Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Cryptanalysis of a Remote User Authentication scheme using Smart Cards

스마트카드를 이용한 원격 사용자 인증 스킴의 안전성 분석

  • Shin, Seung-Soo (Dept. of Information Security, College of Information & Communication, Tongmyong University) ;
  • Han, Kun-Hee (Division of Information & Communication Engineering, Baekseok University) ;
  • Chun, Je-Ran (Department of Medical Administration, Daejeon Health Science College)
  • 신승수 (동명대학교 정보보호학과) ;
  • 한군희 (백석대학교 정보통신학부) ;
  • 전제란 (대전보건대학 의무행정과)
  • Received : 2011.09.05
  • Accepted : 2011.11.10
  • Published : 2011.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Seo et al. criticizes that Hu-Niu-Yang's certification scheme is not enough to satisfy the security requirements of a smart card-based certification scheme because it has a weakness of password guessing attack as well as gives attackers opportunities to be disguised as legitimate users. However, Seo et al. also has a weakness not satisfying the security requirements. This paper suggests a new scheme that contains the characteristics of certification scheme provided by Seo et al. but compensates weak points. The findings show that the new scheme is more safety and efficient than Seo et al.'s

본 논문에서는 Hu-Niu-Yang이 제안한 스마트카드를 이용한 사용자 인증 스킴에 대하여 Seo등은 공격자가 스마트카드에 저장된 정보를 취득함으로써 패스워드 추측공격(password guessing attack)이 가능하고 이와 함께 합법적인 사용자로 가장할 수 있기 때문에 스마트카드 기반 인증 스킴에서 고려되는 보안 요구 사항을 만족하지 못한다고 했다. 그러나 Seo등의 사용자 인증 스킴 또한 보안 요구사항에 만족하지 않는다. Seo등에 의해 제안된 인증 스킴의 특징을 유지하면서 보안 취약점들을 개선한 스킴을 제안한다. 제안한 사용자 인증 스킴이 Seo등의 인증 스킴보다 상대적으로 안전하고 효율적인 스킴임을 알 수 있다.

Keywords

References

  1. L. Lamport, "Password authentication with insecure communication," Communication of the ACM, 24(11), pp. 770-772, 1981. https://doi.org/10.1145/358790.358797
  2. C.C Chang, T.C. Wu, "Remote password authentication with smart cards," IEEE Proceedings-E, 138(3), pp. 165-168, 1991. https://doi.org/10.1049/ip-d.1991.0023
  3. H.Y. Chien, J.K. Jan, Y.M. Tseng, "An efficient and practical solution to remote authentication using smart card," Computers & Security, 21(4), pp. 372-375, 2002. https://doi.org/10.1016/S0167-4048(02)00415-7
  4. C.L. Hsu, "Security of two remote user authentication schemes using smart card," IEEE Transactions on Consumer Electronics, 49(4), pp. 1196-1198, 2003. https://doi.org/10.1109/TCE.2003.1261216
  5. J.Q. Kiu, J. Sun, T.H. Li, "An enhanced remote login authentication with smart card," Proceedings of IEEE Workshop on Signal Proceeding Systems Design and telecommunications, vol. 14, pp. 91-94, 2005.
  6. L.L. Hu, X.X. Niu, Y.X. Yang, "Weakness and improvements of a remote user authentication scheme using smart cards," The journal of China univ. of posts and telecommunications, vol. 14, pp. 91-94, 2007. https://doi.org/10.1016/S1005-8885(07)60155-1
  7. J. M. Seo, H. Y. An, "Security Improvements on the Remote User Authentication Scheme Using Smart Cards", Journal of the Korea Society of Computer and Information, Vol. 15, No.3, pp. 91-97, 2010. 3. https://doi.org/10.9708/jksci.2010.15.3.091
  8. J. Xu, W.T Zhu, D.G. Feng, "An improved smart card based password authentication scheme with provable security," Computers Standards & Interfaces, 31, pp. 723-728, 2009. https://doi.org/10.1016/j.csi.2008.09.006
  9. P. Kocher, J. Jaffe, B. Jun, "Differential power analysis," Proceedings of Advances in Cryptology (CRYPTO 99), pp. 388-398, 1999.
  10. T.S, Messerges, E.A, Dabbish, R.H. Sloan, "Examining smart-cards security under the threat of power analysis attacks," IEEE Transactions on Computers, 51(5), pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593