Browse > Article
http://dx.doi.org/10.9723/jksiis.2010.15.3.033

An Improved User Authentication Scheme Based on Random Nonce  

Joo, Young-Do (강남대학교 컴퓨터미디어공학부)
An, Young-Hwa (강남대학교 컴퓨터미디어공학부)
Publication Information
Journal of Korea Society of Industrial Information Systems / v.15, no.3, 2010 , pp. 33-40 More about this Journal
Abstract
Recently Yoon et al. proposed the remote user authentication scheme using smart cards. But their scheme has not satisfied security requirements which should be considered in the user authentication scheme using the password based smart card. In this paper, we prove that Yoon et al.'s scheme is vulnerable to a password guessing attack in case that the attacker steals the user's smart card and extracts the information from the smart card. Accordingly, we propose the improved user authentication scheme based on the hash function and random nonce that can withstand various possible attacks including a password guessing attack. The result of comparative analysis demonstrates that the our proposed scheme is much more secure and efficient than the Yoon et al.'s scheme, with a trivial trade-off to require just a few more exclusive-OR operations.
Keywords
User Authentication; Smart Card; Password Guessing Attack;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 E. J. Yoon, E. K. Ryu and K. Y. Yoo, "An Improvement of Hwang-Lee-Tang's Simple Remote User Authentication," Computer & Security, 24, pp. 50-56, 2005.   DOI   ScienceOn
2 J. Xu, W. T. Zhu and D. G. Feng, "An Improved Smart Card Based Password Authentication Scheme with Provable Security," Computers Standards & Interfaces, 31, pp. 723-728, 2009.   DOI   ScienceOn
3 M. S. Hwang, C. C. Lee and Y. L. Tang, "A Simple Remote User Authentication," Math Comput. Model, 36, pp. 103-107, 2002.   DOI   ScienceOn
4 이영숙, 원동호, "스마트카드를 이용한 사용자 인증 스킴의 안전성 분석 및 개선", 한국컴퓨터정보학회 논문지, 제15권, 제1호, pp. 139-147, 2010년 1월.   과학기술학회마을
5 H. M. Sun, "An Efficient Remote User Authentication Scheme Using Smart Cards," IEEE Trans. Consum Electron, 46(4), 2000.
6 M. S. Hwang and L. H. Li, "A New Remote User Authentication Scheme Using Smart Cards," IEEE Trans. Consum Electron, 46(1), 2000.
7 R. E. Lennon, S. M. Matyas and C. H Mayer, "Cryptographic Authentication of Time-invariant Quantities," IEEE Trans. Commun, COM-29, Vol. 6, pp. 773-777, 1981.   DOI
8 S. M. Yen and K. H. Liao, "Shared Authentication Token Secure against Replay and Weak Key Attack," Information Proceeding Letters, pp 78-80, 1997.
9 안영화, 서정만, "스마트카드를 사용한 원격 사용 자 인증 스킴의 시큐리티 개선에 관한 연구", 한 국컴퓨터정보학회논문지, 제15권, 제3호, pp. 91-97, 2010년 3월.   과학기술학회마을
10 L. Lamport, "Password Authentication with Insecure Connmunication," Communications of the ACM, 24(11), pp. 770-772, 1981.   DOI   ScienceOn
11 P. Kocher, J. Jaffe and B. Jun, "Differential Power Analysis," Proceedings of Advances in Cryptology (CRYPTO 99), pp. 388 - 397, 1999.
12 X. Duan, J,W. Liu and Q. Zhang, "Security Improvements on Chien et al.' s Remote User Authentication Scheme Using Smart Cards," IEEE International Conference on Computational Intelligence and Security (CIS 2006), 2, pp. 1133-1135, 2006.
13 C. W. Lin, C. S. Tsai and M. S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions," Journal of Computer and Systems Sciences International, Vol. 45, No.4, pp. 623-626, 2006.   DOI   ScienceOn
14 T. S. Messerges, E. A. Dabbish and R. H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Transactions on Computers, 51 (5), pp. 541- 552, 2002.   DOI   ScienceOn