Browse > Article
http://dx.doi.org/10.9708/jksci.2011.16.2.183

A Study on the User Authentication Scheme with Forward Secrecy  

An, Young-Hwa (Div. of Computer and Media Engineering, Kangnam University)
Abstract
Recently Wang-Li proposed the remote user authentication scheme using smart cards. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we described the Wang-Li and Yoon et al.'s authentication scheme simply, and we prove that the Wang-Li's scheme is vulnerable to a password guessing attack and impersonation attack in case that the attacker steals the user's smart card and extracts the information in the smart card. Accordingly, we propose the improved user authentication scheme based on the hash function and generalized ElGamal signature scheme that can withstand many possible attacks including a password guessing attack, impersonation attack and replay attack, and that can offer the function of forward secrecy. The result of comparative analysis, the our proposed scheme is much more secure and efficient than the Wang-Li and Yoon et al.'s scheme.
Keywords
User authentication; Smart card; Password guessing attack; Forward secrecy;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 T.S. Messerges, E.A. Dabbish, R.H. Sloan, "Examining smart-card security under the threat of power analysis attacks," IEEE Transactions on Computers, 51 (5), pp. 541-552, 2002.   DOI   ScienceOn
2 W. Diffie and M. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. IT-22, pp. 644-654, 1976.
3 J. Xu, W.T. Zhu, D.G. Feng, "An improved smart card based password authentication scheme with provable security," Computers Standards & Interfaces, 31, pp. 723-728, 2009.   DOI   ScienceOn
4 P. Kocher, J. Jaffe, B. Jun, "Differential power analysis," Proceedings of Advances in Cryptology (CRYPTO 99), pp. 388-397, 1999.
5 L. Lamport, "Password authentication with insecure communication," Communications of the ACM, 24(11), pp. 770-772, 1981.   DOI   ScienceOn
6 E.J. Yoon, E.K. Ryu, K.Y. Yoo, "Efficient remote user authentication scheme based on generalized ElGamal signature scheme," IEEE Trans. Consum. Electron, 50(2), pp. 568-570, 2004.   DOI   ScienceOn
7 C.K Chan, L.M. Cheng, "Cryptanalysis of a remote user authentication scheme using smart cards," IEEE Trans. Consum. Electron, 46(4), pp. 992-993, Nov. 2000.   DOI   ScienceOn
8 J.J Shen, C.W.Lin, and M.S. Whang, "A modified remote user authentication scheme using smart cards," IEEE Trans. Consum. Electron, 46(2), pp. 414-416, May. 2003.
9 Zuhua Shao, "Efficient deniable authentication protocol based on generalized ElGamal signature scheme," Computer Standards & Interfaces, Article in press, Dec. 2003.
10 B. Wang, Z.Q. Li, "Forward-secure user authentication scheme with smart cards," International Journal of Network Security, Vol. 3, No. 2, pp. 116-119, Sept. 2006.
11 M.S. Hwang, L.H. Li, "A New remote user authentication scheme using smart cards," IEEE Trans. Consum. Electron, 46(1), Feb. 2000.
12 Y.S, Lee, D.H. Won, "Cryptanalysis and enhancement of a remote user authentication scheme using smart cards," Journal of The Korea Society of Computer and Information, Vol. 15, No. 1, pp. 139-147, Jan. 2010.   DOI