Journal of information and communication convergence engineering

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지

Cryptanalysis of Hu-Niu-Yang's Multi-server Password Authenticated Key Agreement Schemes Using Smart Card

  • Lee, Sang-Gon (Division of Computer & Information Engineering, Dongseo University) ;
  • Lim, Meng-Hui (School of Electrical and Electronics Engineering in Yonsei University) ;
  • Lee, Hoon-Jae (Division of Computer & Information Engineering, Dongseo University)
  • Published : 2009.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Multi-server password authentication schemes enable remote users to obtain service from multiple servers with single password without separately registering to each server. In 2007, Hu-Niu-Yang proposed an improved efficient password authenticated key agreement scheme for multi-server architecture based on Chang-Lee's scheme proposed in 2004. This scheme is claimed to be more efficient and is able to overcome a few existing deficiencies in Chang-Lee's scheme. However, we find false claim of forward secrecy property and some potential threats such as offline dictionary attack, key-compromise attack, and poor reparability in their scheme. In this paper, we will discuss these issues in depth.

Keywords

References

  1. C.C. Chang and lS. Lee, "An Efficient and Secure Multi-server Password Authentication Scheme using Smart Cards," International Conference on Cyberworlds(CW '04), pp. 417-422, 2004 https://doi.org/10.1109/CW.2004.17
  2. L. Hu, X. Niu, and Y. Yang, "An Efficient Multiserver Password Authenticated Key Agreement Scheme using Smart Cards," International Conference on Multimedia and Ubiquitous Engineering (MUE '07), IEEE, pp. 903-907, 2007 https://doi.org/10.1109/MUE.2007.70
  3. W.S. Juang, "Efficient Multi-server Password Authenticated Key Agreement using Smart Cards," IEEE Trans. on Consumer Electronics vol. 50, no. 1, pp. 251-255, 2004 https://doi.org/10.1109/TCE.2004.1277870
  4. C.-L. Lin and T. Hwang, "A Password Authentication Scheme with Secure Password Updating," Computer and Security, vol. 22, no. 1, pp. 68-72 , 2003 https://doi.org/10.1016/S0167-4048(03)00114-7
  5. I.-C. Lin, M.-S. Hwang, and L.-H. Li, "A New Remote User Authentication Scheme for Multiserver Architecture," Future Generation Computer Systems, vol. 19, pp. 13-22,2003 https://doi.org/10.1016/S0167-739X(02)00093-6
  6. L.-H. Li, I.-C. Lin, and M.-S. Hwang, "A Remote Password Authentication Scheme for Multi-server Architecture using Neural Networks," IEEE Trans. on Neural Networks, vol. 12, no. 6, pp. 1498-1504, 200l https://doi.org/10.1109/72.963786
  7. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Advances in Cryptology (CRYPTO '99), LNCS 1666, pp. 388-397,1999 https://doi.org/10.1007/3-540-48405-1_25
  8. T.S. Messerges, E.A. Dabbish, and R.H. Sloan, "Examining Smart-Card Security Under the Threat of Power Analysis Attacks," IEEE Trans. on Computers, vol. 51, no. 5, pp. 541-552, 2002 https://doi.org/10.1109/TC.2002.1004593
  9. S. Halevi and H. Krawczyk, "Public-Key Cryptography and Password Protocols," Proc. ACM Conf Computer and Comm. Security, pp. 122-131,1998 https://doi.org/10.1145/288090.288118
  10. Y. Yang, R. H. Deng, and F. Bao, "A Practical password-based two-server authentication and key exchange system," IEEE Trans. On Dependable and Secure Computing, vol.3, no.3 pp. 105-114, 2006 https://doi.org/10.1109/TDSC.2006.16
  11. S. B. Wilson, and A. Menezes, "Authenticated Diffie-Hellman key agreement protocols," Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography (SAC 98), LNCS, vol. 1556, pp. 339-361,1998 https://doi.org/10.1007/3-540-48892-8_26
  12. T. Hwang and W.-C. Ku, "Reparable Key distribution protocols for Internet environments," IEEE Trans. Commun., vol.43, no.5 pp.l947-1949, May 1995 https://doi.org/10.1109/26.387429
  13. W.-C. Ku, H.-M Chuang, and M.-H Chiang, "Cryptanalysis of a Multi-Server Authenticated Key Agreement Scheme Using Smart Cards," IEICE Trans. Fundamentals, vol. E88-A, no.11 Nov. 2005