Browse > Article
http://dx.doi.org/10.7838/jsebs.2012.17.4.001

Vulnerability Analysis and Improvement in Man-in-the-Middle Attack for Remote User Authentication Scheme of Shieh and Wang's using Smart Card  

Shin, Kwang-Cheul (Industrial Management Engineering, Sungkyul University)
Publication Information
The Journal of Society for e-Business Studies / v.17, no.4, 2012 , pp. 1-16 More about this Journal
Abstract
Shieh and Wang [10] recently proposed an efficient mutual authentication scheme that combined the cost-effectiveness of operations of Lee et al. [6]. scheme and the security and key agreement of Chen and Yeh scheme. Shieh and Wang [10] scheme, however, does not satisfy the security requirements against a third party (the man-in the middle, attacker) that have to be considered in remote user authentication scheme using password-based smart cards. Shieh and Wang weaknesses are the inappropriateness that it cannot verify the forged message in 3-way handshaking mutual authentication, and the vulnerability that the system (server) secret key can easily be exposed. This paper investigates the problems of Shieh and Wang scheme in the verification procedure of the forged messages intercepted by the eavesdrop. An enhanced two-way remote user authentication scheme is proposed that is safe and strong against multiple attacks by adding the ability to perform integrity check on the server and proposed scheme is not expose user password information and the system's confidential information.
Keywords
Mutual Authentication; Man-In-The-Middle Attack; Impersonation Attack; Eavesdrop; Dos Attack; Smart Card;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Chen, Y. C. and Yeh, L. Y., "An Efficient nonce-based authentication scheme with key agreement," Applied Mathematices and Computation, Vol. 169, pp. 982-994, 2005.   DOI
2 Hwang, M.-S. and Li, L. H., "A New Remote User Authentication Scheme Using Smarts Cards," IEEE Transactions on Consumer Electronics, Vol. 46, No.1, pp. 28-30, 2000.   DOI   ScienceOn
3 Kim, S. K. and Chung, M G., "More secure remote user authentication scheme," Computer Communications, Vol. 32, No. 6, pp. 1018-1021, 2009.   DOI
4 Lamport, L., "Password authentication -with msecure communication," communications of the ACM, Vol. 24, No. 11, pp. 710-712, 1981.
5 Lee, N. Y. and Chiu, Y. C., "lrnproved remote authentication scheme with smart card," Computer standards and Interface, Vol. 27, No.2, pp. 177-180, 2005.   DOI
6 Lee, S. W., Kim, H. S., and Yoo, K. Y., "Efficient nonce-based remote user authentication scheme using smart cards," Applied Mathematices and Computation, Vol. 167, pp. 355-361, 2005.   DOI
7 Liao, I. E., Lee, C. -C., and Hwang, M -S. : IDentity-based deniable authentication protocol from pairings. IMSA 2006 : 112-114.
8 Qi Xie, Wang, J-K., Chen, D.-R., and Wang, X.-Y., "A novel user authenticatiON scheme using smart card," College of Computer Science, Zhejiang University, Hangzhou, 310027, P R China, and Graduate School, Hangzhou Normal University, 2008.
9 Shieh, W. G., "The Weakness of Efficient nonce-based remote user authentication scheme using smart cards," WSEAS Trans. on Information Science and Applicayions, Vol. 3, No.3, pp. 584-587, 2006.
10 Shieh, W. G. and Wang, M. T., "A Cost Effective Mutual authentication scheme with Key Agreement using smart cards," International Journal of Information and Management Sciences, Vol. 19, No.4, pp. 571-587, 2008.
11 Song, R., "Advanced smart card based password authentication pmtocol," Computer standards and Interface, Vol. 32, pp. 321-325, 2010.   DOI
12 XU, J., Zhu, W. T., and Feng, D. G., "An improved smart card based password authentication scheme with provable security," Computer standards and Interface, Vol. 31, No.4, pp. 723-728, 2009.   DOI