Browse > Article

Formal Analysis of Authentication System based on Password using Smart Card  

Kim, Hyun-Seok (고려대학교 컴퓨터학과)
Kim, Ju-Bae (고려대학교 컴퓨터학과)
Jeong, Yeon-Oh (고려대학교 컴퓨터학과)
Han, Keun-Hee (행정안전부 정보보호정책과)
Chai, Jin-Young (고려대학교 컴퓨터학과)
Publication Information
Journal of KIISE:Computer Systems and Theory / v.36, no.4, 2009 , pp. 304-310 More about this Journal
Abstract
Due to widely use of internet, a lot of users frequently access into remote server in distributed computing environment. However, transmitting the information using vulnerable channel without authentication security system can be exposed to replay attack, offline password attack, and impersonation attack. According to this possibility, there is research about authentication protocol to prevent these hostile attacks using smart card. In this paper, we analyze vulnerability of user authentication system based on password and propose modified user authentication system.
Keywords
Smart card; Password authentication; Offline guessing attack; Formal verification;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Lin, C.L., Wen, H.A., Hwang, T. and Sun, H.M. "Provably secure three-party password-authenticated key exchange," IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E87-A (11), pp. 2990-3000, 2004.
2 Ku, W.C. and Chen, S.M., "Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics 50 (1), pp. 204-207, 2004.   DOI
3 Hwang, T. and Ku, W.C., "Reparable key distribution protocols for Internet environ- ments," IEEE Trans.Commun., Vol.43, No.5, pp. 1947-1949, May, 1995.   DOI   ScienceOn
4 Kocher, P., Jaffe, J. and Jun, B., "Differential power analysis," In Proc.of Advances in Cryptology (CRYPTO'99), pp. 388-397, 1999.
5 Messerges, T.S., Dabbish, E.A. and Sloan, R.H., "Examining smart card security under the threat of power analysis attacks," IEEE Transactions on Computers 51(5), pp. 541-552, 2002.   DOI   ScienceOn
6 MacKenzie, P., "More Efficient Password Authenticated Key Exchange," RSA Conference, Cryptographer's Track, pp. 361-377, 2001.
7 Boyko, V., MacKenzie, P. and Patel, S., "Provably Secure Password Authentication and key Exchange Using Diffie-Hellman(extended abstract)," EuroCrypt 2000, pp. 156-171, 2000.
8 Munilla, J. and Peinado, A., "Off-line password guessing attack to Peyravian-Jeffries's remote user authentication protocol," A Computer Communications 30, pp. 52-54, 2006.   DOI   ScienceOn
9 Bellovin, S. M. and Merritt. M., "Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attacks," In Proc. of IEEE Security and Privacy, pp. 72-84, 1992.
10 Bellovin, S.M. and Merritt, M., "Augmented encrypted key exchange : a password-based protocol secure against dictionary attacks and password file compromise," Technical report, AT&T Bell Laboratories, 1994.
11 Kwon, T. and Song, J., "Secure agreement scheme for gxy via password authen-tication," Electronics Letters Vol.35, No.11, pp. 892-893, 1999.   DOI   ScienceOn
12 Chen, T.H. and Lee, W.B., "A new method for using hash functions to solve remote user authentication," Computers and Electrical Engineering 34, pp. 53-62, 2008.   DOI   ScienceOn
13 Lowe, G., "Casper: A compiler for the analysis of Security Protocols," In Proc. of the 1997 IEEE Computer Security Foundations Workshop X, IEEE Computer Society, Silver Spring, MD, pp. 18-30, 1997.
14 Hoare, C.A.R., Communicating Sequential Processes, Prentice-Hall, 1985.
15 Formal Systems Ltd. FDR2 User Manual, Aug. 1999.
16 MacKenzie, P., Shrimpton, T., and Jakobsson, M., "Threshold Password Authenticated Key Exchange (extended abstract)," Advances in Cryptology Proc. of CRYPTO 2002, pp. 385-400, 2002.
17 Chien, H.Y. and Chen, C.H., "A Remote Authentication Scheme Preserving User Anonymity," IEEE AINA'05, Vol.2, pp. 245-248, 2005.
18 Das, M.L., Saxena, A., and Gulati, V.P., "A dynamic ID-based remote user authentication Scheme," IEEE Transactions on Consumer Electronics, Vol. 50, No.2, pp. 629-631, 2004.   DOI   ScienceOn