Table 3.
10 Criteria for evaluating authentication schemes.
| Category | ID | Criteria | Definition |
|---|---|---|---|
| Ideal attributes | I
|
Password friendly |
Users can freely select and locally modify their passwords |
I
|
Sound repairability |
Users can join dynamically, and smart card can be revoked |
|
I
|
Key agreement |
Users and task publishers must establish a session key after authentication |
|
I
|
Mutual authentication |
All parties should authenticate each other’s identities |
|
I
|
No password verifier table |
Only users store their password-related data |
|
| Security attributes | S
|
User anonymity |
Adversaries cannot deduce or track users’ identities |
S
|
No password exposure |
Privileged participants (e.g., KGC administrators) cannot access user passwords during registration |
|
S
|
Forward secrecy |
Even if KGC’s long-term key is compromised, the session key remains secure |
|
S
|
Resistance to known attacks |
The protocol withstands impersonation, MITM, replay, stolen verifier, and DoS attacks |
|
S
|
Resistance to smart card loss attack |
The protocol remains secure even if a smart card is lost |