an improved Yang-Ma-Jiang's mutual authentication scheme to withstand the vulnerability in their scheme.