Security flaws in two improved remote user authentication schemes using smart cards

International Journal of Communication Systems

Volumn 27, Issue 10, 2014, Pages 2215-2227

  Ma, Chun Guang ^a   Wang, Ding ^a,b   Zhao, Sen Dong ^a  

^a HARBIN ENGINEERING UNIVERSITY   (China)

^b Automobile Management Institute of PLA   (China)

Author keywords

Authentication protocol; Cryptanalysis; Dynamic ID; Nontamper resistant; Offline password guessing attack; Smart card

Indexed keywords

CRYPTOGRAPHY; DENIAL-OF-SERVICE ATTACK; ECONOMIC AND SOCIAL EFFECTS; SMART CARDS;

AUTHENTICATION PROTOCOLS; CRYPTANALYSIS; DYNAMIC ID; NON-TAMPER RESISTANTS; OFFLINE PASSWORD GUESSING ATTACK;

AUTHENTICATION;

EID: 84911988880     PISSN: 10745351     EISSN: 10991131     Source Type: Journal    
DOI: 10.1002/dac.2468     Document Type: Article

References (49)

1. Lamport L. Password authentication with insecure communication. Communications of the ACM 1981; 24(11):770-772.
2. Chang CC, Wu TC. Remote password authentication with smart cards. IEE Proceedings-Computers and Digital Techniques 1991; 138(3):165-168.
3. Yang G, Wong D, Wang H, Deng X. Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences 2008; 74(7):1160-1172.
4. Wang Y, Liu J, Xiao F, Dan J. A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 2009; 32(4):583-585.
5. Horng W, Lee C, Peng J. A secure remote authentication scheme preserving user anonymity with non-tamper resistant smart cards. WSEAS Transactions on Information Science and Applications 2010; 7(5):619-628.
6. Yeh KH, Su C, Lo NW, Li Y, Hung YX. Two robust remote user authentication protocols using smart cards. Journal of Systems and Software 2010; 83(12):2556-2565.
7. Tsai J, Wu T, Tsai K. New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems 2010; 23(12):1449-1462.
8. Khan M, Kim S, Alghathbar K. Cryptanalysis and security enhancement of a more efficient and secure dynamic ID-based remote user authentication scheme'. Computer Communications 2011; 34(3):305-309.
9. Sood SK. Secure dynamic identity-based authentication scheme using smart cards. Information Security Journal: A Global Perspective 2011; 20(2):67-77.
10. Ma CG, Wang D, Zhang QM. Cryptanalysis and improvement of Sood et al.'s dynamic ID-based authentication scheme. In ICDCIT 2012, Vol. 7154, Ramanujam R, Ramaswamy S (eds), LNCS. Springer: Berlin/Heidelberg, 2012; 141-152.
11. Wang D, Ma CG. Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards. The Journal of China Universities of Posts and Telecommunications 2012; 19(5):104-114.
12. Wu SH, Zhu YF, Pu Q. Robust smart-cards-based user authentication scheme with user anonymity. Security and Communication Networks 2012; 5(2):236-248.
13. Wang D, Ma CG, Wu P. Secure password-based remote user authentication scheme with non-tamper resistant smart cards. In 26th Annual IFIP Conference on Data and Applications Security and Privacy (DBSEC 2012), Vol. 7371, Cuppens-Boulahia N, Cuppens F, Garcia-Alfaro J (eds), LNCS. Springer: Berlin/Heidelberg, 2012; 114-121.
14. Tsai C, Lee C, Hwang M. Password authentication schemes: current status and key issues. International Journal of Network Security 2006; 3(2):101-115.
15. Wang D, Ma CG. Robust smart card based password authentication scheme against smart card security breach. Cryptology ePrint Archive. Report 2012/439, 2012. (Available from: http://eprint.iacr.org/2012/439.pdf). [Accessed on 21 July 2012].
16. Xu J, Zhu W, Feng D. An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 2009; 31(4):723-728.
17. Kocher P, Jaffe J, Jun B. Differential power analysis. In Advances in Cryptology-CRYPTO 1999, Vol. 1666, LNCS. Springer: Berlin/Heidelberg, 1999; 789-789.
18. Messerges TS, Dabbish EA, Sloan RH. Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 2002; 51(5):541-552.
19. Kasper T, Oswald D, Paar C. Side-channel analysis of cryptographic rfids with analog demodulation. In RFIDSEC 2012, Vol. 7055, Juels A, Paar C (eds), LNCS. Springer: Berlin/Heidelberg, 2012; 61-77.
20. Song R. Advanced smart card based password authentication protocol. Computer Standards & Interfaces 2010; 32(5):321-325.
21. Chen B, Kuo W, Wuu L. Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems 2012. DOI: 10.1002/dac.2368.
22. Wen F, Li X. An improved dynamic ID-based remote user authentication with key agreement scheme. Computers & Electrical Engineering 2012; 38(2):381-387.
23. Nam J, Kim S, Won D. Security analysis of a nonce-based user authentication scheme using smart cards. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 2007; 90(1):299-302.
24. Xiang T, Wong K, Liao X. Cryptanalysis of a password authentication scheme over insecure networks. Journal of Computer and system Sciences 2008; 74(5):657-661.
25. Tapiador JE, Hernandez-Castro JC, Peris-Lopez P, Clark JA. Cryptanalysis of song's advanced smart card based password authentication protocol. CoRR 2011; abs/1111.2744.
26. Shim K. Security flaws in three password-based remote user authentication schemes with smart cards. Cryptologia 2012; 36(1):62-69.
27. He D, Wu S. Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications 2012. DOI: 10.1007/s11277-012-0696-1.
28. Yeh K, Lo N, Li Y. Cryptanalysis of Hsiang-Shih's authentication scheme for multi-server architecture. International Journal of Communication Systems 2011; 24(7):829-836.
29. Ma CG, Wang D, Zhao P, Wang YH. A new dynamic ID-based remote user authentication scheme with forward secrecy. In APWeb'12, Vol. 7234, Wang H, Zou L, Huang G, He J, Pang C, Zhang H, Zhao D, Yi Z (eds), LNCS. Springer: Berlin/Heidelberg, 2012; 199-211.
30. Wang D, Ma CG, Zhao S, Zhou C. Cryptanalysis of two dynamic id-based remote user authentication schemes for multi-server architecture. In Proceedingg of 6th International Conference on Network and System Security (NSS 2012), Vol. 7645, Xu L, Bertino E, Mu Y (eds), LNCS. Springer: Berlin/Heidelberg, 2012; 462-475.
31. Wang D, Ma CG, Zhao S, Zhou C. Secure password-based remote user authentication scheme with non-tamper resistant smart cards. In 9th IFIP International Conference on Network and Parallel Computing (NPC 2012), Vol. 7513, Park JJ (ed.), LNCS. Springer: Berlin/Heidelberg, 2012; 110-118.
32. Florencio D, Herley C. A large-scale study of web password habits. In Proceedings of the 16th International Conference on World Wide Web. ACM: New York, NY, USA, 2007; 657-666.
33. Klein DV. Foiling the cracker: a survey of, and improvements to, password security. Proceedings of the 2nd USENIX Security Workshop, Anaheim, CA, USA. Berkeley, CA, USA: USENIX Association, August 1990; 5-14.
34. Dell'Amico M, Michiardi P, Roudier Y. Password strength: an empirical analysis. Proceedings of INFOCOM 2010, IEEE, San Diego, CA, USA, May 2010; 1-9.
35. Bao F, Deng R. Privacy protection for transactions of digital goods. In ICICS 2001, Vol. 2229, Qing S, Okamoto T, Zhou J (eds), LNCS. Springer: Berlin/Heidelberg, 2001; 202-213.
36. Tang C, Wu D. Mobile privacy in wireless networks-revisited. IEEE Transactions on Wireless Communications March 2008; 7(3):1035-1042.
37. Das M, Saxena A, Gulati V. A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 2004; 50(2):629-631.
38. Wu T. A real-world analysis of kerberos password security. Proceedings of NDSS'99, Internet Soc., San Diego, CA, USA, March 1998; 1-14.
39. Bonneau J. The science of guessing: analyzing an anonymized corpus of 70 million passwords. 33th IEEE Symposium on Security and Privacy (S&P 2012), IEEE Computer Society, San Francisco, CA, USA, May 2012; 538-552.
40. Li X, Xiong Y, Ma J, Wang W. An enhanced and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications 2012; 35(2):763-769.
41. Wang RC, Juang WS, Lei CL. Robust authentication and key agreement scheme preserving the privacy of secret key. Computer Communications 2011; 34(3):274-280.
42. Ahmed M, Lakshmi D, Sattar S. Cryptanalysis of a more efficient and secure dynamic ID-based remote user authentication scheme. International Journal of Network Security & Its Applications 2009; 1(3):32-37.
43. He D, Chen J, Zhang R. Weaknesses of a dynamic id-based remote user authentication scheme. International Journal of Electronic Security and Digital Forensics 2010; 3(4):355-362.
44. Sood S, Sarje A, Singh K. A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications 2011; 34(2):609-618.
45. Halevi S, Krawczyk H. Public-key cryptography and password protocols. ACM Transactions on Information and System Security (TISSEC) 1999; 2(3):230-268.
46. Li X, Qiu W, Zheng D, Chen K, Li J. Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics 2010; 57(2):793-800.
47. Chen T, Hsiang H, Shih W. Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Generation Computer Systems 2011; 27(4):377-380.
48. Park D, Boyd C, Moon SJ. Forward secrecy and its application to future mobile communications security. In PKC 2000, Vol. 1751, Imai H, Zheng Y (eds), LNCS. Springer: Berlin/Heidelberg, 2000; 433-445.
49. Kim J, Choi H, Copeland J. Further improved remote user authentication scheme. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 2011; 94(6):1426-1433.