Browse > Article
http://dx.doi.org/10.9708/jksci.2013.18.2.087

Weaknesses Cryptanalysis of Khan's Scheme and Improved Authentication Scheme preserving User Anonymity  

Park, Mi-Og (Division. of Computer Science Engineering, Sungkyul University)
Abstract
In this paper, we analyse the weaknesses of authentication scheme preserving user anonymity proposed by Khan et al in 2011 and we propose a new authentication schemes preserving user anonymity that improved these weaknesses. Khan et al's authentication scheme is vulnerable to insider attack and doesn't provide user anonymity to the server. Also, this scheme is still a weakness of wrong password input by mistake in spite of proposing the password change phase. In this paper, we will show that Khan et al's scheme is vulnerable to the stolen smart card attack and the strong server/user masquerade attack. The proposed authentication scheme propose the improved user anonymity, which can provide more secure privacy to user by improving these weaknesses.
Keywords
User Anonymity; Smart Card; Insider Attack; Strong Masquerade attack; User Privacy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 L. Lamport, "Password Authentication with Insecure Communication," Communications of the ACM, Vol.24, pp.770-772, November 1981.   DOI   ScienceOn
2 C. C. Chang and T. C. Wu, "Remote password authentication with smart cards," IEEE Proceedings-Computers and Digital Techniques, Vol.38, No.3, pp.165-168, May 1991.
3 H. S. Kim, S. W. Lee, and K. Y. Yoo, "ID-based Password Authentication Scheme using Smart Cards and Fingerprints," ACM Operating Systems Review, Vol.37, No.4, pp.32-41, October 2003.   DOI   ScienceOn
4 C. L. Hsu, "Security of Chien et al's remote user authentication scheme using smart cards," Computer Standards and Interfaces 26, pp.167-169, May 2004.   DOI   ScienceOn
5 E. J. Yoon, E. K. Ryu, and K. Y. Yoo, "Efficient Remote User Authentication Scheme base on Generalized ElGamal Signature Scheme," IEEE Transactions on Consumer Electronics, Vol.50, No.2, pp.568-570, May 2004.   DOI   ScienceOn
6 K. L. Das, A. Saxena, and V. P. Gulati, "A dynamic ID-based remote user authentication scheme," IEEE Transactions on Consumer Electronics, Vol.50, No.2, pp.629-631, May 2004.   DOI   ScienceOn
7 M. K. Khan, S. K. Kim, and K. Alghathbar, "Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme," Computer Communications, Vol.34, Issue.3, pp.305-309, March 2011.   DOI   ScienceOn
8 Y. Y. Wang, J. Y. Liu, F. X. Xiao, and J. Dan, "A more efficient and secure dynamic ID-based remote user authentication scheme,"Computer Communications 32, pp.583-585, March 2009.   DOI   ScienceOn
9 R. Madhusudhan and R. C. Mittal, "Dynamic ID-based remote user password authentication schemes using smart cards : A review," Journal of Network and Computer Applications 35, pp.1235-1248, July 2012.   DOI   ScienceOn
10 C. S. Bindu, P. C. S. Reddy, and B. Satyanarayana, "Improved Remote User Authentication Scheme Preserving User Anonymity," IJCSNS International Journal of Computer Science and Network Security, Vol.8 No.3, pp.62-66, March 2008.
11 H. C. Hsiang and W. K. Shih, "Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment", Computer Standard and Interfaces 31, pp.1118-1123, November 2009.   DOI   ScienceOn