Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Implementation of a Remote Authentication System Using Smartcards to Guarantee User Anonymity to Third Party

제 3자에게 사용자 익명성을 제공하는 스마트 카드 기반 원격 인증 시스템 구현

  • Baek, Yi-Roo (Dept. of Information Security, Hoseo University) ;
  • Oh, Doo-Hwan (Dept. of Information Security, Hoseo University) ;
  • Gil, Kwang-Eun (Dept. of Information Security, Hoseo University) ;
  • Ha, Jae-Cheol (Dept. of Information Security, Hoseo University)
  • 백이루 (호서대학교 정보보호학과) ;
  • 오두환 (호서대학교 정보보호학과) ;
  • 길광은 (호서대학교 정보보호학과) ;
  • 하재철 (호서대학교 정보보호학과)
  • Published : 2009.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we analyze vulnerabilities in a remote authentication protocol using smartcards which was proposed by Bindu et al. and propose an improved scheme. The proposed scheme can prevent from restricted replay attack and denial of service attack by replacing time stamp with random number. In addition, this protocol can guarantee user anonymity by transmitting encrypted user's ID using AES cipher algorithm. The computational load in our protocol is decreased by removing heavy exponentiation operations and user efficiency is enhanced due to addition of password change phase in which a user can freely change his password. Furthermore, we really implement the proposed authentication protocol using a STM smartcard and authentication server. Then we prove the correctness and effectiveness of the proposed remote authentication system.

본 논문은 2008년 Bindu 등이 제안한 프로토콜의 취약점을 분석하고, 이를 해결할 수 있는 향상된 프로토콜을 제안한다. 제안한 프로토콜은 안전성면에서 타임 스탬프를 사용하지 않고 랜덤 수를 사용하여 제한된 재전송 공격과 서비스 거부 공격을 방지할 수 있다. 이와 더불어 사용자의 ID 정보를 AES로 암호화하여 전송함으로써 사용자의 익명성을 제공하였다. 또한, 멱승 연산을 제거하고 사용자가 자유롭게 패스워드를 변경할 수 있는 패스워드 변경 단계를 추가하여 프로토콜의 효율성을 높였다. 논문에서는 제안한 프로토콜을 STM 스마트 카드에 직접 구현하고 인증 서버를 설치하여 그 동작이 정확하고 효율적임을 검증하였다.

Keywords

References

  1. L. Lamport, "Password authentication with insecure communications," Communication. of the ACM, Vol. 24, No. 11, pp. 770-772, 1981. https://doi.org/10.1145/358790.358797
  2. T. Y. Hwang, "Passwords Authentication Using Public-Key Encryption," Proc. of international Carnahan Conference on Security Technology, pp. 35-38, 1983.
  3. T. Hwang, Y. Chen, and C.S. Laih, "Non-interactive password authentications without password tables," IEEE Region 10 Conference on Computer and Communication Systems, IEEE Computer Society, pp. 429-431, 1990. https://doi.org/10.1109/TENCON.1990.152647
  4. S. J. Wang, J. F. Chang, "Smart card based secure password authentication scheme," Computers and Security, Vol. 15 No. 3 pp. 231-237, 1996. https://doi.org/10.1016/0167-4048(96)00005-3
  5. W. H. Yang, S. P. Shieh, "Password authentication schemes with smart cards," Computers and Security, Vol. 18 No. 8, pp. 727-733, 1999. https://doi.org/10.1016/S0167-4048(99)80136-9
  6. C. C. Chang, T. C. Wu, "Remote password authentication with smart cards," IEE Proceedings-Computers and Digital Techniques, Vol. 138 No. 3, pp. 165-168, 1991. https://doi.org/10.1049/ip-e.1991.0022
  7. T. ElGamal, "A public key cryptosystem and a signature scheme based on discrete logarithms," IEEE Transactions on Information Theory, Vol. IT-31, pp. 469-472, 1985. https://doi.org/10.1109/TIT.1985.1057074
  8. M. S Hwang, L. H Li, "A new remote user authentication scheme using smart cards," IEEE Trans. On Comsumer Electronics, Vol. 46, No. 1, pp. 28-30, 2000. https://doi.org/10.1109/30.826377
  9. H. M. Sun, "An efficient remote user authentication scheme using smart cards," IEEE Trans. On Consumer Electronics, Vol. 46, No. 4, pp. 958-961, 2000. https://doi.org/10.1109/30.920446
  10. H. Y. Chien, J. K. Jan, and Y. M. Tseng, "An efficient and practical solution to remote authentication: Smart Card," Computers and Security, Vol. 21, No. 4, pp. 372-375, 2002. https://doi.org/10.1016/S0167-4048(02)00415-7
  11. M. L Das, A. Saxena, V. P Gulati, "A dynamic ID-based remote user authentication scheme," IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629-631, May 2004. https://doi.org/10.1109/TCE.2004.1309441
  12. H. Y Chien, C. H. Chen. "A remote authentication scheme preserving user anonymity," IEEE AINA'05, Vol. 2, pp. 245-248, March 2005. https://doi.org/10.1109/AINA.2005.54
  13. L. Hu, Y. Yang, X. Niu. "Improved remote user authentication scheme preserving anonymity," Fifth Annual Conference on Communication Network and Services Research(CNSR), pp. 323-328, 2007.
  14. C. S. Bindu, P. C. S. Reddy, B. Satyanarayana, "Improved remote user authentication scheme preserving anonymity," International Journal of Computer Science and Network Security(IJCSNS), vol.8, no.3, 2008.
  15. National Institute of Standard and Technology, Advanced Encryption Standard, NIST FIPS PUB 97, 2001.
  16. 정민경, 신승수, 한군희, 오상영, "스마트카드를 이용한 원격 시스템 사용자 인증 프로토콜," 한국산학기술학회, 제10권, 제3호, pp. 572-578, 2009. 3 https://doi.org/10.5762/KAIS.2009.10.3.572
  17. 최종석, 신승수, 한군희, "사용자 익명성을 제공하는 스마트 카드 기반 3자 참여 키 교환 프로토콜," 한국산학기술학회, 제10권, 제 2호, pp. 388-395, 2009. 2
  18. L. Gong, "A security risk of depending on synchronized clocks," Operating Systems Review, Vol. 26, No. 1, pp. 49-53, 1992. https://doi.org/10.1145/130704.130709
  19. National Institute of Standard and Technology, Secure Hash Standard, NIST FIPS PUB 180-1, 1995.

Cited by

  1. A Design of Protocol Based on Smartcard for Financial Information to Protect in E-payment System vol.14, pp.11, 2013, https://doi.org/10.5762/KAIS.2013.14.11.5872