Skip to main content
SpringerLink
Log in

An Improved Hou-Wang’s User Authentication Scheme

  • Conference paper
  • First Online:
Information Science and Applications 2018 (ICISA 2018)

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 514))

Included in the following conference series:

  • 1478 Accesses

Abstract

It’s easy to access Internet resources in the cloud environment. And it’s important to protect the legal users’ privacy and confidentiality. Recently, Hou and Wang proposed a robust and efficient user authentication scheme based on elliptic curve cryptosystem. Their scheme was practical and easy to implement. They claimed that their scheme could against off-line password guessing, DoS, server spoofing, replay, parallel session and impersonation attacks. In this article, we will show that Hou-Wang’s scheme is vulnerable to the guessing attack with smart card. In this article, we also propose an improved Hou-Wang’s user authentication scheme to withstand the vulnerability in their scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: current status and key issues. Int J Netw Secur 3:101–115

    Google Scholar 

  2. Yang CC, Chang TY, Hwang MS (2003) The security of the improvement on the methods for protecting password transmission. Informatica 14:551–558

    MATH  Google Scholar 

  3. Zhuang X, Chang CC, Wang ZH, Zhu Y (2014) A simple password authentication scheme based on geometric hashing function. Int J Netw Secur 16:271–277

    Google Scholar 

  4. Ling CH, Chao WY, Chen SM, Hwang MS (2015) Cryptanalysis of dynamic identity based on a remote user authentication scheme for a multi-server environment. In: Advances in engineering research, vol 15. Atlantis Press, pp 981–986

    Google Scholar 

  5. Liu Y, Chang CC, Chang SC (2017) An efficient and secure smart card based password authentication scheme. Int J Netw Secur 19(1):1–10

    Google Scholar 

  6. Liu CW, Tsai CY, Hwang MS (2017) Cryptanalysis of an efficient and secure smart card based password authentication scheme. In: Advances in intelligent systems and computing, recent developments in intelligent systems and interactive applications, vol 541. Springer, pp 188–193 (2017)

    Google Scholar 

  7. Wei J, Liu W, Hu X (2016) Secure and efficient smart card based remote user password authentication scheme. Int J Netw Secur 18(4):782–792

    Google Scholar 

  8. Tsai CY, Pan CS, Hwang MS (2017) An improved password authentication scheme for smart card. In: Advances in intelligent systems and computing, recent developments in intelligent systems and interactive applications, vol 541. Springer, pp 194–199

    Google Scholar 

  9. Thandra PK, Rajan J, Satya Murty SAV (2016) Cryptanalysis of an efficient password authentication scheme. Int J Netw Secur 18(2):362–368

    Google Scholar 

  10. Pan CS, Tsai CY, Tsaur SC, Hwang MS (2016) Cryptanalysis of an efficient password authentication scheme. In: The 3rd IEEE international conference on systems and informatics, Shaihai, pp 732–737

    Google Scholar 

  11. Pan HT, Pan, CS, Tsaur, SC, Hwang, MS (2017) Cryptanalysis of efficient dynamic ID based remote user authentication scheme in multi-server environment using smart card. In: 12th international conference on computational intelligence and security, Wuxi, China, pp 590–593

    Google Scholar 

  12. He D, Chen J, Hu J (2011) Weaknesses of a remote user password authentication scheme using smart card. Int J Netw Secur 13:58–60

    Google Scholar 

  13. Hwang MS, Chong SK, Chen TY (2000) Dos-resistant ID-based password authentication scheme using smart cards. J Syst Softw 83:163–172

    Article  Google Scholar 

  14. Hwang MS, Li LH (2000) A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46:28–30

    Article  Google Scholar 

  15. Kumar M, Gupta MK, Kumari S (2011) An improved efficient remote password authentication scheme with smart card over insecure networks. Int J Netw Secur 13:167–177

    Google Scholar 

  16. Ramasamy R, Muniyandi AP (2012) An efficient password authentication scheme for smart card. Int J Netw Secur 14:180–186

    Google Scholar 

  17. Shen JJ, Lin CW, Hwang MS (2003) Security enhancement for the timestamp-based password authentication scheme using smart cards. Comput Secur 22:591–595

    Article  Google Scholar 

  18. Shen JJ, Lin CW, Hwang MS (2003) A modified remote user authentication scheme using smart cards. IEEE Trans Consum Electron 49:414–416

    Article  Google Scholar 

  19. Tang H, Liu X, Jiang L (2013) A robust and efficient timestamp-based remote user authentication scheme with smart card lost attack resistance. Int J Netw Secur 15:446–454

    Google Scholar 

  20. Yang L, Ma JF, Jiang Q (2012) Mutual authentication scheme with smart cards and password under trusted computing. Int J Netw Secur 14:156–163

    Google Scholar 

  21. Ghosh D, Li C, Yang C (2018) A lightweight authentication protocol in smart grid. Int J Netw Secur 20(3):414–422

    Google Scholar 

  22. Feng TH, Ling CH, Hwang MS (2014) Cryptanalysis of Tan’s improvement on a password authentication scheme for multi-server environments. Int J Netw Secur 16:318–321

    Google Scholar 

  23. He D, Zhao W, Wu S (2013) Security analysis of a dynamic id-based authentication scheme for multi-server environment using smart cards. Int J Netw Secur 15:282–292

    Google Scholar 

  24. Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Netw 12:1498–1504

    Article  Google Scholar 

  25. Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Futur Gener Comput Syst 19:13–22

    Article  Google Scholar 

  26. Amin R (2016) Cryptanalysis and efficient dynamic ID based remote user authentication scheme in multi-server environment using smart card. Int J Netw Secur 18(1):172–181

    Google Scholar 

  27. Mohan NBM, Chakravarthy ASN, Ravindranath C (2018) Cryptanalysis of design and analysis of a provably secure multi-server authentication scheme. Int J Netw Secur 20(2):217–224

    Google Scholar 

  28. Li CT, Hwang MS (2010) An online biometrics-based secret sharing scheme for multiparty cryptosystem using smart cards. Int J Innov Comput Inf Control 6:2181–2188

    Google Scholar 

  29. Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33:1–5

    Article  Google Scholar 

  30. Prakash A (2014) A biometric approach for continuous user authentication by fusing hard and soft traits. Int J Netw Secur 16:65–70

    Google Scholar 

  31. Zhu H, Zhang Y (2017) An improved two-party password-authenticated key agreement protocol with privacy protection based on chaotic maps. Int J Netw Secur 19(4):487–497

    Google Scholar 

  32. Wu M, Chen J, Wang R (2017) An enhanced anonymous password-based authenticated key agreement scheme with formal proof. Int J Netw Secur 19(5):785–793

    Google Scholar 

  33. Li J, Liu S, Wu S (2012) Cryptanalysis and improvement of a YS-like user authentication scheme. Int J Digit Conten Technol Appl 7(1):828–836

    Google Scholar 

  34. Feng TH, Chao WY, Hwang MS (2014) Cryptanalysis and improvement of the Li-Liu-Wu user authentication scheme. In: International conference on future communication technology and engineering, Shenzhen, China, pp 103–106

    Chapter  Google Scholar 

  35. Yoon EJ, Kim SH, Yoo KY (2012) A security enhanced remote user authentication scheme using smart cards. Int J Innov Comput, Inf Control 8(5):3661–3675

    Google Scholar 

  36. Chen TY, Ling CH, Hwang MS (2014) Weaknesses of the Yoon-Kim-Yoo remote user authentication scheme using smart cards. In: IEEE workshop on electronics, computer and applications, Ottawa, Canada, pp 771–774

    Google Scholar 

  37. Huang HF, Chang HW, Yu PK (2014) Enhancement of timestamp-based user authentication scheme with smart card. Int J Netw Secur 16:463–467

    Google Scholar 

  38. Feng TH, Ling CH, Hwang MS (2014) An improved timestamp-based user authentication scheme with smart card. In: The 2nd congress on computer science and application, Sanya, China, pp 111–117 (2014)

    Google Scholar 

  39. Hou G, Wang Z (2017) A robust and efficient remote authentication scheme from elliptic curve cryptosystem. Int J Netw Secur 19(6):904–911

    Google Scholar 

Download references

Acknowledgements

This work was partially supported by the Ministry of Science and Technology, Taiwan, under grant MOST 106-2221-E-468-002.

Author information

Authors and Affiliations

  1. Department of Computer Science & Information Engineering, Asia University, Taichung, Taiwan

    Min-Shiang Hwang & Hung-Wei Yang

  2. Department of Medical Research, China Medical University Hospital, China Medical University, Taichung, Taiwan

    Min-Shiang Hwang

  3. Department of Computer Science, University of Taipei, Taipei, Taiwan

    Cheng-Ying Yang

Authors
  1. Min-Shiang Hwang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hung-Wei Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cheng-Ying Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cheng-Ying Yang .

Editor information

Editors and Affiliations

  1. iCatse, Seongnam, Gyeonggi, Korea (Republic of)

    Kuinam J. Kim

  2. School of Computer Science and Engineering, Kyungpook National University, Daegu, Korea (Republic of)

    Nakhoon Baek

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hwang, MS., Yang, HW., Yang, CY. (2019). An Improved Hou-Wang’s User Authentication Scheme. In: Kim, K., Baek, N. (eds) Information Science and Applications 2018. ICISA 2018. Lecture Notes in Electrical Engineering, vol 514. Springer, Singapore. https://doi.org/10.1007/978-981-13-1056-0_31

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-1056-0_31

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-1055-3

  • Online ISBN: 978-981-13-1056-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation