DOI QR코드

DOI QR Code

Privileged-Insider 공격에 안전한 원격 사용자 인증 프로토콜

Secure Remote User Authentication Protocol against Privileged-Insider Attack

  • Lee, SungYup (School of Electronics Engineering, Kyungpook National University) ;
  • Park, YoHan (Division of Information Technology, Korea Nazarene University) ;
  • Park, YoungHo (School of Electronics Engineering, Kyungpook National University)
  • 투고 : 2016.12.09
  • 심사 : 2017.02.23
  • 발행 : 2017.04.30

초록

Recently, Due to the rapid development of the internet and IT technology, users can conveniently use various services provided by the server anytime and anywhere. However, these technologies are exposed to various security threat such as tampering, eavesdropping, and exposing of user's identity and location information. In 2016, Nikooghadam et al. proposed a lightweight authentication and key agreement protocol preserving user anonymity. This paper overcomes the vulnerability of Nikooghadam's authentication protocol proposed recently. This paper suggests an enhanced remote user authentication protocol that protects user's password and provides perfect forward secrecy.

키워드

참고문헌

  1. H.M. Sun, "An Efficient Remote Use Authentication Scheme Using Smart Cards," IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, pp. 958-961, 2000. https://doi.org/10.1109/30.920446
  2. B.L. Chen, W.C. Kuo, and L.C. Wuu, "Robust Smart-Card-Based Remote User Password Authentication Scheme," International J ournal of Communication Systems, Vol. 27, No. 2, pp. 377-389, 2014. https://doi.org/10.1002/dac.2368
  3. S.Y. Lee, K.S. Park, Y.H. Park, and Y.H. Park, "Symmetric Key-Based Remote User Authentication Scheme with Forward Secrecy," Journal of Korea Multimedia Society, Vol. 19, No. 3, pp. 585-594, 2016. https://doi.org/10.9717/kmms.2016.19.3.585
  4. Y.F. Chang, W.L. Tai, and H.C. Chang, "Untraceable Dynamic-Identity-Based Remote User Authentication Scheme with Verifiable Password Update," International J ournal of Communication Systems, Vol. 27, No. 11, pp. 3430-3440, 2014.
  5. G. Yang, D.S. Wong, H. Wang, and X. Deng, "Two-Factor Mutual Authentication Based on Smart Cards and Passwords," Journal of Computer and System Sciences, Vol. 74, No. 7, pp. 1060-1172, 2008.
  6. Q. Jiang, J. Ma, X. Lu, and Y. Tian, "An Efficient Two-Factor User Authentication Scheme with Unlinkability for Wireless Sensor Networks," Peer-to-Peer Networking and Applications, Vol. 8, No. 6, pp. 1070-1081, 2015. https://doi.org/10.1007/s12083-014-0285-z
  7. H. Arshad and M. Nikooghadam, "Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems," Journal of Medical Systems, Vol. 38, No. 12, pp. 1-12, 2014. https://doi.org/10.1007/s10916-013-0001-1
  8. A.K. Das, "A Secure and Robust Temporal Credential-Based Three-Factor User Authentication Scheme for Wireless Sensor Networks," Peer-to-Peer Networking and Applications, Vol. 9, No. 1, pp. 223-244, 2016. https://doi.org/10.1007/s12083-014-0324-9
  9. A.T.B. Jin, D.N.C. Ling, and A. Goh, "Biohashing: Two Factor Authentication Featuring Fingerprint Data and Tokenised Random Number," Pattern Recognition, Vol. 37, No. 11, pp. 2245-2255, 2004. https://doi.org/10.1016/j.patcog.2004.04.011
  10. Y. Dodis, L. Reyzin, and A. Smith, "Fuzzy Extractors: How to Generate Strong Keys form Biometrics and Other Noisy Data," Proceeding of International Conference on the Theory and Application of Cryptographic Techniques, pp. 523-540, 2004.
  11. X. Boyen, "Reusable Cryptographic Fuzzy Extractors," Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 82-91, 2004.
  12. D. Wang, P. Wang, C.G. Ma, and Z. Chen, "Robust Smart Card Based Password Authentication Scheme against Smart Card Security Breach," Cryptology Eprint Archive, pp. 1-35, 2012.
  13. S. Kumari, M.K. Khan, and X. Li, "An Improved Remote User Authentication Scheme with Key Agreement," Computers & Electrical Engineering, Vol. 40, No. 6, pp. 1997-2012, 2014. https://doi.org/10.1016/j.compeleceng.2014.05.007
  14. S.A. Chaudhry, M.S. Farash, H. Naqvi, S. Kumari, and M.K. Khan, "An Enhanced Privacy Preserving Remote User Authentication Scheme with Provable Security," Security and Communication Networks, Vol. 8, No. 18, pp. 3782-3795, 2015. https://doi.org/10.1002/sec.1299
  15. M. Nikooghadam, R. Jahantigh, and H. Arshad, "A Lightweight Authentication and Key Agreement Protocol Preserving User Anonymity," Multimedia Tolls and Applications, pp. 1-23, 2016.