Analysis to a Remote User Authentication Scheme Using Smart Cards (스마트 카드를 이용한 사용자 인증 스킴의 안전성 분석)

Younghwa An (안영화); KangHo-Lee (이강호)

Analysis to a Remote User Authentication Scheme Using Smart Cards

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2009, 14(3), pp.133-138
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

Younghwa An ¹, KangHo-Lee ²

¹강남대학교
²한국재활복지대학

Accredited

ABSTRACT

Recently Lin et al. proposed the remote user authentication scheme using smart cards. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we showed that he can get the user's password using the off-line password guessing attack on the scheme when the adversary steals the user's smart card and extracts the information in the smart card. Also, we proposed the seven security requirements for evaluating remote user authentication schemes using smart card. As a result of analysis, in Lin et al.'s scheme we have found the deficiencies of security requirements. So we suggest the improved scheme, the mutual authentication scheme that does not store the user's password verifier in server and can authenticate each other at the same time between the user and server.

KEYWORDS

User Authentication, Smart Card, Off-line password pre-computation attack

Citation status

* References for papers published after 2023 are currently being built.

[journal] 정경숙 / 2003 / 효율적 사용자 인증을 위한 SRP 기반의 독립적 인증 프로토콜 설계 / 한국컴퓨터정보학회논문지 8(3) : 130~137

[journal] 신광철 / 2007 / Secure OTP Smart Card Authentication Protocol for Denial of Service / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 12(6) : 201~206

[journal] C.-C. Chang / 1991 / Remote Password Authentication with Smart Cards / IEEE Proceedings E-Computers and Digital Techniques 138(3) : 165~168

[journal] M.-S. Hwang / 2000 / A New Remote User Authentication Scheme Using Smart Cards / IEEE Trans. on Consumer Electronics 46(1) : 28~30

[confproc] P.Kocher / 1999 / Differential Power Analysis / Proceedings of Advances in Cryptology (CRYPTO 1999) : 388~397

[journal] C. L. Lin / 2001 / Attacks and Solutions on Strong-Password Authentication / IEICE Trans. Communications E84-B(9) : 2622~2627

[journal] C. -W. Lin / 2006 / A New Strong-Password Authentication Scheme Using One-Way Hash Functions / Journal of Computer and Systems Sciences International 45(4) : 623~626

[journal] T.-S. Messerges / 2002 / Examining Smart Card Security Under The Threat of Power Analysis Attacks / IEEE Trans. on Computers 51(5) : 541~552

[journal] M.Sandirigama / 2000 / Simple and Secure Password Authentication Protocol (Sas) / IEICE Transactions on Communications E83-B : 1363~1365

[journal] H.-M. Sun / 2000 / An efficient remote user authen -tication scheme using smart cards / IEEE Transactions on Consumer Electronics 46(4) : 958~

[journal] X. Tian / 2007 / Improved Efficient Remote User Authentication Schemes / International Journal of Network Security 4(2) : 149~154

[journal] W.-H. Yang / 1999 / Password authentication schemes with smart card / Computers & Security 18(8) : 727~733

[journal] H.-Y. Chien / 2002 / An Efficient and Practical Solution to Remote Authentication: Smart Card / Computer & Security 21(4) : 372~375

[journal] M.-L. Das / 2004 / A dynamic ID-based remote user authentication scheme / IEEE Transaction on Computer Electronics 50(2) : 629~631

[confproc] I.-E. Liao / 2005 / Security Enhancement for A Dynamic ID-Based Remote User Authentication Scheme / IEEE Proceeding of The International Conference on Next Generation Web Services Practices (NWeSp'05) : 437~440

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65