DOI QR코드

DOI QR Code

An Enhanced Symmetric Key-Based Remote User Authentication Scheme with Forward Secrecy

전방향 안전성을 제공하는 개선된 대칭키 기반 원격 사용자 인증 방식

  • Moon, Jongho (Dept. of Electrical and Computer Eng., Graduate School, Sungkyunkwan University) ;
  • Won, Dongho (Dept. of Computer Eng., Graduate School, Sungkyunkwan University)
  • Received : 2016.09.21
  • Accepted : 2017.01.25
  • Published : 2017.03.30

Abstract

Recently Lee et al. proposed an improved symmetric key-based remote user authentication scheme to eliminate the security weaknesses of Kumari et al.'s scheme. They hence claimed that their scheme is secure to various well-known attacks. However, we found that Lee et al.'s scheme is still insecure against outsider attack, smart card stolen and off-line password guessing attack. To overcome these security vulnerabilities, we propose an enhanced authentication scheme with key-agreement which is based on the fuzzy-extractor. Furthermore, we prove that the proposed scheme is more secure, and that it serves to gratify all of the required security properties. Finally, we compare the performance and functionality of the proposed scheme with those of previous schemes.

Keywords

References

  1. L. Lamport, "Password Authentication with Insecure Communication," Communications of the ACM, Vol. 24, No. 11, pp. 770-772, 1981. https://doi.org/10.1145/358790.358797
  2. R. Ramasamy and A.P. Muniyandi, "New Remote Mutual Authentication Scheme Using Smart Cards," Transactions on Data Privacy, Vol. 2, No. 2, pp. 141-152, 2009.
  3. Y. Lee and D. Won, "Cryptanalysis and Enhancement of a Remote User Authentication Scheme Using Smart Cards," Journal of the Korea Society of Computer and Information, Vol. 15, No. 1, pp. 139-147, 2010. https://doi.org/10.9708/jksci.2010.15.1.139
  4. K.S. Park, S.Y. Lee, Y.H. Park, and Y.H. Park, "An ID-based Remote User Authentication Scheme in IoT," Journal of Korea Multimedia Society, Vol. 18, No. 12, pp. 1483-1491, 2015. https://doi.org/10.9717/kmms.2015.18.12.1483
  5. J. Moon, Y. Choi, and D. Won, "A Secure Attribute-based Authentication Scheme for Cloud Computing," KIISE Transaction on Computing Practices, Vol. 22, No. 8, pp. 345-350, 2016. https://doi.org/10.5626/KTCP.2016.22.8.345
  6. Y.Y Wang, J.Y. Kiu, F.X. Xiao, and J. Dan, "A More Efficient and Secure Dynamic IDbased Remote User Authentication Scheme," Journal of Computer Communications, Vol. 32, No. 4, pp. 583-585, 2009. https://doi.org/10.1016/j.comcom.2008.11.008
  7. M.K. Khan, S.K. Kim, and K. Alghathbar, "Cryptanalysis and Security Enhancement of a 'More Efficient and Secure Dynamic IDbased Remote User Authentication Scheme'," Journal of Computer Communications, Vol. 34, No. 3, pp. 305-309, 2011. https://doi.org/10.1016/j.comcom.2010.02.011
  8. H.M. Chen, J.W. Lo, and C.K. Yeh, "An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems," Journal of Medical Systems, Vol. 36, No. 6, pp. 3907-3915, 2012. https://doi.org/10.1007/s10916-012-9862-y
  9. Q. Jiang, J. Ma, Z. Ma, and G. Li, "A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems," Journal of Medical Systems, Vol. 37, No. 1, pp. 1-18, 2013.
  10. S. Kumari, M.K. Khan, and R. Kumar, "Cryptanalysis and Improvement of 'A Privacy Enhanced Scheme for Telecare Medical Information System'," Journal of Medical Systems, Vol. 37, No. 4, pp. 1-11, 2013.
  11. K.W. Kim and J.D. Lee, "On the Security of Two Remote User Authentication Schemes for Telecare Medical Information Systems," Journal of Computer Communications, Vol. 38, No. 5, pp. 1-11, 2014. https://doi.org/10.1016/j.comcom.2013.10.009
  12. S.Y. Lee, K.S. Park, Y.H. Park, and Y.H. Park, "Symmetric Key-based Remote User Authentication Scheme With Forward Secrecy," Journal of Korea Multimedia Society, Vol. 19, No. 3, pp. 585-594, 2016. https://doi.org/10.9717/kmms.2016.19.3.585
  13. D. Dolev and A.C. Yao, "On the Security of Public Key Protocols," IEEE Transactions on Information Theory, Vol. 29, No. 2, pp. 198-208, 1983. https://doi.org/10.1109/TIT.1983.1056650
  14. P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi, "Introduction to Differential Power Analysis," Journal of Cryptographic Engineering, Vol. 1, No. 1, pp. 5-27, 2011. https://doi.org/10.1007/s13389-011-0006-y
  15. Y. Dodis, L. Reyzin, and A. Smith, "Cryptanalysis and Security Enhancement of a More Efficient and Secure Dynamic ID-based Remote User Authentication Scheme," Journal of Computer Communications, Vol. 32, No. 4, pp. 583-585, 2009. https://doi.org/10.1016/j.comcom.2008.11.008
  16. Y. Choi and D. Won, "Security Enhanced User Authentication Scheme With Key Agreement Based on Fuzzy Extraction Technology," Journal of Internet Computing and Services, Vol. 17, No. 3, pp. 1-10, 2016. https://doi.org/10.7472/JKSII.2016.17.3.01

Cited by

  1. Analysis and Improvement Authentication Scheme of ‘A Study on Smart-Card based User Authentication’ vol.19, pp.10, 2017, https://doi.org/10.14801/jkiit.2021.19.10.67