DOI QR코드

DOI QR Code

Enhanced Password-based Remote User Authentication Scheme Using Smart Cards

  • Jeon, II-Soo (School of Electronic Engineering, Kumoh National Institute of Technology) ;
  • Kim, Hyun-Sung (School of Computer Engineering, Kyungil University)
  • 전일수 (금오공과대학교 전자공학부) ;
  • 김현성 (경일대학교 컴퓨터공학부)
  • Received : 2010.01.02
  • Accepted : 2011.01.05
  • Published : 2011.03.30

Abstract

Secure and efficient authentication schemes over insecure networks have been a very important issue with the rapid development of networking technologies. Wang et al. proposed a remote user authentication scheme using smart cards. However, recently, Chen et al. pointed out that their scheme is vulnerable to the impersonation attack and the parallel session attack, and they proposed an enhanced authentication scheme. Chen et al. claimed that their scheme is secure against the various attacks. However, we have found that their scheme cannot resist the parallel attack and the stolen smart card attack. Therefore, in this paper, we show the security flaws in Chen et al.'s scheme and propose an improved remote user authentication scheme using tamper-resistant smart cards to solve the problem of Chen et al.'s scheme. We also analyze our scheme in terms of security and performance.

Keywords

References

  1. L. Lamport, "Password authentication with insecure communication," Communications of the ACM, Vol. 24, No. 11, pp. 770-772, 1981. https://doi.org/10.1145/358790.358797
  2. M.S. Hwang, L.H. Li, "A new remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, 2000. https://doi.org/10.1109/30.826377
  3. H.M. Sun, "An efficient remote use authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, pp.958-961, 2000. https://doi.org/10.1109/30.920446
  4. H.Y. Chien, J.K. Jan, Y.M. Tseng, "An efficient and practical solution to remote authentication: smart card," Computers and Security, Vol.21 , No. 4, pp. 372-375, 2002. https://doi.org/10.1016/S0167-4048(02)00415-7
  5. W.C. Ku, S.M. Chen, "Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, pp. 204-207, 2004. https://doi.org/10.1109/TCE.2004.1277863
  6. E.J. Yoon, E.K. Ryu, K.Y. Yoo, "Further improvement of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 612-614, 2004. https://doi.org/10.1109/TCE.2004.1309437
  7. X.M. Wang, W.F. Zhang, J.S. Zhang, M.K Khan, "Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards," Computer Standards & Interfaces, Vol. 29, No. 5, pp. 507-512, 2007. https://doi.org/10.1016/j.csi.2006.11.005
  8. T.H. Chen, H.C. Hsiang, W.K. Shih, "Security enhancement on an improvement on two remote user authentication schemes using smart cards," Future Generation Computer Systems, 2010 (in press).
  9. C.L. Hsu, "Security of Chien et al.'s remote user authentication scheme using smart cards," Computers & Standards Interfaces, Vol. 26, No. 3, pp. 167-169, 2004. https://doi.org/10.1016/S0920-5489(03)00094-1
  10. N.Y. Lee, Y.C. Chiu, "Improved remote authentication scheme with smart card," Computer Standards & Interfaces, Vol. 27, No. 2, pp. 177-180, 2005. https://doi.org/10.1016/j.csi.2004.06.001
  11. J. Xu, W.T. Zhu, D.G. Feng, "An improved smart card based password authentication scheme with provable security," Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728, 2009. https://doi.org/10.1016/j.csi.2008.09.006
  12. R. Song, "Advanced smart card based password authentication scheme," Computer Standards & Interfaces, Vol. 32, No. 5, pp. 321-325, 2010. https://doi.org/10.1016/j.csi.2010.03.008
  13. J.K. Lee, S.R. Ryu, K.Y. Yoo, "Fingerprint -based remote user authentication scheme using smart cards," IEE Electronics Letters, Vol. 38, No. 12, pp. 554-555, 2002. https://doi.org/10.1049/el:20020380
  14. H.S. Kim, S.W.Lee, K.Y. Yoo, "ID-based Password Authentication Scheme using Smart Cards and Fingerprints," ACM Operating Systems Review, pp. 32-41, 2003.
  15. C.H. Lin, Y.Y. Lai, "A flexible biometrics remote user authentication scheme," Computer Standard & Interfaces, Vol. 27, No. 1, pp. 19-23, 2004. https://doi.org/10.1016/j.csi.2004.03.003
  16. M.K. Khan, J. Zhang, "Improving the security of 'a flexible biometrics remote user authentication scheme," Computer Standards & Interfaces, Vol. 29, No. 1, pp. 82-85, 2007. https://doi.org/10.1016/j.csi.2006.01.002
  17. C.T. Li, M.S. Hwang, "An efficient biometrics-based remote user authentication scheme using smart cards," Journal of Network and Computer Applications, Vol. 33, No. 1, pp. 1-5, 2010. https://doi.org/10.1016/j.jnca.2009.08.001
  18. O. Kommerling, M.G. Kuhn, "Design Principles for Tamper-Resistant Smartcard Processors," Proceedings of the USENIX Workshop on Smartcard Technology, pp. 9-20, 1999.
  19. S. Ravi, A. Raghunathan, S. Chakradhar, "Tamper Resistance Mechanisms for Secure Embedded Systems," IEEE Proceedings of the 17th International Conference on VLSI Design, pp. 605-611, 2004.
  20. H. Jin, G. Myles, J. Lotspiech, "Towards Better Software Tamper Resistance," Lecture Notes in Computer Science, Vol. 3650, pp. 417-430, 2005. https://doi.org/10.1007/11556992_30
  21. P. Wang, S.K. Kang, K. Kim, "Tamper Resistant Software Through Dynamic Integrity Checking," The 2005 Symposium on Cryptography and Information Security, 2005.
  22. X. Leng, "Smart card applications and security," Information Security Technical Report, Vol. 14 pp. 36-45, 2009. https://doi.org/10.1016/j.istr.2009.06.006
  23. http://www.smartcardalliance.org/pages/smart-cards-faq#how-do-smart-cards-help-to-protect-privacy
  24. M. Feldhofer, C. Rechberger, "A case against currently used hash functions in RFID protocols," Lecture Notes in Computer Science, Vol. 4277 pp. 372-381, 2006. https://doi.org/10.1007/11915034_61