Browse > Article
http://dx.doi.org/10.5909/JBE.2008.13.1.62

Dictionary attack of remote user authentication scheme using side channel analysis  

Kim, Yong-Hun (Graduate School of Information Security, Korea University)
Youn, Taek-Young (Graduate School of Information Security, Korea University)
Park, Young-Ho (Sejong Cyber Univ.)
Hong, Seok-Hee (Graduate School of Information Security, Korea University)
Publication Information
Journal of Broadcast Engineering / v.13, no.1, 2008 , pp. 62-68 More about this Journal
Abstract
Remote user authentication scheme is a cryptographic tool which permits a server to identify a remote user. In 2007, Wang et al. pointed out that Ku's remote user authentication scheme is vulnerable to a dictionary attack by obtaining some secret information in a smart card using side channel attacks. They also proposed a remote user authentication scheme which is secure against dictionary attack. In this paper, we analyze the protocol proposed by Wang et al. In the paper, it is claimed that the protocol is secure even though some values, which is stored in a smart card, are revealed to an adversary, However, we show that their protocol is insecure if the values are disclosed to an adversary.
Keywords
dictionary attack; authentication scheme; smart card; side channel attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 P. Kocher, J. Jaffe and B. Jun, 'Differential power analysis', Proc. Advances in Cryptology (CRYPTO '99), pp.388-397, 1999
2 C. C. Lee, L. H. Li and M. S. Hwang, 'A remote user authentication scheme using hash functions', ACM Operating systems Review, vol. 36, Issue 4, pp 23-29, 2002   DOI   ScienceOn
3 A. Shimizu, T. Horioka and H. Inagaki, 'A password authentication methods for contents communication on the Internet', IEICE Transactions on Communication, E81-B(8), pp 1666-1673, 1998
4 C. C. Chang and T. C. Wu, 'Remote password authentication with smart cards', IEE Proceedings-E, 138(3), pp 165-168, 1993
5 C. C. Chang and W. Y. Liao, 'A remote password authentication scheme based upon ElGamal's signature scheme', Computers and Security, vol. 13, no. 2, pp 137-144, 2002   DOI   ScienceOn
6 X. M. Wang, W. F. Zhang, J. S. Zhang and M. K. Khan, 'Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards', Computer Standards & Interfaces, vol. 29, no. 5, pp.507-512, 2007   DOI   ScienceOn
7 H. Y. Chien, J. K. Jan and Y. M. Tseng, 'An efficient and practical solution to remote authentication: smart card', Computers & Security, vol. 21, no. 4, pp. 372-375, 2002   DOI   ScienceOn
8 W. C. Ku and S. M. Chen, 'Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards', IEEE Transactions on Consumer Electronics 50 (1), pp.204-207, 2004   DOI   ScienceOn
9 J. J. Hwang and T. C. Yeh, 'Improvement on Peyravian-Zunic's password authentication schemes', IEICE Transactions on Communications, E85-B(4), pp 823-825, 2002
10 L. Lamport 'Password Authentication with Insecure Communication', Communications of the ACM, vol. 24, no. 11, pp 770-772, 1981   DOI   ScienceOn
11 E. K. Yoon and K. Y. Ryu, 'Further improvement of an efficient password based remote user authentication scheme using smart card', IEEE Transactions on Consumer Electronics 50 (2), pp.612-614, 2004   DOI   ScienceOn
12 M. Peyravian and N. Zunic, 'Method for protecting password transmission', Computers and Security, vol. 19, no. 5, pp 466-469, 2000   DOI   ScienceOn