The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Security Analysis of a Secure Dynamic ID based Remote User Authentication Scheme for Multi-server Environment

멀티서버를 위한 안전한 동적 ID 기반 원격 사용자 인증 방식에 대한 안전성 분석

  • 양형규 (강남대학교 컴퓨터미디어정보공학부)
  • Received : 2013.01.20
  • Accepted : 2013.02.08
  • Published : 2013.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, user authentication schemes using smart cards for multi-server environment have been proposed for practical applications. In 2009, Liao-Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment that can withstand the various possible attacks and provide user anonymity. In this paper, we analyze the security of Liao-Wang's scheme, and we show that Liao-Wang's scheme is still insecure against the forgery attack, the password guessing attack, the session key attack, and the insider attack. In addition, Liao-Wang's scheme does not provide user anonymity between the user and the server.

최근에, 멀티서버 환경을 위한 스마트 카드를 이용한 사용자 인증 방식이 실질적인 응용 분야에서 적용되고 있다. 2009년도에 Liao-Wang은 멀티서버를 위한 안전한 동적 ID 기반 원격 사용자 인증 방식을 제안하였다. 이 방식은 여러 종류의 가능한 공격에 안전하면서 사용자 익명성 보장하였다. 본 논문에서 우리는 Liao-Wang의 방식에 대한 안정성을 분석하고, Liao-Wang의 방식이 위조 공격, 패스워트 추측 공격, 세션키 공격 그리고 내부자 공격에 취약하다는 것을 보여준다. 추가로 Liao-Wang의 방식이 사용자와 서버간의 사용자 익명성 역시 제공하지 못한다는 것을 증명한다.

Keywords

References

  1. K. Choi, T. Kim, S. Yeo, E. Cho, "A Study on the Network Security Level Management", Journal of Korean Institute of Information Technology, vol. 7, issue 1, pp. 214-219, Feb 2009.
  2. Lin, I.C., Hwang, M.S., Li, L.H, "A New Remote User Authentication Scheme for Multi-server Architecture". Future Generation Computer System, vol. 19, pp. 13-22, 2003 https://doi.org/10.1016/S0167-739X(02)00093-6
  3. Juang, W.S, "Efficient Multi-server Password Authenticated Key Agreement using Smart Cards". IEEE Transactions on Consumer Electronics, vol. 50, no. 1, pp. 251-255, 2004. https://doi.org/10.1109/TCE.2004.1277870
  4. Chang, C., Lee, J.S, "An Efficient and Secure Multi-server Password Authentication Scheme using Smart Cards". IEEE. Proceeding of the International Conference on Cyberworlds, 2004.
  5. Hwang, R.J., Shiau, S.H, "Provably Efficient Authenticated Key Agreement Protocol for Multi-servers". The Computer Journal, vol. 50, no. 5, pp. 602-615, 2007. https://doi.org/10.1093/comjnl/bxm030
  6. Tsai, J.L, "Efficient Multi-server Authentication Scheme based on One-way Hash Function without Verification Table", Computer and Security, vol. 27, pp. 115-121, 2008. https://doi.org/10.1016/j.cose.2008.04.001
  7. Liao, Y.P., Wang, S.S, "A Secure Dynamic ID based Remote User Authentication Scheme for Multi-server Environment", Computer Standards and Interfaces, vol. 31, pp. 24-29, 2009. https://doi.org/10.1016/j.csi.2007.10.007
  8. Kocher, P., Jaffe, J., Jun, B, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999
  9. Messerges, T.S., Dabbish, E.A., Sloan, R.H, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers 51(5), pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593
  10. Y. Kim, Y. Jeong, G. Park, "An Authentication Protocol Proposal to Guarantee Reliability of Wireless Node in IEEE 802.16s", Journal of Korean Institute of Information Technology, vol. 6, issue 4, pp. 87-93, Aug 2008.

Cited by

  1. WPAN Based Semantic-Web Health Monitoring vol.13, pp.6, 2013, https://doi.org/10.7236/JIIBC.2013.13.6.167
  2. Development of Multi-function Sensor Integration Module System for Smart Green Building vol.14, pp.10, 2013, https://doi.org/10.5762/KAIS.2013.14.10.4799
  3. Design and Implementation Smart Office System Based on Remote Desktop Protocol (RDP) vol.14, pp.2, 2014, https://doi.org/10.7236/JIIBC.2014.14.2.153