Browse > Article
http://dx.doi.org/10.9717/kmms.2017.20.3.500

An Enhanced Symmetric Key-Based Remote User Authentication Scheme with Forward Secrecy  

Moon, Jongho (Dept. of Electrical and Computer Eng., Graduate School, Sungkyunkwan University)
Won, Dongho (Dept. of Computer Eng., Graduate School, Sungkyunkwan University)
Publication Information
Journal of Korea Multimedia Society / v.20, no.3, 2017 , pp. 500-510 More about this Journal
Abstract
Recently Lee et al. proposed an improved symmetric key-based remote user authentication scheme to eliminate the security weaknesses of Kumari et al.'s scheme. They hence claimed that their scheme is secure to various well-known attacks. However, we found that Lee et al.'s scheme is still insecure against outsider attack, smart card stolen and off-line password guessing attack. To overcome these security vulnerabilities, we propose an enhanced authentication scheme with key-agreement which is based on the fuzzy-extractor. Furthermore, we prove that the proposed scheme is more secure, and that it serves to gratify all of the required security properties. Finally, we compare the performance and functionality of the proposed scheme with those of previous schemes.
Keywords
User Authentication; Fuzzy Extractor; Biometrics; Smart Card;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 D. Dolev and A.C. Yao, "On the Security of Public Key Protocols," IEEE Transactions on Information Theory, Vol. 29, No. 2, pp. 198-208, 1983.   DOI
2 P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi, "Introduction to Differential Power Analysis," Journal of Cryptographic Engineering, Vol. 1, No. 1, pp. 5-27, 2011.   DOI
3 Y. Dodis, L. Reyzin, and A. Smith, "Cryptanalysis and Security Enhancement of a More Efficient and Secure Dynamic ID-based Remote User Authentication Scheme," Journal of Computer Communications, Vol. 32, No. 4, pp. 583-585, 2009.   DOI
4 Y. Choi and D. Won, "Security Enhanced User Authentication Scheme With Key Agreement Based on Fuzzy Extraction Technology," Journal of Internet Computing and Services, Vol. 17, No. 3, pp. 1-10, 2016.   DOI
5 L. Lamport, "Password Authentication with Insecure Communication," Communications of the ACM, Vol. 24, No. 11, pp. 770-772, 1981.   DOI
6 R. Ramasamy and A.P. Muniyandi, "New Remote Mutual Authentication Scheme Using Smart Cards," Transactions on Data Privacy, Vol. 2, No. 2, pp. 141-152, 2009.
7 Y. Lee and D. Won, "Cryptanalysis and Enhancement of a Remote User Authentication Scheme Using Smart Cards," Journal of the Korea Society of Computer and Information, Vol. 15, No. 1, pp. 139-147, 2010.   DOI
8 M.K. Khan, S.K. Kim, and K. Alghathbar, "Cryptanalysis and Security Enhancement of a 'More Efficient and Secure Dynamic IDbased Remote User Authentication Scheme'," Journal of Computer Communications, Vol. 34, No. 3, pp. 305-309, 2011.   DOI
9 J. Moon, Y. Choi, and D. Won, "A Secure Attribute-based Authentication Scheme for Cloud Computing," KIISE Transaction on Computing Practices, Vol. 22, No. 8, pp. 345-350, 2016.   DOI
10 Y.Y Wang, J.Y. Kiu, F.X. Xiao, and J. Dan, "A More Efficient and Secure Dynamic IDbased Remote User Authentication Scheme," Journal of Computer Communications, Vol. 32, No. 4, pp. 583-585, 2009.   DOI
11 H.M. Chen, J.W. Lo, and C.K. Yeh, "An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems," Journal of Medical Systems, Vol. 36, No. 6, pp. 3907-3915, 2012.   DOI
12 Q. Jiang, J. Ma, Z. Ma, and G. Li, "A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems," Journal of Medical Systems, Vol. 37, No. 1, pp. 1-18, 2013.
13 S. Kumari, M.K. Khan, and R. Kumar, "Cryptanalysis and Improvement of 'A Privacy Enhanced Scheme for Telecare Medical Information System'," Journal of Medical Systems, Vol. 37, No. 4, pp. 1-11, 2013.
14 K.W. Kim and J.D. Lee, "On the Security of Two Remote User Authentication Schemes for Telecare Medical Information Systems," Journal of Computer Communications, Vol. 38, No. 5, pp. 1-11, 2014.   DOI
15 S.Y. Lee, K.S. Park, Y.H. Park, and Y.H. Park, "Symmetric Key-based Remote User Authentication Scheme With Forward Secrecy," Journal of Korea Multimedia Society, Vol. 19, No. 3, pp. 585-594, 2016.   DOI
16 K.S. Park, S.Y. Lee, Y.H. Park, and Y.H. Park, "An ID-based Remote User Authentication Scheme in IoT," Journal of Korea Multimedia Society, Vol. 18, No. 12, pp. 1483-1491, 2015.   DOI