Secure password-based remote user authentication scheme against smart card security breach

Journal of Networks

Volumn 8, Issue 1, 2013, Pages 148-155

  Wang, Ding ^a   Ma, Chun Guang ^a   Zhang, Qi Ming ^a   Zhao, Sendong ^a  

^a HARBIN ENGINEERING UNIVERSITY   (China)

Author keywords

Authentication protocol; Cryptanalysis; Network security; Non tamper resistant; Smart card; User anonymity

Indexed keywords

AUTHENTICATION PROTOCOLS; CRYPTANALYSIS; DENIAL OF SERVICE ATTACKS; DIFFERENT PASSWORD AUTHENTICATION; FORWARD SECRECY; IMPROVED SCHEME; NON-TAMPER RESISTANTS; OFFLINE PASSWORD GUESSING ATTACK; PASSWORD AUTHENTICATION PROTOCOLS; REMOTE USER AUTHENTICATION SCHEMES; SECURITY THREATS; SMART CARD SECURITY; USER ANONYMITY; VARIOUS ATTACKS;

CRYPTOGRAPHY; LITHIUM; NETWORK SECURITY; SMART CARDS;

AUTHENTICATION;

EID: 84874023543     PISSN: 17962056     EISSN: None     Source Type: Journal    
DOI: 10.4304/jnw.8.1.148-155     Document Type: Article

References (29)

1. C.C. Chang and T.C. Wu, "Remote password authentication with smart cards," IEE Proceedings-E, vol. 138, no. 3, pp. 165-168, 1993.
2. W.C. Ku and S.M. Chen, "Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 50, no. 1, pp. 204-207, 2004.
3. I.E. Liao, C.C. Lee, and M.S. Hwang, "A password authentication scheme over insecure networks," Journal of Computer and System Sciences, vol. 72, no. 4, pp. 727-740, 2006.
4. Y. Chen, J.S. Chou, and C.H. Huang, "Improvements on two password-based authentication protocols," Cryptology ePrint archive, Technical report 561, 2010.
5. W.B. Horng, C.P. Lee, and J. Peng, "A secure remote authentication scheme preserving user anonymity with non-tamper resistant smart cards," WSEAS Transactions on Information Science and Applications, vol. 7, no. 5, pp. 619-628, 2010.
6. J. Xu, W.T. Zhu, and D.G. Feng, "An improved smart card based password authentication scheme with provable security," Computer Standards & Interfaces, vol. 31, no. 4, pp. 723-728, 2009.
7. S.K. Sood, "Secure Dynamic Identity-Based Authentication Scheme Using Smart Cards," Information Security Journal: A Global Perspective, vol. 20, no. 2, pp. 67-77, 2011.
8. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," in proceedings of CRYPTO'99, LNCS, vol. 1666, 1999, pp. 388-397.
9. F.X. Standaert, T.G. Malkin, and M. Yung, "A unified framework for the analysis of side-channel key recovery attacks," in proceedings of Advances in Cryptology-EUROCRYPT 2009, LNCS, vol 5479, 2009, pp. 443-461.
10. T.S. Messerges, E.A. Dabbish, and R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541-552, 2002.
11. S.B. Wilson, D. Johnson, and A. Menezes, "Key agreement protocols and their security analysis," in proceedings of 6th IMA International Conference on Cryptography and Coding, Cirencester, LNCS, vol. 1355, 1997, pp.30-45.
12. H. Krawczyk, "HMQV: A High-Performance Secure Diffie-Hellman Protocol," in proceedings of CRYPTO'05, LNCS, vol. 3621, 2005, pp. 546-566.
13. R.C. Wang, W.S. Juang, and C.L. Lei, "Robust authentication and key agreement scheme preserving the privacy of secret key," Computer Communications, vol. 34, no. 3, pp. 274-280, 2011.
14. S.H. Wu, Y.F. Zhu, and Q. Pu, "Robust smart-cards-based user authentication scheme with user anonymity," Security and Communication Networks, vol. 5, no. 2, pp. 236-248, 2012.
15. C.G. Ma, D. Wang and Q. M Zhang, "Cryptanalysis and improvement of Sood et al.'s dynamic id-based authentication scheme," in proceedings of 8th International Conference on Distributed Computing and Internet Technology, Lecture Notes in Computer Science, Vol. 7154, 2012, pp. 141-152.
16. E.J. Yoon, E.K. Ryu, K.Y. Yoo, "Further improvement of an efficient password based remote user authentication scheme using smart cards", IEEE Transactions on Consumer Electronics, vol. 50, no. 2, pp. 612-614, 2004.
17. H. C. Hsiang and W. K. Shih, "Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards," Computer Communications, vol. 32, no. 4, pp. 649-652, 2009.
18. C.T. Li and C.C. Lee, "A Robust Remote User Authentication Scheme using Smart Card," Information Technology and Control, vol. 40, no. 3, pp. 231-238, 2011.
19. D.V. Klein, "Foiling the Cracker: A Survey of, and Improvements to, Password Security," in proceedings of 2nd USENIX Security Workshop, 1990, pp. 5-14.
20. L. Gong, "A security risk of depending on synchronized clocks," ACM Operating System Review, vol. 26, no. 1, pp. 49-53, 1992.
21. D. He, M. Ma, Y. Zhang, and C. Chen, "A strong user authentication scheme with smart cards for wireless communications," Computer Communications, vol. 34, no. 3, pp. 367-374, 2011.
22. C.G. Ma, D. Wang, P. Zhao and Y.H. Wang, "A new dynamic ID-based remote user authentication scheme with forward secrecy," in proceedings of the 14th Asia-Pacific Web Conference (APWeb Workshops 2012), Lecture Notes in Computer Science, Vol. 7234, pp. 199-211, Springer-Verlag, 2012.
23. D. Wang and C.G. Ma, "Cryptanalysis and security enhancement of a remote user authentication scheme", The Journal of China Universities of Posts and Telecommunications, vol. 19, no. 5, pp.104-114, 2012
24. H.R. Chung, W.C. Ku, and M.J. Tsaur, "Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments," Computer Standards & Interfaces, vol. 31, no. 4, pp. 863-868, 2009.
25. W.B. Mao, Modern Cryptography: Theory and Practice, Prentice Hall PTR, New Jersey (2004)
26. D.S. Wong, H.H. Fuentes, and A.H. Chan, "The Performance Measurement of Cryptographic Primitives on Palm Devices," in Proceedings of ACSAC'01, pp. 92-101, 2001.
27. N.R. Potlapally, S. Ravi, A. Raghunathan, and N.K. Jha, "A study of the energy consumption characteristics of cryptographic algorithms and security protocols," IEEE Transactions on Mobile Computing, vol.5, no. 2, pp. 128-143, 2006.
28. S. Halevi, H. Krawczyk, "Public-key cryptography and password protocols," ACM Transactions on Information and System Security, vol. 2, no. 3, pp. 230-268, 1999.
29. D. Wang, C.G. Ma, and W. P., "Secure password-based remote user authentication scheme with non-tamper resistant smart cards," in proceedings of 26th Annual IFIP Conference on Data and Applications Security and Privacy (DBSec 2012), Lecture Notes in Computer Science, Vol. 7371, pp. 114-121, Springer Berlin /Heidelberg, 2012.