한국산학기술학회논문지 (Journal of the Korea Academia-Industrial cooperation Society)

  • 제10권2호
  • /
  • Pages.327-333
  • /
  • 2009
  • /
  • 1975-4701(pISSN)
  • /
  • 2288-4688(eISSN)
한국산학기술학회 (The Korea Academia-Industrial cooperation Society)
권호 표지
DOI QR코드

DOI QR Code

원격 사용자 인증 구조의 암호학적 분석

Cryptanalysis of Remote User Authentication Scheme

  • Choi, Jong-Seok (Dept. of Information Security, Tong-Myoung University) ;
  • Shin, Seung-Soo (Dept. of Information Security, Tong-Myoung University) ;
  • Han, Kun-Hee (Division of Information & Communication Engineering, Baekseok University)
  • 발행 : 2009.02.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

2004년에 Das 등은 사용자의 익명성을 보장하기 위한 원격 사용자 인증 구조를 제안했다. 2005년에 Chien 등이 Das 구조는 사용자의 익명성을 보장하지 못한다는 문제점을 제기하고 새로운 구조를 제안하였다. 2007년에 Hu 등은 Chien과 Chen 구조도 강한 서버/사용자 가장 공격, 제한된 재전송 공격, 서비스거부 공격 등과 같은 공격에 취약하며, 잘못된 패스워드의 탐지가 늦다는 문제점을 제기하고 새로운 구조를 제안했다. 2008년에는 Bindu 등이 Chien 과 Chen 구조에 대해서 강한 서버/사용자 가장 공격에 대한 문제점을 제기하고 그 문제점을 해결하기 위한 새로운 구조를 제안하였다. 그러나 우리는 Hu et al. 구조와 Bindu et al. 구조 모두 사용자 익명성과 서비스 거부 공격에 대하여 취약하다는 것을 보였다.

In 2004, Das et al. proposed a scheme for preserving a user anonymity. However, In 2005, Chien and Chen pointed out that Das et al. scheme fail to protect the user anonymity, and proposed a new scheme. And then in 2007, Hu et al. pointed out that Chien and Chen scheme also has some problems; it is Strong masquerading server/user attack, Restricted replay attack, Denial of service attack. it also slow wrong password detection, and proposed a new scheme. In 2008, Bindu et al. repeatedly pointed out on Chien and Chen scheme and proposed their scheme. However, we point out that all of their scheme also has some problems; it is not to protect the user anonymity and Denial of service attack. In addition, Bindu et al. is vulnerable to Strong masquerading server/user attack. Therefore, we demonstrate that their scheme also have some problems; it is the user anonymity and denial of service attack as above.

키워드

참고문헌

  1. M. L. Das, A. Saxena, and V. P. Gulathi, "A Dynamic ID-based Remote User Authentication Scheme," IEEE Transactions on Consumer Electronics, Vol.50, No.2, pp. 629-631, 2004. https://doi.org/10.1109/TCE.2004.1309441
  2. Amit. K. Awasthi and Sunder Lal, "A Remote User Authentication with Forward Secrecy," IEEE Transactions on Consumer Electronics, Vol.49, No.4, pp. 1246-1248, 2003. https://doi.org/10.1109/TCE.2003.1261225
  3. C. Chang, and T. Wu, "Remote Password Authentication with Smart Cards," IEEE Proceedings Computers and Digital Techniques, Vol.138, No.3, pp. 165-168, 1991. https://doi.org/10.1049/ip-e.1991.0022
  4. C. Chang, and S. Hwang, "Using Smart Cards to Authenticate Remote Passwords," Computers and Mathematics with Application, Vol.26, No.7, pp. 19-27, 1993. https://doi.org/10.1016/0898-1221(93)90048-Z
  5. E. J. Yoon, E. K. Ryu, and K. Y. Yoo, "Further Improvement of an Efficient Password Based Remote User Authentication Scheme Using Smart Cards," IEEE Transactions on Consumer Electronics. https://doi.org/10.1109/TCE.2004.1309437
  6. H. Chien, J. Jan, and Y. Tseng, "An Efficient and Practical Solution to Remote Authentication: Smart Card," Computers and Security, Vol. 21, No. 4, pp. 372-375, 2002. https://doi.org/10.1016/S0167-4048(02)00415-7
  7. I-En Liao, Cheng-Chi Lee, and Min-Shiang Hwang, "Security Enhancement for a Dynamic ID-based remote user Authentication Scheme," Proceedings of the intern national conference on Next Generation Web Services Practices (NWeSP"05) 2005.
  8. Hung-Yu Chien and Che-Hao Chen, "A Remote Password Authentication Preserving User Anonymity," Proceedings of the 19th International Conference on Advanced Infor mation Networking and Applications, (AINA 05), 2005.
  9. Hu, Yang and Niu, "Improved Remote User Authentication Scheme Preserving User Anonymity," IEEE CNSR'07, 2007. https://doi.org/10.1109/CNSR.2007.38
  10. Mrs. C. Shoba Bindu, Dr P. Chandra Sekbar Reddy, and Dr B. Satyanarayana, "Improved remote user authentication scheme preserving user anonymity," International Journal of Computer Science and Network Security, Vol.8 No.3, March 2008.