Browse > Article
http://dx.doi.org/10.9717/kmms.2017.20.4.614

Secure Remote User Authentication Protocol against Privileged-Insider Attack  

Lee, SungYup (School of Electronics Engineering, Kyungpook National University)
Park, YoHan (Division of Information Technology, Korea Nazarene University)
Park, YoungHo (School of Electronics Engineering, Kyungpook National University)
Publication Information
Journal of Korea Multimedia Society / v.20, no.4, 2017 , pp. 614-628 More about this Journal
Abstract
Recently, Due to the rapid development of the internet and IT technology, users can conveniently use various services provided by the server anytime and anywhere. However, these technologies are exposed to various security threat such as tampering, eavesdropping, and exposing of user's identity and location information. In 2016, Nikooghadam et al. proposed a lightweight authentication and key agreement protocol preserving user anonymity. This paper overcomes the vulnerability of Nikooghadam's authentication protocol proposed recently. This paper suggests an enhanced remote user authentication protocol that protects user's password and provides perfect forward secrecy.
Keywords
Remote User Authentication Protocol; Biometric; Privileged-Insider Attack; Symmetric Key;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 H.M. Sun, "An Efficient Remote Use Authentication Scheme Using Smart Cards," IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, pp. 958-961, 2000.   DOI
2 B.L. Chen, W.C. Kuo, and L.C. Wuu, "Robust Smart-Card-Based Remote User Password Authentication Scheme," International J ournal of Communication Systems, Vol. 27, No. 2, pp. 377-389, 2014.   DOI
3 S.Y. Lee, K.S. Park, Y.H. Park, and Y.H. Park, "Symmetric Key-Based Remote User Authentication Scheme with Forward Secrecy," Journal of Korea Multimedia Society, Vol. 19, No. 3, pp. 585-594, 2016.   DOI
4 Y.F. Chang, W.L. Tai, and H.C. Chang, "Untraceable Dynamic-Identity-Based Remote User Authentication Scheme with Verifiable Password Update," International J ournal of Communication Systems, Vol. 27, No. 11, pp. 3430-3440, 2014.
5 G. Yang, D.S. Wong, H. Wang, and X. Deng, "Two-Factor Mutual Authentication Based on Smart Cards and Passwords," Journal of Computer and System Sciences, Vol. 74, No. 7, pp. 1060-1172, 2008.
6 Q. Jiang, J. Ma, X. Lu, and Y. Tian, "An Efficient Two-Factor User Authentication Scheme with Unlinkability for Wireless Sensor Networks," Peer-to-Peer Networking and Applications, Vol. 8, No. 6, pp. 1070-1081, 2015.   DOI
7 H. Arshad and M. Nikooghadam, "Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems," Journal of Medical Systems, Vol. 38, No. 12, pp. 1-12, 2014.   DOI
8 A.K. Das, "A Secure and Robust Temporal Credential-Based Three-Factor User Authentication Scheme for Wireless Sensor Networks," Peer-to-Peer Networking and Applications, Vol. 9, No. 1, pp. 223-244, 2016.   DOI
9 A.T.B. Jin, D.N.C. Ling, and A. Goh, "Biohashing: Two Factor Authentication Featuring Fingerprint Data and Tokenised Random Number," Pattern Recognition, Vol. 37, No. 11, pp. 2245-2255, 2004.   DOI
10 Y. Dodis, L. Reyzin, and A. Smith, "Fuzzy Extractors: How to Generate Strong Keys form Biometrics and Other Noisy Data," Proceeding of International Conference on the Theory and Application of Cryptographic Techniques, pp. 523-540, 2004.
11 X. Boyen, "Reusable Cryptographic Fuzzy Extractors," Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 82-91, 2004.
12 D. Wang, P. Wang, C.G. Ma, and Z. Chen, "Robust Smart Card Based Password Authentication Scheme against Smart Card Security Breach," Cryptology Eprint Archive, pp. 1-35, 2012.
13 S. Kumari, M.K. Khan, and X. Li, "An Improved Remote User Authentication Scheme with Key Agreement," Computers & Electrical Engineering, Vol. 40, No. 6, pp. 1997-2012, 2014.   DOI
14 S.A. Chaudhry, M.S. Farash, H. Naqvi, S. Kumari, and M.K. Khan, "An Enhanced Privacy Preserving Remote User Authentication Scheme with Provable Security," Security and Communication Networks, Vol. 8, No. 18, pp. 3782-3795, 2015.   DOI
15 M. Nikooghadam, R. Jahantigh, and H. Arshad, "A Lightweight Authentication and Key Agreement Protocol Preserving User Anonymity," Multimedia Tolls and Applications, pp. 1-23, 2016.