Browse > Article
http://dx.doi.org/10.9708/jksci.2010.15.3.091

Security Improvements on the Remote User Authentication Scheme Using Smart Cards  

Seo, Jeong-Man (국립한국재활복지대학 컴퓨터게임개발과)
An, Young-Hwa (강남대학교 컴퓨터미디어정보공학부)
Abstract
Recently Hu-Niu-Yang proposed the user authentication scheme to improve Liu et al's scheme. But the Hu-Niu-Yang's scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hu-Niu-Yang's scheme is vulnerable to the off-line password guessing attack in case that the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved user authentication scheme solving the security vulnerability was introduced, thus preventing the attacks, such as password guessing attack, forgery attack impersonation attack, and replay attack. For preventing those attacks, the our proposed scheme need more hash functions and exclusive-OR operations than Hu-Niu-Yang's scheme.
Keywords
User Authentication; Smart Card; Password Guessing Attack;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 C.L. Hsu, "Security of two remote user authentication schemes using smart card," IEEE Transactions on Consumer Electronics, 49(4), pp. 1196-1198, 2003.   DOI   ScienceOn
2 이영숙, 원동호, "스마트카드를 이용한 사용자 인증 스킴의 안전성 분석 및개선," 한국컴퓨터정보학회 논문지, 제15권, 제 1호, 139-147쪽, 2010년 1월.   과학기술학회마을
3 최병훈, 김상근, 배제민, "다중체계_인증을이용한중요시스템 보완 접근에 관한 연구," 한국컴퓨터정보학회 논문지, 제 14권, 제 7호, 73-80쪽, 2009년 7월.   과학기술학회마을
4 L.L. Hu, X.X. Niu, Y.X. Yang, "Weakness and improvements of a remote user authentication scheme using smart cards," The journal of China univ. of posts and telecommunications, vol. 14, pp. 91-94, (9) 2007.   DOI   ScienceOn
5 T.S. Messerges, E.A. Dabbish, R.H. Sloan, "Examining smart-card security under the threat of power analysis attacks, "IEEE Transactions on Computers, 51 (5), pp. 541–552, 2002.   DOI   ScienceOn
6 J.Q. Liu, J. Sun, T.H. Li, "An enhanced remote login authentication with smart card," Proceedings of IEEE Workshop on Signal Processing Systems Design and Implementation, pp. 229-232, (11) 2005.
7 L. Lamport, "Password authentication with insecure communication," Communications of the ACM, 24(11), pp. 770-772, 1981.   DOI   ScienceOn
8 C.C. Chang, T.C. Wu, "Remote password authentication with smart card," IEEE Proceedings-E, 138(3), pp. 165-168, 1991.   DOI
9 H.Y. Chien, J.K. Jan, Y.M. Tseng, "An efficient and practical solution to remote authentication using smart card," Computers & Security, 21 (4), pp. 372-375. 2002.   DOI   ScienceOn
10 E.J. Yoon, E.K. Ryu, K.Y. Yoo, "Further improvements of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, 50(2), pp. 612-614, 2004.   DOI   ScienceOn
11 X. Duan, J.W. Liu, Q. Zhang, "Security improvements on Chien et al.'s remote user authentication scheme using smart cards," IEEE International conference on Computational Intelligence and Security (CIS 2006), 2, pp. 1133-1135, 2006.
12 안영화, 이강호, "스마트카드를 이용한 사용자 인증 스킴의안전성분석," 한국컴퓨터정보학회논문지, 제14권, 제3호, 133-138쪽, 2009년 3월.   과학기술학회마을
13 C.W. Lin, C.S. Tsai, andM.S. Hwang, "ANewStrong-Password Authentication Scheme Using One-Way Hash Functions," Journal of Computer and Systems Sciences International, vol. 45, no. 4, pp. 623-626, 2006.   DOI   ScienceOn
14 H.C Hsiang, W.K. Shih, "Weakness and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards," Computer Communications, 32, pp. 649-652, 2009.   DOI   ScienceOn
15 신광철, "서비스거부공격에안전한OTP 스마트카드인증 프로토콜," 한국컴퓨터정보학회 논문지, 제 12권, 제 6호, 201-206쪽, 2007년 12월.   과학기술학회마을
16 J. Xu, W.T. Zhu, D.G. Feng, "An improved smart card based password authentication scheme with provable security," Computers Standards & Interfaces, 31, pp. 723-728, 2009.   DOI   ScienceOn
17 P. Kocher, J. Jaffe, B. Jun, "Differential power analysis," Proceedings of Advances in Cryptology (CRYPTO 99), pp. 388–397, 1999.