Browse > Article
http://dx.doi.org/10.9708/jksci.2010.15.2.119

Improvements of the Hsiang-Shih's remote user authentication scheme using the smart cards  

An, Young-Hwa (강남대학교 컴퓨터미디어정보공학부)
Publication Information
Journal of the Korea Society of Computer and Information / v.15, no.2, 2010 , pp. 119-125 More about this Journal
Abstract
Recently Hsiang-Shih proposed the user authentication scheme to improve Yoon et al's scheme. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hsiang-Shih's scheme is vulnerable to the off-line password guessing attack. In other words, the attacker can get the user's password using the off-line password guessing attack on the scheme when the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved scheme based on the hash function and random number was introduced, thus preventing the attacks, such as password guessing attack, forgery attack and impersonation attack etc. And we suggested the effective mutual authentication scheme that can authenticate each other at the same time between the user and server.
Keywords
User Authentication; Smart Card; Password Guessing Attack; Forgery Attack;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 S.M Chen, W.C. Ku, 'Weakness and improvements of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, 50(1), pp. 204-207, 2004.   DOI   ScienceOn
2 E.J. Yoon, E.K Ryu, K.Y. Yoo, ''Further improvements of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, 50(2), pp. 612-614, 2004.   DOI   ScienceOn
3 T.S. Messerges, E.A. Dabbish, R.H. Sloan, "Examining smart-card security under the threat of power analysis attacks," IEEE Transactions on Computers, 51 (5), pp. 541 - 552, 2002.   DOI   ScienceOn
4 H.Y. Chien, J.K. Jan, Y.M. Tseng, "An efficient and practical solution to remote authentication using smart card," Computers & Security, 21 (4), pp. 372-375. 2002.   DOI   ScienceOn
5 R.E. Lennon, S.M Matyas, C.H Mayer, "Cryptographic authentication of time-invariant quantities," IEEE Trans . Communication, COM-29, Vol. 6, pp. 773-777, 1981,
6 안영화, 이강호, "스마트카드를 이용한 사용자 인증 스킴의 안전성 분석," 한국컴퓨터정보학회논문지, 제14권, 제3호, 133-138쪽, 2009년 3월.   과학기술학회마을
7 신광철, "서비스거부공격에 안전한 OTP 스마트카드 인중 프로토콜," 한국컴퓨터정보학회논문지, 제12권, 제6호, 201-206쪽, 2007년 12월.   과학기술학회마을
8 P. Kocher, J. Jaffe, B. Jun, "Differential power analysis," Proceedings of Advances in Cryptology (CRYPTO 99), pp. 388-397, 1999.
9 H.C Hsiang, W.K. Shih, "Weakness and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards," Computer Communications, 32, pp. 649-652, 2009.   DOI   ScienceOn
10 C.W. Lin, C.S. Tsai, and M.S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions," Journal of Computer and Systems Sciences International, vol. 45, no. 4, pp. 623-626, 2006,   DOI   ScienceOn
11 C.W. Lin, J.J. Shen, and M.S. Hwang, "Security Enhancement for Optimal Strong-Password Authentication Protocol," ACM Operating Systems Review,37 (2), 2003.
12 X. Duan, J.W. Liu, Q. Zhang, "Security improverments on Chien et al.'s remote user authentication scheme using smart cards," IEEE International conference on Computational Intelligence and Security (CIS 2006), 2, pp. 1133-1135, 2006.
13 S.M. Yen, KH Liao, "Shared authentication token secure against replay and weak key attack" Information Proceeding Letters, pp. 78-80, 1937.
14 L. Lamport, "Password authentication with insecure communication," Communications of the ACM, 24(11), pp. 770-772, 1981.   DOI   ScienceOn