Browse > Article
http://dx.doi.org/10.7236/JIWIT.2012.12.6.91

Security Improvements on Smart-Card Based Mutual Authentication Scheme  

Joo, Young-Do (Dept. of Computer and Media Information, Kangnam University)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.12, no.6, 2012 , pp. 91-98 More about this Journal
Abstract
Password-based authentication schemes have been widely adopted in order to protect resources from unauthorized access. In 2008, Liu et al. proposed a new mutual authentication scheme using smart cards which can withstand the forged attack. In this paper, author has proven that Liu et al.'s scheme is still vulnerable to the various attacks by analyzing the security of their scheme. This paper introduces an enhanced scheme to overcome these security weakness and to provide mutual authentication between the user and the server, even if the secrete information stored in the smart card is revealed by an attacker. The comparative result from the security analysis demonstrates that the proposed scheme is more secure against the possible attacks than Liu et al.'s scheme.
Keywords
Mutual Authentication; Smart Card; User Impersonation Attack; Password Guessing Attack;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 W. H. Yang, and S. P. Shieh, "Password Authentication with Smart Card", Computers and Security, Vol. 18, No. 8, pp. 727-733, 1999.   DOI   ScienceOn
2 J. J. Shen, C. W. Lin, and M. S. Hwang, "Security Enhancement for Timestamp-based Password Authentication Scheme Using Smart Cards", Computers and Security, Vol. 22, No. 7, pp. 591-595, 2003.   DOI
3 S. T. Wu, and B. C. Chieu, "A User Friendly Remote Authentication Scheme with Smart Cards", Computers and Security, Vol. 22, No. 6, pp. 629-631, 2003.
4 M. L. Das, A. Sxena, and V. P. Gulathi, "A Dynamic ID-based Remote User Authentication Scheme", IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629-631, 2004.   DOI   ScienceOn
5 H. Y. Chien, and C. H. Chen, "A Remote Password Authentication Preserving User Anonymity", Proceedings of 19th International Conference on Advanced Information Networking and Applications (AINA '05), 2005.
6 E. J. Yoon, E. K. Ryu, and K. Y. Yoo, "Attack on the Shen et al.'s Timestamp-based Password Authentication Scheme Using Smart Cards", IEICE Transactions on Fundamentals E88-A (1), pp. 319-321, 2005.   DOI
7 C. W. Lin, C. S. Tsai, and M. S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions", Journal of Computer and Systems Sciences International, Vol. 45, No. 4, pp. 623-626, 2006.   DOI   ScienceOn
8 C. S. Bindu, P. C. Reddy, and B. Satyanarayana, "Improved Remote User Authentication Scheme Preserving User Anonymity", International Journal of Computer Science and Network Security, Vol. 8, No. 3, pp. 62-66, 2008.
9 C. C. Chang, and C. Y. Lee, "A Friendly Password Mutual Authentication Scheme for Remote Login Network System", International Journal of Multimedia and Ubiquitous Engineering, Vol. 3, No. 1, pp. 59-63, 2008.
10 J. Y. Liu, A. M. Zhou, and M. X. Gao, "A New Authentication Scheme based on Nonce and Smart Cards", Computer Communication, Vol. 31, pp. 2205-2209, 2008.   DOI
11 M. Choi, T. Kim, S. Yeo, and E. Cho, "A Study on the Network Security Level Management", Journal of Korean Institute of Information Technology, Vol. 7, No. 1, pp. 214-219, 2009.
12 H Lee, and Y. Park, "A Design and Implementation of User Authentication System using Biometric Information", Journal of Korea Academia-Industrial cooperation Society, Vol. 11, No. 9, pp. 3548-3557, 2010.   과학기술학회마을   DOI
13 P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999.
14 T. S. Messerges, E. A. Dabbish, and R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers, Vol. 51, No. 5, pp. 541-552, 2002.   DOI   ScienceOn