Attacks and Improvement of an Efficient Remote Mutual Authentication and Key Agreement Scheme (original) (raw)
Related papers
Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards
Computer Standards & Interfaces, 2007
In 2002, Chien et al. proposed an efficient remote authentication scheme using smart cards, in which only few hashing operations are required. Later, Ku et al. gave an improved scheme to repair the security pitfalls found in Chien et al.'s scheme. Also Yoon et al. presented an enhancement on Ku et al.'s scheme. In this paper, we show that both Ku et al.'s scheme and Yoon et al.'s scheme are still vulnerable to the guessing attack, forgery attack and denial of service (DoS) attack. In addition, their schemes lack efficiency when users input wrong passwords. To remedy these flaws, this paper proposes an efficient improvement over Ku et al.'s and Yoon et al.'s schemes with more security. The computation cost, security, and efficiency of the improved scheme are embarking for the real application in the resource-limited environment.
A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function
The Scientific World Journal, 2014
In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security...
An efficient bilateral remote user authentication scheme with smart cards
2006
In this paper, we propose an efficient bilateral remote user authentication scheme with smart cards. Our scheme ensures both-way authentication, so that any attempt of the adversary to affect the secure communications between the authentication server and the user could not be successful. We also present a brief analysis of our proposed scheme and show that it is well-resistant against the known attacks in remote user authentication process.
eprint.iacr.org
In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Song, is a password authentication scheme based on smart cards. We note that this scheme has already been shown vulnerable to the off-line password guessing attack by Tapiador et al. We perform a further cryptanalysis on this protocol and observe that it is prone to the clogging attack, a kind of denial of service (DOS) attack. We observe that all smart card based authentication protocols which precede the one by Song, and require the server to compute the computationally intensive modular exponentiation, like the one by Xu et al., or Lee at al., are prone to the clogging attack. We then suggest an improvement on the protocol to prevent the clogging attack.
20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06), 2006
Sun proposed an efficient remote authentication scheme using smart cards which ensures low communication and computation cost, but the user cannot choose his/her password at will. Thus, Wu and Chieu presented an improvement. However, Yang and Wang pointed out that Wu and Chieu's scheme is vulnerable to the password guessing and forgery attacks. To preserve the advantage of Sun's scheme and Wu and Chieu's scheme and to amend the security weakness, we propose an improvement in this paper. Moreover, our scheme needs no time concurrency mechanism and ensures mutual authentication.
An Improvement on Remote User Authentication Schemes Using Smart Cards
Computers, 2018
In 2010, Yeh et al. proposed two robust remote user authentication schemes using smart cards; their claims were such that their schemes defended against ID-theft attacks, reply attacks, undetectable on-line password guessing attacks, off-line password guessing attacks, user impersonation attack, server counterfeit attack and man-in-the-middle attack. In this paper, we show that Yeh et al.'s schemes are still vulnerable to ID-theft attack, off-line password guessing attacks, undetectable on-line password guessing attacks and user impersonation attack. Notably, problems remain in situations where the user lost a smart card or the malicious legal user. To remedy these flaws, this paper proposes an improvement on Yeh et al.'s remote user authentication schemes using smart cards.
An Enhanced Secure Remote User Authentication Scheme without Verification Table
International Journal of Computer Applications, 2015
With the significant advances in communication networks over the last few decades, smart cards have been widely used in many e-commerce applications and network security protocols due to their low cost, portability, efficiency and cryptographic properties. In this paper, we analyze Sood et al."s smart card based authentication scheme and demonstrate that the scheme is vulnerable to masquerade user attack, offline password guessing attack, time concurrency weaknesses and fails to achieve mutual authentication. A secure dynamic identity based remote user authentication scheme without verification tables, is proposed in this paper and the scheme resolves the aforementioned problems of Sood et al."s scheme. The computation cost of the proposed scheme is comparable to Sood et al."s scheme and it is highly secure taking into consideration the complexity of calculating discrete logarithms and the resistance to various attacks.
A Review on Remote User Authentication Schemes Using Smart Cards
2013
Remote user authentication is a mechanism in which the remote server verifies the legitimacy of a user over an insecure communication channel. Password based authentication schemes have been widely deployed to verify the legitimacy of remote users as password authentication is one of the simplest and the most convenient authentication mechanism over insecure networks. In remote user authentication scheme, the user is assigned a smart card, which is being personalized by some parameters and provide the legal users to use the resources of the remote system. Until now, there have been ample of remote user authentication schemes published in the literature and each published schemes have its own merits and demerits. Recently, many schemes proposed are based on the one-way hash function. The computational complexity of their schemes is superior to the discrete logarithm-problem-based schemes. In our paper, we have defined all the security requirements and the goals. An ideal password aut...
An Improved Mutual Authentication Scheme with Smart Cards and Password under Trusted Computing
IOP Conference Series: Materials Science and Engineering
In the traditional smart card-based password authentication schemes, the authentication is only applied to verify both of server and user, but not applied to verify the platform. Recently, Yang, Ma, and Jiang proposed a mutual authentication scheme with smart cards and password under trusted computing. Their scheme was designed to authenticate the platform. They claimed that their scheme could withstand most of the possible attacks, such as secure session key agreement, user identity anonymity, password free changing, and platform certification updating. However, we will show that their scheme is vulnerable to on-line guessing password attack with smart card, and man-in-the-middle attack. In this article, we also propose an improved Yang-Ma-Jiang's mutual authentication scheme to withstand the vulnerability in their scheme.