Browse > Article
http://dx.doi.org/10.7236/JIWIT.2011.11.5.131

Security Improvement of Remote User Authentication Scheme based on Smart Cards  

Joo, Young-Do (강남대학교 컴퓨터미디어공학부)
An, Young-Hwa (강남대학교 컴퓨터미디어공학부)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.11, no.5, 2011 , pp. 131-137 More about this Journal
Abstract
Recently Lin et al. proposed a simple remote user authentication scheme using smart cards. But the proposed scheme has not satisfied security requirements which should be considered in the user authentication scheme using the password based smart card. In this paper, we show that Lin et al.'s scheme is insecure against off-line password guessing attack. In their scheme, any legal user's password may be derived from the password guessing when his/her smart card is stolen and the secret information is leaked from the smart card by an attacker. Accordingly, we demonstrate the vulnerability of their scheme and present an enhancement to resolve such security weakness. Our proposed scheme can withstand various possible attacks including password guessing attack. Furthermore, this improved scheme can provide mutual authentication to improve the security robustness. Performance evaluation shows that the proposed scheme is relatively more effective than Lin et al.'s scheme.
Keywords
Authentication; Smart Card; Password Guessing Attack; Replay Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 E. J. Yoon, E. K. Ryu, and K. Y. Yoo, "Further Improvements of an Efficient Password based Remote User Authentication Scheme Using Smart Cards", IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 612-614, 2004.   DOI   ScienceOn
2 X. Duan, J. W. Liu, and Q. Zhang, "Security Improvements on Chien et al.'s Remote User Authentication Scheme Using Smart Cards", IEEE International Conference on Computational Intelligence and Security, pp. 1133-11135, 2006.
3 C. W. Lin, C. S. Tsai, and M. S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions", Journal of Computer and Systems Sciences International, Vol. 45, No. 4, pp. 623-626, 2006.   DOI   ScienceOn
4 H. C Hsiang, and W. K. Shih, "Weakness and Improvements of the Yoon-Ryu-Yoo Remote User Authentication Scheme Using Smart Cards", Computer Communications, Vol. 32, pp. 649-652, 2009.   DOI   ScienceOn
5 J. Xu, W. T. Zhu, and D. G. Feng, "An Improved Smart Card based Password Authentication Scheme with Provable Security", Computers Standard & Interfaces, Vol. 31, pp. 723-728, 2009   DOI   ScienceOn
6 P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999.
7 T. S. Messerges, E. A. Dabbish, and R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers, Vol. 51, No. 5, pp. 541-552, 2002.   DOI   ScienceOn
8 N. Aoskan, H. Debar, M. Steiner and M. Waidner, "Authentication Public Terminals", Computer Network, Vol. 31, pp. 861-970, 1999.   DOI   ScienceOn
9 L. Lamport, "Password Authentication with Insecure Communication", Communications of the ACM Vol. 24, No. 11, pp. 770-772, 1981.   DOI   ScienceOn
10 R. E. Lennon, S. M. Matyas, and C. H. Mayer, "Cryptographic Authentication of Time-invariant Quantities", IEEE Trans. Commun., COM-29, Vol. 6, pp. 773-777, 1981.
11 S. M. Yen, and K. H. Liao, "Shared Authentication Token Secure against Replay and Weak Key Attack", Information Proceeding Letters, pp. 78-80, 1997.
12 H. Y. Chien, J. K. Jan, and Y. M. Tseng, "An Efficient and Practical Solution to Remote Authentication", Smart Card, Computers & Security, Vol. 21, No. 4, pp. 4372-375, 2002.
13 C. W. Lin, J. J. Shen, and M. S. Hwang, "Security Enhancement for Optimal Strong Password Authentication Protocol", ACM Operating Systems Review, Vol. 37, No. 2, 2003.
14 S. M. Chen, and W. C. Ku, "Weakness and Improvements of an Efficient Password based Remote User Authentication Scheme Using Smart Cards", IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, pp. 204-207, 2004.   DOI