An Improved Smart Card Based Remote user Authentication Scheme with Session Key Agreement During the Verification Phase
|Published in:||Issue 2, (Vol. 5) / 2011|
|Author(s):||KUMAR Manoj, GUPTA M. K., KUMARI Saru|
|Abstract.||In 2009, Hsiang-Shih’s proposed an improvement to Yoon-Ryu-Yoo’s scheme to prevent offline password guess attack and parallel session attack; and Kim-Chung proposed a more secure improvement to Yoon-Yoo’s scheme to with stand offline password leak, masquerading attacks and stolen verifier attack. This article shows that the two improved schemes are still vulnerable to offline password guess attack, insider attack or extended insider attack, denial of service attack and other security flaws. We also propose an improved scheme that not only retains the advantages of the aforementioned schemes but also enhances its security by withstanding the flaws discussed.|
|Keywords:||Remote User Authentication, Information Security, Smart Card, Session Key.|
1. C.C. Chang, T.C. Wu, Remote password authentication with smart cards, IEE Proceedings-E 138 (3) (1991) pp. 165-168.
2. L. Lamport, Password authentication with insecure communication, Communication ACM, vol. (24) (1981) pp. 770-772.
3. H.Y. Chien, C.H. Chen, A remote authentication scheme preserving user anonymity, In Proc. 19th Inter. Conf. Advanced Information Netw. and Applications, Taipei Taiwan, (2005) pp. 245-248.
4. H.Y. Chien, J.K. Jan, Y.M. Tseng, An efficient and practical solution to remote authentication: smart card, Comp. Security, vol. (21) (2002) pp. 372-375.
5. M.L. Das, A. Saxena, V.P. Gulati, A dynamic ID-based remote user authentication scheme, IEEE Trans. on Cons. Elect., vol. (50) (2004) pp. 629-631.
6. C.I. Fan, Y.C. Chan, Z.K. Zhang, Robust remote authentication scheme with smart cards”, Computer Security, vol. (24) (2005) pp. 619-628.
7. C.L. Hsu, Security of Chien et al.’s remote user authentication scheme using smart cards, Comp. Stand. Interf., vol. (26) (2004) pp. 167-169.
8. M.S. Hwang, C.C. Lee, Y.L. Tang, A simple remote user authentication scheme”, Math. Comput. Model., vol. (36) (2002) pp. 103-107.
9. M.S. Hwang, L.H. Li, A new remote user authentication scheme using smart cards, IEEE Trans. on Cons. Elect., Vol (46) (2000) pp. 28-30.
10. W.S. Juang, Efficient password authenticated key agreement using smart cards, Comp. Security, vol. (23) (2004) pp. 167- 173.
11. W.C. Ku, S.M. Chen, Weakness and improvements of an efficient password based remote user authentication scheme using smart, IEEE Trans.on Consumer Elect., vol. (50) (2004) pp. 204-207.
12. I.E. Liao, C.C. Lee, M.S. Hwang, A password authentication scheme over insecure networks, Comp.Syst. Sci, vol. (s72) (2006) pp. 727-740.
13. H.T. Liaw, J.F. Lin, W.C. Wu, An efficient and complete remote user authentication scheme using smart cards, Math. Comput. Model, vol. (44) (2006) pp. 223-228.
14. W.G. Shieh, W.B. Horng, An improvement of Liaw-Lin-Wu’s efficient and complete remote mutual authentication with smart cards, WSEAS Trans.Info.Sci.Appl., vol.(4)(2007)pp. 1200- 1205.
15. W.G. Shieh, J.M. Wang, Efficient remote mutual authentication and key agreement, Comput. Security, vol. (25) (2006) pp. 72-77.
16. H.M. Sun, An efficient remote user authentication scheme using smart cards”, IEEE Trans. on Cons. Elect., vol (46) (2000) pp. 958-961.
17. E.J. Yoon, E.K. Ryu, K.Y. Yoo, Further improvement of an efficient password based remote user authentication scheme using smart cards, IEEE Trans. on Cons. Electronics, vol. (50) (2004) pp. 612-614.
18. C. Mitchell, Limitations of challenge-response entity authentication, Electronic letters 25 (17) (1989) pp. 1195-1196.
19. W.C. Ku, C.M. Chen, H.L. Lee, Cryptanalysis of a variant of Peyravian-Zynic’s password authentication scheme”, IEICE Trans. on Communication E 86-B (5) (2003) pp. 1682-1684.
20. H.C. Hsiang, W.K. Shih, Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards, Computer Communications, vol. (32) (2009) pp. 649- 652.
21. X. Duan, J.W. Liu, Q. Zhang, Security improvement on Chien et al.’s remote user authentication scheme using smart cards, The 2006 IEEE International Conference on Computational Intelligence and Security. (CIS 2006) 2 (2006) pp. 1133-1135.
22. S. Lee, H. Kim, K. Yoo, “Improved efficient remote user authentication scheme using smart cards”, IEEE Trans. on Cons. Elect., vol.50(2)(2004) pp. 565-567.
23. S. Lee, H. Kim, K. Yoo, Improvement of Chien et al.’s remote user authentication scheme using smart card” Computer Standards & Interfaces, vol. (27) (2004) pp. 181-183. 24. E. Yoon, K. Yoo, More efficient and secure remote user authentication scheme using smart cards, In Proc. of 11th International Conf. on Parallel and Distributed Sys., vol. (2) (2005) pp. 73-77.
25. S.K. Kim, M.G. Chung, More secure remote user authentication scheme, Comp. Comm., vol. (32) (2009) pp. 1018-1021.
26. NIST FIPS PUB 180-2, Secure Hash Standard National Institute of Standards and Tech., U.S. Department of Commerce, DRAFT, (2002).
27. P. Kocher, J. Jaffe, B. Jun, Differential power analysis, Proc. of Advances in Cryptology (CRYPTO’99) (1999) pp. 388-397.
28. T.S. Messerges, E.A. Dabbish, R.H. Sloan, Examining smartcard security under the threat of power analysis attacks, IEEE Transactions on Computers, vol. 51 (5) (2002) pp. 541-552.
29. Jun-qing Liu, Jun Sun, Tian-hao Li, An enhanced remote login authentication with smart card, Proceedings of IEEE Workshop on Signal Processing System Design and Implementation, Nov 2-4,2005, Athems, Greece, Piscataway , NJ, USA: IEEE (2005) pp. 229-232.
30. W. Diffie, P.C. Van Oorschot, M.J. Wiener, Authentication and authenticated key exchanges, Design Codes and Cryptography, vol. (2)(1992)pp. 107-125.
|Back to the journal content|
This article is licensed under a
Creative Commons Attribution-ShareAlike 4.0 International License.