Browse > Article
http://dx.doi.org/10.7840/kics.2014.39B.1.29

Security Analysis and Enhancement of Tsai et al.'s Smart-Card Based Authentication Scheme  

Kim, Myungsun (수원대학교 IT대학 정보보호학과)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.39B, no.1, 2014 , pp. 29-37 More about this Journal
Abstract
In this paper we show that a dynamic ID authentication scheme using smart cards proposed by Tsai et al. is not secure against DoS attack and insider attack. Further we claim that their scheme may raise a security problem when a user changes his/her password. Then we come up with a security-enhanced version only with small additional computational cost. Our scheme is based on the security of cryptographic hash function and the infeasibility assumption of discrete logarithm problem. In addition, we provide details of security and computational cost analysis.
Keywords
Remote authentication; Smartcards; DoS attack; Insider attack; Password;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 C. Chan and L. Cheng, "Cryptanalysis of a remote user authentication scheme using smart cards," IEEE Trans. Consumer Electron., vol. 46, no. 4, pp. 992-993, Nov. 2000.   DOI   ScienceOn
2 C. Chan and L. Cheng, "Cryptanalysis of timestamp-based password authentication scheme," J. Computers and Security, vol. 21, no. 1, pp. 74-76, 1st Quarter 2001.   DOI   ScienceOn
3 H. Chien, J. Jan, and Y. Tseng, "An efficient and practical solution to remote authentication: Smart card," J. Computers and Security, vol. 21, no. 4, pp. 372-375, Aug. 2002.   DOI   ScienceOn
4 Citrix, http://support.citrix.com.
5 M. Das, A. Saxena, and V. Gulati, "A dynamic ID-based remote user authentication scheme," IEEE Trans. Consumer Electron., vol. 50, no. 2, pp. 629-631, May 2004.   DOI   ScienceOn
6 N. Duif, "Smart card implementation of a digital signature scheme for twisted Edwards curves," M.S. Thesis, Technische Universiteit Eindhoven, May, 2011.
7 T. Elgamal, "A public key cryptosystem and a signature scheme based on discrete logarithms," IEEE Trans. Inform. Theory, vol. 31, no. 4, pp. 469-472, Jul. 1985.   DOI
8 M. Hwang and L. Li, "A new remote user authentication scheme using smart cards," IEEE Trans. Consumer Electron., vol. 46, no. 1, pp. 28-30, Feb. 2000.   DOI   ScienceOn
9 M. Hwang, C. Lee, and Y. Tang, "A simple remote user authentication scheme," Math. and Computer Modelling, vol. 36, no. 1, pp. 103-107, Nov. 2002.   DOI   ScienceOn
10 C. Hsu, "Security of two remote user authentication schemes using smart cards," IEEE Trans. Consumer Electron., vol. 49, no. 4, pp. 1196-1198, Nov. 2003.   DOI   ScienceOn
11 Z. Hao and N. Yu, "A security enhanced remote password authentication scheme using smart card," ISDPE, pp. 56-60, Buffalo, NY, Sept. 2010.
12 I. Lee, C. Lee, and M. Hwang, "Security enhancement for a dynamic ID-based remote user authentication scheme," NWeSP, pp. 437-440, Seoul, Korea, Aug. 2005.
13 M. Kim, "A brokered authentication scheme based on smart-card for multi-server authentication," J. KICS, vol. 38, no B.3, pp. 190-198, Mar. 2013.   과학기술학회마을   DOI
14 W. Ku and S. Chen, "Weakness and improvements of an efficient password based remote user authentication using smart cards," IEEE Trans. Consumer Electron., vol. 50, no. 1, pp. 204-207, Feb. 2004.   DOI   ScienceOn
15 R. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Commun. ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.   DOI   ScienceOn
16 H. Sun, "An efficient remote use authentication scheme using smart cards," IEEE Trans. Consumer Electron., vol. 46, no. 4, pp. 958-961, Nov. 2000.   DOI   ScienceOn
17 J. Tsai, T. Wu, and K. Tsai, "New dynamic ID authentication scheme using smart cards," IJCS, vol. 23, no. 12, pp. 1449-1462, Dec. 2010.
18 Y. Wang, J. Liu, F. Xiao, and J. Dan, "A more efficient and secure dynamic ID-based remote user authentication scene," Computer Comm., vol. 32, pp. 583-585, 2009.   DOI   ScienceOn
19 X. Wang, W. Zhang, J. Zhang, and M. Khan, "Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards," Computer Standards and Interfaces, vol. 29, no. 5, pp. 507-512, Jul. 2007.   DOI   ScienceOn
20 E. Yoon, E. Lee, and K. Yoo, "Cryptanalysis of Wang et al.'s remote user authentication scheme using smart cards," ICIT: New Generations, pp. 575-580, Las Vegas, USA, Apr. 2008.
21 E. Yoon, E. Ryu, and Y. Yoo, "Further improvement of an efficient password based remote user authentication scheme using smart cards," IEEE Trans. Consumer Electron., vol. 50, no. 2, pp. 612-614, May 2004.   DOI   ScienceOn
22 E. Yoon, E. Ryu, and Y. Yoo, "An improvement of Hwang-Lee-Tang's simple remote user authentication scheme," Computers & Security, vol. 24, no. 1, pp. 50-56, Feb. 2005.   DOI   ScienceOn
23 W. Yang and S. Shieh, "Password authentication schemes with smart cards," Computers and Security, vol. 18, no. 8, pp.727-733, 1999.   DOI   ScienceOn
24 H. Zhang and M. Li, "Security vulnerabilities of an remote password authentication scheme with smart card," CECNet, pp. 698-701, Xianning, China, Apr. 2011.