Improvements of the Hsiang-Shih's remote user authentication scheme using the smart cards

Younghwa An

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2010, 15(2), pp.119-125
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

Younghwa An ¹

¹강남대학교

ABSTRACT

Recently Hsiang-Shih proposed the user authentication scheme to improve Yoon et al's scheme. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hsiang-Shih's scheme is vulnerable to the off-line password guessing attack. In other words, the attacker can get the user's password using the off-line password guessing attack on the scheme when the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved scheme based on the hash function and random number was introduced, thus preventing the attacks, such as password guessing attack, forgery attack and impersonation attack etc. And we suggested the effective mutual authentication scheme that can authenticate each other at the same time between the user and server.
KEYWORDS

User Authentication, Smart Card, Password Guessing Attack, Forgery Attack
REFERENCES (14)

[journal] L.Lamport / 1981 / Password authentication with insecure communication / Communications of the ACM 24(11) : 770~772

[journal] R.E.Lennon / 1981 / Cryptographic authentication of time-invariant quantities / IEEE Trans.Communication 6 : 773~777

[journal] S.M.Yen / 1997 / Shared authentication token secure against replay and weak key attack / Information Proceeding Letters : 78~80

[journal] H.Y.Chien / 2002 / An efficient and practical solution to remote authentication using smart card / Computers & Security 21(4) : 372~375

[journal] C.W.Lin / 2003 / Security Enhancement for Optimal Strong-Password Authentication Protocol / ACM Operating Systems Review 37(2)

[journal] S.M.Chen / 2004 / Weakness and improvements of an efficient password based remote user authentication scheme using smart cards / IEEE Transactions on Consumer Electronics 50(1) : 204~207

[journal] E.J.Yoon / 2004 / Further improvements of an efficient password based remote user authentication scheme using smart cards / IEEE Transactions on Consumer Electronics 50(2) : 612~614

[confproc] X.Duan / 2006 / Security improvements on Chien et al.'s remote user authentication scheme using smart cards / IEEE International conference on Computational Intelligence and Security(CIS 2006), : 1133~1135

[journal] C.W.Lin / 2006 / A New Strong-Password Authentication Scheme Using One-Way Hash Functions / Journal of Computer and Systems Sciences International 45(4) : 623~626

[journal] H.C Hsiang / 2009 / Weakness and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards / Computer Communications 32 : 649~652

[confproc] P.Kocher / 1999 / Differential power analysis / Proceedings of Advances in Cryptology(CRYPTO 99) : 388~397

[journal] T.S.Messerges / 2002 / Examining smart-card security under the threat of power analysis attacks / IEEE Transactions on Computers 51(5) : 541~552

[journal] 신광철 / 2007 / Secure OTP Smart Card Authentication Protocol for Denial of Service / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 12(6) : 201~206

[journal] 안영화 / 2009 / Analysis to a Remote User Authentication Scheme Using Smart Cards / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 14(3) : 133~138
KCI Citation (1)

KJC Korea
Journal Central

Statistics

Tools