An Improvement of Encrypted Remote User Authentication Scheme by Using Smart Card
Remote user authentication scheme is one of the most convenient authentication schemes to deal with secret data over insecure channels. In 2012, Yassin et al. proposed encrypted remote user authentication scheme by using smart card. They claimed that thei
- PDF / 213,853 Bytes
- 8 Pages / 439.363 x 666.131 pts Page_size
- 16 Downloads / 186 Views
School of Information and Communication Engineering, Sungkyunkwan University, Korea {jhmoon,jykim,wrjeon,dhwon}@security.re.kr 2 Department of Cyber Investigation Police, Howon University, Korea [email protected]
Abstract. Remote user authentication scheme is one of the most convenient authentication schemes to deal with secret data over insecure channels. In 2012, Yassin et al. proposed encrypted remote user authentication scheme by using smart card. They claimed that their scheme is secure against various attacks. In this paper, however, we display that their scheme is insecure and vulnerable to outsider attack, smart card stolen attack, offline password guessing attack, and masquerading attack. To overcome the drawback, we propose a new encrypted remote user authentication scheme by using smart card. Keywords: smart card, remote user authentication, outsider attack, offline password guessing attack, masquerading attack.
1
Introduction
In 1981, Lamport [1] proposed a remote authentication scheme with insecure communication. Lamport’s scheme resists a replay attack. However, it needed a password table for verifying the legitimacy of a login user. For this reason, smart card-based remote user authentication schemes are becoming day by day more popular. One of the benefits of the smart card-based authentication scheme is that a server does not have to keep a password table. This means that administrative overhead of server remarkably reduced. In the view of the fact that several remote user authentication schemes using smart card [2][3][4][5][6][7][8] have been proposed. In 2004, Das et al. [9] proposed a dynamic identity based remote user authentication scheme using smart cards which is secure against replay attack, password guessing attack, forgery attack, dictionary attack, and identity theft. However, their scheme is vulnerable to various attacks. In 2009, Wang et al. [10] presented a more secure dynamic ID-based remote user authentication scheme and *
This research was supported by the MSIP(Ministry of Science, ICT&Future Planning), Korea, under the C-ITRC(Convergence Information Technology Research Center) support program (NIPA-2013-H0301-13-3007) supervised by the NIPA(National IT Industry Promotion Agency). ** Corresponding author. James J. (Jong Hyuk) Park et al. (eds.), Multimedia and Ubiquitous Engineering, Lecture Notes in Electrical Engineering 308, DOI: 10.1007/978-3-642-54900-7_64, © Springer-Verlag Berlin Heidelberg 2014
451
452
J. Mun et al.
demonstrated the weaknesses of Das et al.’s scheme such as masquerade attack and lack mutual authentication. However, Wang et al.’s scheme suffers from malicious attacks and has some possible security risks. Recently, Yassin et al. [11] proposed an improvement of Wang et al.’s scheme and demonstrated that Wang et al.’s scheme is still insecure and vulnerable to password guessing attack, DOS attack and server impersonate attack. However, in this paper, we find that Yassin et al.’s scheme is vulnerable to outsider attack, smart card stolen attack, off
Data Loading...
