한국인터넷방송통신학회논문지 (The Journal of the Institute of Internet, Broadcasting and Communication)

  • 제12권6호
  • /
  • Pages.91-98
  • /
  • 2012
  • /
  • 2289-0238(pISSN)
  • /
  • 2289-0246(eISSN)
한국인터넷방송통신학회 (The Institute of Internet, Broadcasting and Communication)
권호 표지
DOI QR코드

DOI QR Code

스마트카드 기반 상호인증 스킴의 보안성 개선

Security Improvements on Smart-Card Based Mutual Authentication Scheme

  • 주영도 (강남대학교 컴퓨터미디어정보공학부)
  • Joo, Young-Do (Dept. of Computer and Media Information, Kangnam University)
  • 투고 : 2012.09.18
  • 심사 : 2012.12.14
  • 발행 : 2012.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

허가받지 않은 접근을 통해 위험에 노출될 수 있는 자원을 보호하기 위해 패스워드 기반의 인증 스킴들이 최근에 폭넓게 채택되어 사용되고 있다. 2008년에 Liu 등은 위조공격에 견딜 수 있는 패스워드 기반의 스마트카드를 사용하는 새로운 상호인증 스킴을 제안하였다. 본 논문은 안전성 분석을 통해 Liu 등의 스킴이 여전히 다양한 보안 공격에 취약함을 증명한다. 아울러, 공격자가 스마트카드에 저장된 비밀 정보를 불법으로 취득한 겅우에도 이러한 보안상의 약점을 극복하면서 동시에 사용자와 원격 인증서버 간 상호인증을 제공하는 개선된 스킴을 제안한다. 저자는 본 연구에서 안전성 분석과 결과 비교를 통해, 제안하는 스킴이 Liu 등의 스킴에 비하여 다양한 공격들로부터 보다 안전하고 효율적인 스킴임을 보여준다.

Password-based authentication schemes have been widely adopted in order to protect resources from unauthorized access. In 2008, Liu et al. proposed a new mutual authentication scheme using smart cards which can withstand the forged attack. In this paper, author has proven that Liu et al.'s scheme is still vulnerable to the various attacks by analyzing the security of their scheme. This paper introduces an enhanced scheme to overcome these security weakness and to provide mutual authentication between the user and the server, even if the secrete information stored in the smart card is revealed by an attacker. The comparative result from the security analysis demonstrates that the proposed scheme is more secure against the possible attacks than Liu et al.'s scheme.

키워드

참고문헌

  1. W. H. Yang, and S. P. Shieh, "Password Authentication with Smart Card", Computers and Security, Vol. 18, No. 8, pp. 727-733, 1999. https://doi.org/10.1016/S0167-4048(99)80136-9
  2. J. J. Shen, C. W. Lin, and M. S. Hwang, "Security Enhancement for Timestamp-based Password Authentication Scheme Using Smart Cards", Computers and Security, Vol. 22, No. 7, pp. 591-595, 2003. https://doi.org/10.1016/S0167-4048(03)00709-0
  3. S. T. Wu, and B. C. Chieu, "A User Friendly Remote Authentication Scheme with Smart Cards", Computers and Security, Vol. 22, No. 6, pp. 629-631, 2003.
  4. M. L. Das, A. Sxena, and V. P. Gulathi, "A Dynamic ID-based Remote User Authentication Scheme", IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629-631, 2004. https://doi.org/10.1109/TCE.2004.1309441
  5. H. Y. Chien, and C. H. Chen, "A Remote Password Authentication Preserving User Anonymity", Proceedings of 19th International Conference on Advanced Information Networking and Applications (AINA '05), 2005.
  6. E. J. Yoon, E. K. Ryu, and K. Y. Yoo, "Attack on the Shen et al.'s Timestamp-based Password Authentication Scheme Using Smart Cards", IEICE Transactions on Fundamentals E88-A (1), pp. 319-321, 2005. https://doi.org/10.1093/ietfec/E88-A.1.319
  7. C. W. Lin, C. S. Tsai, and M. S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions", Journal of Computer and Systems Sciences International, Vol. 45, No. 4, pp. 623-626, 2006. https://doi.org/10.1134/S1064230706040137
  8. C. S. Bindu, P. C. Reddy, and B. Satyanarayana, "Improved Remote User Authentication Scheme Preserving User Anonymity", International Journal of Computer Science and Network Security, Vol. 8, No. 3, pp. 62-66, 2008.
  9. C. C. Chang, and C. Y. Lee, "A Friendly Password Mutual Authentication Scheme for Remote Login Network System", International Journal of Multimedia and Ubiquitous Engineering, Vol. 3, No. 1, pp. 59-63, 2008.
  10. J. Y. Liu, A. M. Zhou, and M. X. Gao, "A New Authentication Scheme based on Nonce and Smart Cards", Computer Communication, Vol. 31, pp. 2205-2209, 2008. https://doi.org/10.1016/j.comcom.2008.02.002
  11. M. Choi, T. Kim, S. Yeo, and E. Cho, "A Study on the Network Security Level Management", Journal of Korean Institute of Information Technology, Vol. 7, No. 1, pp. 214-219, 2009.
  12. H Lee, and Y. Park, "A Design and Implementation of User Authentication System using Biometric Information", Journal of Korea Academia-Industrial cooperation Society, Vol. 11, No. 9, pp. 3548-3557, 2010. https://doi.org/10.5762/KAIS.2010.11.9.3548
  13. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999.
  14. T. S. Messerges, E. A. Dabbish, and R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers, Vol. 51, No. 5, pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593

피인용 문헌

  1. Integration of Application Program for Dementia Diagnosis using Biometric Sensor and Oxygen Chamber vol.14, pp.11, 2013, https://doi.org/10.5762/KAIS.2013.14.11.5847
  2. A Design of Protocol Based on Smartcard for Financial Information to Protect in E-payment System vol.14, pp.11, 2013, https://doi.org/10.5762/KAIS.2013.14.11.5872
  3. A Study of Authentication Method for Id-Based Encryption Using In M2M Environment vol.14, pp.4, 2013, https://doi.org/10.5762/KAIS.2013.14.4.1926