Cryptanalysis and Enhancement of a Remote User Authentication Scheme Using Smart Cards

Youngsook Lee (이영숙); WON, DONGHO (원동호)

Cryptanalysis and Enhancement of a Remote User Authentication Scheme Using Smart Cards

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2010, 15(1), pp.139-147
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

Youngsook Lee ¹, WON, DONGHO ²

¹호원대학교
²성균관대학교

Accredited

ABSTRACT

A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. In 2005, Liao et al. proposed a remote user authentication scheme using a smart card, in which users can be authenticated anonymously. Recently, Yoon et al. have discovered some security flaws in Liao et al.’s authentication scheme and proposed an improved version of this scheme to fix the security flaws. In this article, we review the improved authentication scheme by Yoon et al. and provide a security analysis on the scheme. Our analysis shows that Yoon et al.’s scheme does not guarantee not only any kind of authentication, either server-to-user authentication or user-to-server authentication but also password security. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, and an off-line dictionary attack on Yoon et al.’s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Yoon et al.’s scheme.

KEYWORDS

Authentication scheme, User anonymity, Impersonation attack, Off-line dictionary attack

Citation status

* References for papers published after 2023 are currently being built.

[journal] L.Lamport / 1981 / Password authentication with insecurecommunication / Communications of the ACM 24(11) : 770~772

[journal] C.-C.Chang / 1991 / Remote password authentication with smart cards / IEE Proceedings E-Computers and Digital Techniques 138(3) : 165~168

[journal] W.-H.Yang, / 1999 / Password authenticationschemes with smart card / Computers & Security 18(8) : 727~733

[journal] M.-S.Hwang / 2000 / A new remote user authentication scheme using smart cards / IEEE Transaction on Consumer Electronics 46(1) : 28~30

[journal] H.-M.Sun / 2000 / An efficient remote user authentication scheme using smart cards / IEEE Transaction on Consumer Electronics 46(4) : 958~961

[journal] H.-Y.Chien / 2002 / An efficient and practical solution to remote authentication:smart card / Computers & Security 21(4) : 372~375

[journal] E.-J.Yoon / 2005 / Yoo,An improvement of Hwang-Lee-Tang’s simple remote user authentication scheme / Computers & Security 24(1) : 50~56

[web] / Anti-Phishing Working Group / http://www.antiphishing. org

[journal] 최병훈 / 2009 / A Study of Authentication of Using Multi-factor / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 14(7) : 73~80

[journal] W.Diffie / 1992 / Authentication and authenticated key exchange / Designs,Codes and Cryptography 2(2) : 107~125

[journal] R.Bird,I. / 1993 / Systematic design of a family of attack-resistant authentication protocols / IEEE Journal on Selected Areas in Communications 11(5) : 679~693

[confproc] U.Carlsen / 1994 / Cryptographic protocol flaws:know your enemy / Proceedings of the 7th IEEE Computer Security Foundations Workshop, : 192~200

[journal] G.Lowe / 1995 / An attack on the Needham-Schroeder public-key authentication protocol / Information Processing Letters 56(3) : 131~133

[journal] C.-L.Hsu / 2004 / Security of Chien et al.’s remote user authentication scheme using smart cards / Computer Standards and Interfaces 26(3) : 167~169

[confproc] E.-J.Yoon / 2005 / Security enhancement for password authentication schemes with smart cards / Proceedings of the 2nd International Conference on Trust,Privacy,and Security in Digital Business(TrustBus 2005),Lecture Notes in Computer Science : 90~99

[journal] W.-C.Ku / 2005 / Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture / IEICE Transactions on Communications 88(8) : 3451~3454

[confproc] P.Kocher / 1999 / Differential power analysis / Advances in Cryptology{CRYPTO99} : 388~397

[journal] T.-S.Messerges / 2002 / Examining smart card security under the threat of power analysis attacks / IEEE Transaction on Computers 51(5) : 541~552

[journal] M.L.Das / 2004 / A dynamic ID-based remote user authentication scheme / IEEE Transaction on Consumer Electronics 50(2) : 629~631

[confproc] I.-E.Liao / 2005 / Hwang,Security enhancement for a dynamic ID-based remote user authentication scheme / Proceedings of the IEEE International Conference on Next Generation Web Services Practices(NWeSp'05 : 437~440

[confproc] E.-J.Yoon / 2006 / Improving the Dynamic ID-Based Remote Mutual Authentication Scheme / Proceedings of 2006 OTM Confederated International workshops(OTM 2006),Lecture Notes in Computer Science, : 499~507

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65