Journal of Korea Multimedia Society (한국멀티미디어학회논문지)

Korea Multimedia Society (한국멀티미디어학회)
권호 표지
DOI QR코드

DOI QR Code

Secure Remote User Authentication Protocol against Privileged-Insider Attack

Privileged-Insider 공격에 안전한 원격 사용자 인증 프로토콜

  • Lee, SungYup (School of Electronics Engineering, Kyungpook National University) ;
  • Park, YoHan (Division of Information Technology, Korea Nazarene University) ;
  • Park, YoungHo (School of Electronics Engineering, Kyungpook National University)
  • Received : 2016.12.09
  • Accepted : 2017.02.23
  • Published : 2017.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, Due to the rapid development of the internet and IT technology, users can conveniently use various services provided by the server anytime and anywhere. However, these technologies are exposed to various security threat such as tampering, eavesdropping, and exposing of user's identity and location information. In 2016, Nikooghadam et al. proposed a lightweight authentication and key agreement protocol preserving user anonymity. This paper overcomes the vulnerability of Nikooghadam's authentication protocol proposed recently. This paper suggests an enhanced remote user authentication protocol that protects user's password and provides perfect forward secrecy.

Keywords

References

  1. H.M. Sun, "An Efficient Remote Use Authentication Scheme Using Smart Cards," IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, pp. 958-961, 2000. https://doi.org/10.1109/30.920446
  2. B.L. Chen, W.C. Kuo, and L.C. Wuu, "Robust Smart-Card-Based Remote User Password Authentication Scheme," International J ournal of Communication Systems, Vol. 27, No. 2, pp. 377-389, 2014. https://doi.org/10.1002/dac.2368
  3. S.Y. Lee, K.S. Park, Y.H. Park, and Y.H. Park, "Symmetric Key-Based Remote User Authentication Scheme with Forward Secrecy," Journal of Korea Multimedia Society, Vol. 19, No. 3, pp. 585-594, 2016. https://doi.org/10.9717/kmms.2016.19.3.585
  4. Y.F. Chang, W.L. Tai, and H.C. Chang, "Untraceable Dynamic-Identity-Based Remote User Authentication Scheme with Verifiable Password Update," International J ournal of Communication Systems, Vol. 27, No. 11, pp. 3430-3440, 2014.
  5. G. Yang, D.S. Wong, H. Wang, and X. Deng, "Two-Factor Mutual Authentication Based on Smart Cards and Passwords," Journal of Computer and System Sciences, Vol. 74, No. 7, pp. 1060-1172, 2008.
  6. Q. Jiang, J. Ma, X. Lu, and Y. Tian, "An Efficient Two-Factor User Authentication Scheme with Unlinkability for Wireless Sensor Networks," Peer-to-Peer Networking and Applications, Vol. 8, No. 6, pp. 1070-1081, 2015. https://doi.org/10.1007/s12083-014-0285-z
  7. H. Arshad and M. Nikooghadam, "Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems," Journal of Medical Systems, Vol. 38, No. 12, pp. 1-12, 2014. https://doi.org/10.1007/s10916-013-0001-1
  8. A.K. Das, "A Secure and Robust Temporal Credential-Based Three-Factor User Authentication Scheme for Wireless Sensor Networks," Peer-to-Peer Networking and Applications, Vol. 9, No. 1, pp. 223-244, 2016. https://doi.org/10.1007/s12083-014-0324-9
  9. A.T.B. Jin, D.N.C. Ling, and A. Goh, "Biohashing: Two Factor Authentication Featuring Fingerprint Data and Tokenised Random Number," Pattern Recognition, Vol. 37, No. 11, pp. 2245-2255, 2004. https://doi.org/10.1016/j.patcog.2004.04.011
  10. Y. Dodis, L. Reyzin, and A. Smith, "Fuzzy Extractors: How to Generate Strong Keys form Biometrics and Other Noisy Data," Proceeding of International Conference on the Theory and Application of Cryptographic Techniques, pp. 523-540, 2004.
  11. X. Boyen, "Reusable Cryptographic Fuzzy Extractors," Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 82-91, 2004.
  12. D. Wang, P. Wang, C.G. Ma, and Z. Chen, "Robust Smart Card Based Password Authentication Scheme against Smart Card Security Breach," Cryptology Eprint Archive, pp. 1-35, 2012.
  13. S. Kumari, M.K. Khan, and X. Li, "An Improved Remote User Authentication Scheme with Key Agreement," Computers & Electrical Engineering, Vol. 40, No. 6, pp. 1997-2012, 2014. https://doi.org/10.1016/j.compeleceng.2014.05.007
  14. S.A. Chaudhry, M.S. Farash, H. Naqvi, S. Kumari, and M.K. Khan, "An Enhanced Privacy Preserving Remote User Authentication Scheme with Provable Security," Security and Communication Networks, Vol. 8, No. 18, pp. 3782-3795, 2015. https://doi.org/10.1002/sec.1299
  15. M. Nikooghadam, R. Jahantigh, and H. Arshad, "A Lightweight Authentication and Key Agreement Protocol Preserving User Anonymity," Multimedia Tolls and Applications, pp. 1-23, 2016.