Browse > Article
http://dx.doi.org/10.7840/kics.2012.37C.8.697

Cryptanalysis of a Secure Remote User Authentication Scheme  

Qiuyan, Jin (성균관대학교 정보통신공학부 정보보호연구소)
Lee, Kwang-Woo (성균관대학교 정보통신공학부 정보보호연구소)
Won, Dong-Ho (성균관대학교 정보통신공학부 정보보호연구소)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.37, no.8C, 2012 , pp. 697-702 More about this Journal
Abstract
In 2011, C.-T. Li et al. proposed a secure user authentication scheme, which is an improvement over Kim et al.'s scheme to resolve several security flaws such as off-line password guessing attack and masquerading attack. C.-T. Li et al. claimed that their scheme prevents smart card security related attacks. Moreover, it provides mutual authentication and session key establishment. However, we found that their scheme is vulnerable to password guessing attack through password change phase, smart card forgery attack and stolen verifier attack. Moreover, C.-T. Li et al.'s scheme is not secure against password guessing attack as they claimed. In this paper, we also point out that their scheme is not practical to use.
Keywords
취약점 분석;스마트카드;패스워드 추측 공격;네트워크 보안;원격 사용자 인증;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C.-L. Chen, Y.-F. Lin, N.-C. Wang, Y.-L. Chen. An Improvement on Hsiang and Shih's Remote User Authentication Scheme Using Smart Cards. 2011 12th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 53-57.
2 M. KUMAR, M.K. GUPTA, S. KUMARI. An Improved Smart Card Based Reote user Authentication Scheme with Session Key Agreement During the Verification Phase. Journal of Applied Computer Science & Mathematics, no. 11 (5) /2011, Suceava 38-46
3 C.I. Fan, Y.C. Chan, Z.K. Zhang, Robust remote authentication scheme with smart cards, Computers & Security 24 (8) (2005) 619-628.   DOI   ScienceOn
4 Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of Advances in Cryptology, pp. 388-397(1999)
5 T.S. Messerges, E.A. Dabbish, R.H. Sloan, Examining smart-card security under the threat of power analysis attacks, IEEE Transactions on Computers 51 (5)(2002) 541-552.   DOI   ScienceOn
6 Namje Park, Seungjoo Kim, Dongho Won, Secure group communication over combined wired and wireless networks, Lecture Note in Computer Science, Vol.3592, Springer-Verleg, pp.90-99 (2005)
7 Kwangwoo Lee, Dongho Won, and Seungjoo Kim, A Secure and Efficient E-Will System Based on PKI, Information - An International Interdisciplinary Journal, International Information Institute, Vol. 14, No 7, pp.2187-2206 (2011)
8 Namje Park, Seungjoo Kim, Dongho Won, Lecture Note in Computer Science,Vol.4217, Springer-Verleg, pp.494-505 (2006)
9 H.Y. Chien, J.K. Jan, Y.M. Tseng, An efficient and practical solution to remote authentication: smart card, Computers & Security 21 (4) (2002) 372-375.   DOI   ScienceOn
10 S. Lee, H. Kim, K. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards & Interfaces 27 (2004) 181-183.
11 E. Yoon, K. Yoo, More efficient and secure remote user authentication scheme using smart cards, in: Proceedings of 11th International Conference on Parallel and Distributed System, vol. 2, 2005, pp. 73-77.
12 Kim, S.K., Chung, M.G.: More secure remote user authentication scheme. Computer Communications 32(6), 1018-1021 (2009)   DOI   ScienceOn
13 W.-B.Horng, C.-P. Lee, J.-W. Peng Cryptanalysis of a More Secure Remote User Authentication Scheme, Computer symposium (ICS), 2010 International 16-18 Dec.2010 284 - 287
14 C.-T. Li, C.-C. Lee, C.-J. Liu, C.-W. Lee A Robust Remote User Authentication Scheme against Smart Card Security Breach. Data and Applications Security and Privacy XXV, , pp. 231-238, 2011.c_IFIP International Federation for Information Processing 2011
15 S. K. Sood, A.K. Sarje, K. Singh. An Improvement of Hsiang-Shih's Authentication Scheme Using Smart Cards. International Conference and Workshop on Emerging Trends in Technology (ICWET 2010) - TCET, Mumbai, India 19-25