Browse > Article
http://dx.doi.org/10.17662/ksdim.2010.6.3.069

An Efficient and Secure Authentication Scheme Preserving User Anonymity  

Kim, Mi Jin (School of Information and Communication Engineering, Sungkyunkwan University)
Lee, Kwang Woo (School of Information and Communication Engineering, Sungkyunkwan University)
Kim, Seung Joo (School of Information and Communication Engineering, Sungkyunkwan University)
Won, Dong Ho (School of Information and Communication Engineering, Sungkyunkwan University)
Publication Information
Journal of Korea Society of Digital Industry and Information Management / v.6, no.3, 2010 , pp. 69-77 More about this Journal
Abstract
Authentication and key establishment are fundamental procedures to establish secure communications over public insecure network. A password-based scheme is common method to provide authentication. In 2008, Khan proposed an efficient password-based authentication scheme using smart cards to solve the problems inherent in Wu-Chieu's authentication scheme. As for security, Khan claimed that his scheme is secure and provides mutual authentication between legal users and a remote server. In this paper, we demonstrate Khan's scheme to be vulnerable to various attacks, i. e., password guessing attack, insider attack, reflection attack and forgery attack. Our study shows that Khan's scheme does not provide mutual authentication and is insecure for practical applications. This paper proposes an improved scheme to overcome these problems and to preserve user anonymity that is an issue in e-commerce applications.
Keywords
Mutual authentication; Reflection attack; Forgery attack; User anonymity;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Lamport, L., "Password Authentication with Insecure Communication," Communications of the ACM, Vol. 24, No. 11, 1981, pp. 770-772.   DOI   ScienceOn
2 Bellovin, S. M. and Merritt, M., "Encrypted key exchange: password-based protocols secure against dictionary attacks," In: IEEE Symposium on research in security and privacy, IEEE Computer Society, 1992, pp. 72-84.
3 Bellare, M., Pointcheval, D. and Rogaway, P., "Authenticated key exchange secure against dictionary attacks," Advances in Cryptology- EUROCRYPT00, Lecture Notes in Computer Science, 1807, 2000, pp. 139-155.
4 Botko, V., Mackenzie, P. and Patel, S., "Provable secure password-authenticated key exchange using Diffe-Hellman," 2000, pp. 156-171.
5 Yang, G., Wong, D. S., Wong, H. and Deng, X., "Two-factor mutual authentication based on smart cards and passwords," Journal of computer and system sciences, Elsevier, Vol. 74, No. 7, 2008, pp. 1160-1172.   DOI   ScienceOn
6 Wu, S. T. and Chieu, B. C., "A note on a user friendly remote user authentication scheme with smart cards," IEICE Transactions Fundamentals, Vol. 87-A, No. 8, 2004, pp. 2180-2181.
7 Khan, M. K., "An efficient and secure remote mutual authentication scheme with smart cards," International Symposium on Biometrics and Security Technologies(ISBAST 2008), pp. 1-6.
8 Ku, W. C., Chen, C. M. and Lee, H. L., "Cryptanalysis of a variant of Peyravian-Zunic's password authentication scheme," IEICE trans. on commun., Vol. E86-B, No. 5, 2003, pp. 1682-1684.
9 Mitchell, C., "Limitations of challenge-response entity authentication," Electronics Letters, Vol. 25, No. 17, 1989, pp. 1195-1196.   DOI   ScienceOn
10 Yashinsac, A., "Dynamic analysis of security protocols," Proc. 2000 Workshop on New Security Paradigms, 2001, pp. 77-87.
11 Kocher, P., Jaffe, J. and June, B., "Differential power analysis," Proc. Advances in Cryptology (CRYPTO'99), 1999, pp. 388-397.
12 Messerges, T. S., Dabbish, E. A. and Sloan, R. H., "Examming smart card security under the threat of power analysis attacks," IEEE Transactions on Computer, Vol. 51, No. 5, 2002, pp. 541-552.   DOI   ScienceOn
13 Menezes, A. J., Oorschot, P. C. and Vanston, S. A., "Handbook of applied cryptography," CRC Press, New York, 1997.