Sandeep K. Sood
ABSTRACT
In 2009, Xu et al. found that Lee et al.'s [3] scheme is vulnerable to offline password guessing attack. Xu et al. also demonstrated that Lee and Chiu's [4] scheme is vulnerable to forgery attack. Furthermore, Lee and Chiu's scheme does not achieve mutual authentication and thus can not resist malicious server attack. Therefore, Xu et al. proposed an improved scheme that inherits the merits of Lee et al.'s and Lee and Chiu's schemes and resists different possible attacks. However, we found that Xu et al.'s scheme is vulnerable to forgery attack. This paper presents an improved scheme to resolve the aforementioned problem, while keeping the merits of Xu et al.'s scheme.
- C. L. Hsu, "Security of Chien et al.'s Remote User Authentication Scheme using Smart Cards," Computer Standards & Interfacéés, vol. 26, no. 3, pp. 167--169, July 2004.Google Scholar
Cross Ref
- H. Y. Chien, J. K. Jan and Y. M. Tseng, "An Efficient and Practical Solution to Remote Authentication: Smart Card," Computers & Security, vol. 21, no. 4, pp. 372--375, August 2002.Google ScholarDigital Library
- S. W. Lee, H. S. Kim and K. Y. Yoo, "Improvement of Chien et al.'s Remote User Authentication Scheme using Smart Cards," Computer Standards & Interfaces, vol. 27, no. 2, pp. 181--183, January 2005.Google ScholarCross Ref
- N. Y. Lee and Y. C. Chiu, "Improved Remote Authentication Scheme with Smart Card," Computer Standards & Interfaces, vol. 27, no. 2, pp. 177--180, January 2005.Google ScholarCross Ref
- S. T. Wu and B. C. Chieu, "A User Friendly Remote Authentication Scheme with Smart Cards," Computer & Security, vol. 22, no. 6, pp. 547--550, September 2003.Google ScholarDigital Library
- I. E. Liao, C. C. Lee and M. S. Hwang, "A Password Authentication Scheme over Insecure Networks," Journal of Computer and System Sciences, vol. 72, no. 4, pp. 727--740, June 2006. Google ScholarDigital Library
- G. Yang, D. S. Wong, H. Wang and X. Deng, "Two-factor Mutual Authentication based on Smart Cards and Passwords," Journal of Computer and System Sciences, vol. 74, no. 7, pp. 1160--1172, November 2008. Google ScholarDigital Library
- J. Xu, W. T. Zhu and D. G. Feng, "An Improved Smart Card based Password Authentication Scheme with Provable Security," Computer Standards & Interfaces, vol. 31, no. 4, pp. 723--728, June 2009. Google ScholarDigital Library
- P. Kocher, J. Jaffe and B. Jun, "Differential Power Analysis," Proc. CRYPTO 99, Springer-Verlag, pp. 388--397, August 1999. Google ScholarDigital Library
- T. S. Messerges, E. A. Dabbish and R. H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541--552, May 2002. Google ScholarDigital Library
Index Terms
- An improvement of Xu et al.'s authentication scheme using smart cards
Recommendations
Secure Dynamic Identity-Based Authentication Scheme Using Smart Cards
In 2004, Das et al. proposed a dynamic identity-based remote user authentication scheme using smart cards. This scheme allows users to choose and change their passwords freely, and the server does not maintain any verification table. Das et al. claimed ...
An improvement of Hsiang-Shih's authentication scheme using smart cards
ICWET '10: Proceedings of the International Conference and Workshop on Emerging Trends in TechnologyIn 2004, Yoon et al. proposed a simple remote user authentication scheme which is an improvement on Ku and Chen's remote user authentication scheme. In 2009, Hsiang and Shih found that Yoon et al.'s scheme is vulnerable to masquerading attack, offline ...
An improvement of security enhancement for the timestamp-based password authentication scheme using smart cards
Recently, Yang and Shieh proposed a timestamp-based and a nonce-based password authentication schemes. In 2002, Chan and Cheng pointed out that Yang and Shieh's timestamp-based password authentication scheme was vulnerable to the forgery attack. However,...
Reviews
Zheng Gong
Password authentication based on smart cards is widely accepted in electronic transactions. Xu et al.'s cryptanalysis scheme [1] improves upon the schemes of Lee et al. [2] and Lee and Chiu [3], which are actually insecure for offline guessing attacks. Sood, Sarje, and Singh propose in this paper an improved scheme to resolve the problem of guessing attacks, while keeping the merits of Xu et al.'s scheme. The proposed scheme is based on the Diffie-Hellman computation. The security analysis shows the proposed scheme is secure against various types of attacks, such as malicious user attacks, offline dictionary attacks, and denial-of-services (DOS) attacks. The computational costs of the proposed scheme are also competitive. The paper is a good reference for researchers and engineers who work in the field. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments