Browse > Article

A Study on Efficient and Secure user Authentication System based on Smart-card  

Byun, Jin-Wook (Department of Information and Communication, Pyeongtaek University)
Publication Information
Journal of the Institute of Electronics Engineers of Korea TC / v.48, no.2, 2011 , pp. 105-115 More about this Journal
Abstract
User authentication service is an absolutely necessary condition while securely implementing an IT service system. It allows for valid users to securely log-in the system and even to access valid resources from database. For efficiently and securely authenticating users, smart-card has been used as a popular tool because of its convenience and popularity. Furthermore the smart-card can maintain its own power for computation and storage, which makes it easier to be used in all types of authenticating environment that usually needs temporary storage and additional computation for authenticating users and server. First, in 1981, Lamport has designed an authentication service protocol based on user's smart-card. However it has been criticized in aspects of efficiency and security because it uses hash chains and the revealment of server's secret values are not considered. Over the years, many smart-card based authentication service protocol have been designed. Very recently, Xu, Zhu, Feng have suggested a provable and secure smart-card based authentication protocol. In this paper, first, we define all types of attacks in the smart-card based authentication service. According to the defined attacks, however, the protocol by Xu, Zhu, Feng is weak against an attack that an attacker with secret values of server is able to impersonate a valid user without knowing password and secret values of user. An efficient and secure countermeasure is suggested, then the security is analyzed.
Keywords
스마트카드 인증;사용자 인증;패스워드 인증;정보보안 시스템;
Citations & Related Records
연도 인용수 순위
  • Reference
1 P. Kocher, J. Jaffe, B. Jun, Differential power analysis, Proc. Advances in Cryptology (CRYPTO'99), 1999, pp. 388-397.
2 W.C. Ku, S.M. Chen, Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 50 (1) (2004) 204-207.
3 S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards and Interfaces 27 (2005) 181-.183.
4 C.K. Chan, L.M. Cheng, Cryptanalysis of a remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 46 (4) (2000) 992-993.   DOI   ScienceOn
5 C.C. Chang, K.F. Hwang, Some forgery attacks on a remote user authentication scheme using smart cards, Informatica 14 (3) (2003) 289-.294.
6 H.Y. Chien, J.K. Jan, Y.M. Tseng, An efficient and practical solution to remote authentication: smart card, Computer and Security 21 (4) (2002) 372-.375.   DOI   ScienceOn
7 H. Chung, W. Ku, M. Tsaur, Weakness and improvement of Wang et al.'s remote user password authentication scheme for resource limited environments, Computer Standards & Interfaces, 31 (2009) 863-868   DOI   ScienceOn
8 W. Diffie, P.C. van Oorschot, M.J. Wiener, Authentication and authenticated key exchanges, Designs Codes and Cryptography 2 (2) (1992) 107-.125.   DOI   ScienceOn
9 L. Lamport, Password authentication within secure communication, Communications of the ACM 24 (1981) 770-.772.   DOI   ScienceOn
10 N.Y. Lee, Y.C. Chiu, Improved remote authentication scheme with smart card, Computer Standards and Interfaces 27 (2005) 177 -.180.   DOI   ScienceOn
11 T.S. Messerges, E.A. Dabbish, R.H. Sloan, Examining smart-card security under the threat of power analysis attacks, IEEE Transactions on Computers 51 (5) (2002) 541-552   DOI   ScienceOn
12 H.M. Sun, An efficient remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 46 (4) (2000) 958-961.   DOI   ScienceOn
13 [SP800-78-2] NIST Special Publication 800-78-2, Cryptographic Algorithms and Key sizes for Personal Identity verification, February 2010. (See http://csrc.nist.gov)
14 E.J. Yoon, E.K. Ryu, K.Y. Yoo, Further improvement of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 50 (2) (2004) 612-614.   DOI   ScienceOn
15 [FIPS201] Federal Information Processing Standard 201-1, Change Notice 1, Personal Identity Verification (PIV) of Federal Employees and Contractors, March 2006. (See http://csrc.nist.gov)
16 M.S. Hwang, L.H. Li, A new remote user authentication scheme using smart card, IEEE Transactions on Consumer Electronics 46 (1) (2000) 28-.30.   DOI   ScienceOn
17 X.M. Wang, W.F. Zhang, J.S. Zhang, M.K. Khan, Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards, Computer Standards and Interfaces 29 (5) (2007) 507-512.   DOI   ScienceOn
18 J. Xu, W. Zhu, D. Feng, An improved smart card based password authentication scheme with provable security Computer Standards & Interfaces 31 (2009) 723-728   DOI   ScienceOn
19 H.T. Yeh, H.M. Sun, B.T. Hsieh, Security of a remote user authentication scheme using smart cards, IEICE Transactions on Communications E87-B (1) (2004) 192-194