Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Secure Remote User Authentication Scheme for Password Guessing Attack

패스워드 추측공격에 안전한 원격 사용자 인증 스킴

  • Shin, Seung-Soo (Dept. of Information Security, College of Information & Communication, Tongmyong University) ;
  • Han, Kun-Hee (Division of Information & Communication Engineering, Baekseok University)
  • 신승수 (동명대학교 정보보호학과) ;
  • 한군희 (백석대학교 정보통신학부)
  • Received : 2011.09.05
  • Accepted : 2011.12.13
  • Published : 2011.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

This paper shows that a scheme provided by An[7] is not enough to satisfy security requirements for a user certification using a password-based smart card. In order to compensate this weakness, this study provides an improved user scheme with a hash function and ElGamal signature. This new scheme has some advantages protecting password guessing attack, masquerade, and replay attack as well as providing forward secrecy. Compared to An's certification scheme, this scheme suggests that the effect of computational complexity is similar but the efficiency of safety is better.

본 논문에서는 An[7]이 제안한 스킴이 패스워드 기반 스마트카드를 이용한 사용자 인증 스킴에서 고려하는 보안 요구사항을 만족하지 못함을 보였다. 이러한 보안 취약점을 해결하기 위하여 해시함수와 ElGamal 서명기반의 개선된 사용자 인증 스킴을 제안한다. 제안한 사용자 인증 스킴은 패스워드 추측공격, 위장공격, 재전송공격에 대응할 수 있고, 순방향 비밀성을 제공하는 스킴이다. 제안한 스킴은 An의 인증 스킴과 비교할 때,계산복잡도는 별 차이가 없이 유사하나, 안전성은 상대적으로 효율적임을 알 수 있다.

Keywords

References

  1. L. Lamport, "Password authentication with insecure communication," Communication of the ACM, 24(11), pp. 770-772, 1981. https://doi.org/10.1145/358790.358797
  2. C. C Chang, T .C. Wu, "Remote password authentication with smart cards," IEEE Proceedings-E, 138(3), pp. 165-168, 1991. https://doi.org/10.1049/ip-d.1991.0023
  3. M. S. Hwang, L .H. Li, "A New remote user authentication schemes using smart card," IEEE Trans. Consum. Electronics, 46(1), Feb. 2000.
  4. J .J. Shen, C. W. Cheng, and M. S Whang, "A modified remote user authentication schemes using smart card," IEEE Trans. Consum. Electron, 46(2), pp. 414-416. 2003.
  5. Zuhua Shao, "Efficient deniable authentication protocol based on generalized ElGamal signature scheme," Computer Standards & Interfaces, Article in press, Dec. 2003.
  6. B. Wang, Z. Q. Li, "A Forward-secure User Authentication scheme with smart cards," International Journal of Network Security, Vol. 3, No. 2, pp. 116-119. 2006.
  7. Young-Hwa. An, "A Study on the user Authentication Scheme with Forward Secrecy", Journal of the Korea Society of Computer and Information, Vol. 16, No. 2, pp. 183-191, 2011. https://doi.org/10.9708/jksci.2011.16.2.183
  8. J. Xu, W. T Zhu, D.G. Feng, "An improved smart card based password authentication scheme with provable security," Computers Standards & Interfaces, 31, pp. 723-728, 2009. https://doi.org/10.1016/j.csi.2008.09.006
  9. P. Kocher, J. Jaffe, B. Jun, "Differential power analysis," Proceedings of Advances in Cryptology (CRYPTO 99), pp. 388-398, 1999.
  10. T. S, Messerges, E. A, Dabbish, R. H. Sloan, "Examining smart-cards security under the threat of power analysis attacks," IEEE Transactions on Computers, 51(5), pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593