Cryptanalysis and improvement of Chen-Hsiang- Shih’s remote user authentication scheme using smart cards

Rafael Martínez-Peláez; Francisco Rico-Novella; Pablo Velarde-Alvarado

doi:10.17533/udea.redin.17038

Authors

Rafael Martínez-Peláez University of the Sierra Sur https://orcid.org/0000-0003-2188-9892
Francisco Rico-Novella Polytechnic University of Catalonia
Pablo Velarde-Alvarado Autonomous University of Nayarit https://orcid.org/0000-0002-1211-1061

DOI:

https://doi.org/10.17533/udea.redin.17038

Keywords:

mutual authentication, network security, session key agreement, smart cards, cryptanalysis

Abstract

Recently, Chen-Hsiang-Shih proposed a new dynamic ID-based remote user authentication scheme. The authors claimed that their scheme was more secure than previous works. However, this paper demonstrates that theirscheme is still unsecured against different kinds of attacks. In order to enhance the security of the scheme proposed by Chen-Hsiang-Shih, a new scheme is proposed. The scheme achieves the following security goals: without verification table, each user chooses and changes the password freely, each user keeps the password secret, mutual authentication, the scheme establishes a session key after successful authentication, and the scheme maintains the user's anonymity. Security analysis and comparison demonstrate that the proposed scheme is more secure than Das-Saxena-Gulati's scheme, Wang et al.'s scheme and Chen-Hsiang-Shih.

|Abstract

= 96 veces | PDF (ESPAÑOL (ESPAÑA))

= 63 veces|

Downloads

Download data is not yet available.

Author Biographies

Rafael Martínez-Peláez, University of the Sierra Sur

Institute of Informatics.

Francisco Rico-Novella, Polytechnic University of Catalonia

Department of Telematics Engineering.

Pablo Velarde-Alvarado, Autonomous University of Nayarit

Area of Basic Sciences and Engineering.

References

L. Lamport. “Password authentication with insecure communication”. Communications of the ACM. Vol. 24. 1981. pp. 770-772. DOI: https://doi.org/10.1145/358790.358797

R. Rivest. RFC 1321 - the MD5 message-disgest algorithm. IETF Working Group. 1992. Available on: http://www.ietf.org/rfc/rfc1321.txt. Accessed: 4 Feb. 2013.

NIST. Secure Hash Standard (SHA), FIPS PUB 180-1. 1995, National Institute of Standards and Technology. Available on: http://www.itl.nist.gov/fipspubs/fip180- 1.htm. Accessed: 4 Feb. 2013.

C. Chang, T. Wu. “Remote password authentication with smart cards”. IEE Proceedings-E. Vol. 138. 1991. pp. 165-168. DOI: https://doi.org/10.1049/ip-e.1991.0022

M. Hwang, L. Li. “A new remote user authentication scheme using smart card”. IEEE Transactions on Consumer Electronics. Vol. 46. 2000. pp. 28-30. DOI: https://doi.org/10.1109/30.826377

T. Hwang, Y. Chen, C. Laih. Non-interactive password authentication without password tables. In IEEE Region 10 Conference on Computer and Communication System. Hong Kong, China. 1990. pp. 429-431.

C. Chang, T. Wu. A password authentication scheme without verification tables. In 8th IASTED International Symposium of Applied Informatics. Innsbruck, Austria. 1990. pp. 202-204.

T. Wu, H. Sung. “Authenticating passwords over an insecure channel”. Computer & Security. Vol. 15. 1996. pp. 431-439. DOI: https://doi.org/10.1016/0167-4048(96)00004-1

W. Yang, S. Shieh. “Password Authentication Schemes with Smart Cards”. Computers & Security. Vol. 18. 1999. pp. 727-733. DOI: https://doi.org/10.1016/S0167-4048(99)80136-9

H. Sun. “An efficient remote use authentication scheme using smart cards”. IEEE Transactions on Consumer Electronics. Vol. 46. 2000. pp. 958-961. DOI: https://doi.org/10.1109/30.920446

M. Sandirigama, A. Shimizu, M. Noda. “Simple and secure pass-word authentication protocol (SAS)”. IEICE Transactions on Communications. Vol. 6. 2000. pp. 1363-1365.

C. Lee, M. Hwang, W. Yang. “A flexible remote user authentication scheme using smart cards”. ACM Operating Systems Review. Vol. 36. 2002. pp. 46-52. DOI: https://doi.org/10.1145/567331.567335

H. Chien, J. Jan, Y. Tseng. “An efficient and practical solution to remote authentication: smart card”. Computer & Security. Vol. 21. 2002. pp. 372-375. DOI: https://doi.org/10.1016/S0167-4048(02)00415-7

Y. Tang, M. Hwang, C. Lee. “A simple remote user authentication scheme”. Mathematical and Computer Modeling. Vol. 36. 2002. pp. 103-107. DOI: https://doi.org/10.1016/S0895-7177(02)00106-1

C. Lee, L. Li, M. Hwang. “A remote user authentication scheme using hash functions”. ACM SIGOPS Operating Systems Review. Vol. 36. 2002. pp. 23-29. DOI: https://doi.org/10.1145/583800.583803

J. Shen, C. Lin, M. Hwang. “A modified remote user authentication scheme using smart cards”. IEEE Transactions on Consumer Electronics. Vol. 29. 2003. pp. 414-416. DOI: https://doi.org/10.1109/TCE.2003.1209534

W. Ku, S. Chen. “Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards”. IEEE Transactions on Consumer Electronics. Vol. 50. 2004. pp. 204-207. DOI: https://doi.org/10.1109/TCE.2004.1277863

E. Yoon, E. Ryu, K. Yoo. “Further improvement of an efficient password based remote user authentication scheme using smart cards”. IEEE Transactions on Consumer Electronics. Vol. 50. 2004. pp. 612-614. DOI: https://doi.org/10.1109/TCE.2004.1309437

M. Das, A. Saxena, V. Gulati. “A Dynamic ID-based remote user authentication scheme”. IEEE Transactions on Consumer Electronics. Vol. 50. 2004. pp. 629-631. DOI: https://doi.org/10.1109/TCE.2004.1309441

W. Ku, S. Chen, “Impersonation attack on a dynamic ID based remote user authentication using smartcards”. IEICE Transactions on Communications. Vol. E88-B. 2004. pp. 2165-2167. DOI: https://doi.org/10.1093/ietcom/e88-b.5.2165

Y. Wang, J. Liu, F. Xiao, J. Dan. “A more efficient and secure dynamic ID-based remote user authentication scheme”. Computer Communications. Vol. 32. 2009. pp. 583-585. DOI: https://doi.org/10.1016/j.comcom.2008.11.008

A. Awasthi. “Comment on A Dynamic ID-based remote user authentication scheme”. Transaction on Cryptology. Vol. 1. 2004. pp. 15-16.

I. Liao, C. Lee, M. Hwang. Security enhancement for a dynamic ID-based remote user authentication Scheme. in International Conference on Next Generation Web Services Practices. Seoul, South Korea. 2005. pp. 1-4.

L. Hu, X. Niu, Y. Yang. “Weaknesses and improvements of a remote user authentication scheme using smart cards”. The Journal of China Universities of Posts and Telecommunications. Vol. 14. 2007. pp. 91-94. DOI: https://doi.org/10.1016/S1005-8885(07)60155-1

Y. Liou, J. Lin, S. Wang. A New Dynamic ID-Based Remote User Authentication Scheme using Smart Cards. In 16th Information Security Conference. Taichung, Taiwan. 2006. pp. 198-205.

M. Ahmed, D. Lakshmi, S. Sattar. “Cryptanalysis of a more efficient and secure dynamic ID-based remote user authentication scheme”. International Journal of Network Security & Its Applications. Vol. 1. 2009. pp. 32-37.

S. Kim, M. Chung, “More secure remote user authentication scheme”. Computer Communications. Vol. 32. 2009. pp. 1018-1021. DOI: https://doi.org/10.1016/j.comcom.2008.11.026

T. Chen, H. Hsiang, W. Shih. “Security enhancement on an improvement on two remote user authentication schemes using smart cards”. Future Generation Computer Systems. Vol. 27. 2011. pp. 377-380. DOI: https://doi.org/10.1016/j.future.2010.08.007

E. Yoon, K. Yoo. “Improving the dynamic ID-based remote mutual authentication scheme”. On the Move to Meaningful Internet Systems. Vol. LNCS 4277. 2006. pp. 499-507. DOI: https://doi.org/10.1007/11915034_73

X. Wang, W. Zhang, J. Zhang, M. Khan. “Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards”. Computer Standards & Interfaces. Vol. 29. 2007. pp. 507-512. DOI: https://doi.org/10.1016/j.csi.2006.11.005

M. Misbahuddin, C. Bindu. “Cryptanalysis of LiaoLee-Hwang’s dynamic ID scheme”. International Journal of Network Security. Vol. 6. 2008. pp. 211- 213.

Y. Lee, G. Chang, W. Kuo, J. Chu. Improvement on the dynamic ID-based remote user authentication scheme. In 7th International Conference on Machine Learning and Cybernetics. Kunming, China. 2008. pp. 3283- 3287.

S. Sood, A. Sarje, K. Singh. An Improvement of Liao et al.’s Authentication Scheme using Smart Cards. In IEEE 2nd International Advance Computing Conference. Patiala, India. 2010. pp. 240-245. DOI: https://doi.org/10.1109/IADCC.2010.5423004

S. Sood, A. Sarje, K. Singh. An improvement of Wang et al.’s authentication scheme using smart cards. In National Conference on Communications. Chennai, India. 2010. pp. 29-31. DOI: https://doi.org/10.1145/1754288.1754303

R. Martínez, F. Rico, C. Satizabal, J. Pomykala. Improvement of the dynamic ID-based remote user authentication scheme. In International Conference on Information Society. London, UK. 2010. pp. 199-208.

M. Khan, S. Kim, K. Alghathbar. “Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme”. Computer Communications. Vol. 34. 2011. pp. 305-309. DOI: https://doi.org/10.1016/j.comcom.2010.02.011

S. Sood. “Secure dynamic identity-based authentication scheme using smart cards”. Information Security Journal: A Global Perspective. Vol. 20. 2011. pp. 67- 77. DOI: https://doi.org/10.1080/19393555.2011.560921

F. Wen, X. Li. “An improved dynamic ID-based remote user authentication with key agreement scheme”. Computers and Electrical Engineering. Vol. 38. 2012. pp. 381-387. DOI: https://doi.org/10.1016/j.compeleceng.2011.11.010

R. Martínez, F. Rico, C. Satizabal, J. Pomykala. “Efficient remote user authentication scheme using smart cards”. International Journal of Internet Technology and Secured Transactions. Vol. 3. 2011. pp. 407-418. DOI: https://doi.org/10.1504/IJITST.2011.043137

Y. Chang, H. Chang. Security of dynamic ID-based remote user authentication scheme. In 5th International Joint Conference on INC, IMS and IDC. Seoul, South Korea. 2009. pp. 2108-2110. DOI: https://doi.org/10.1109/NCM.2009.101

K. Yeh, C. Su, N. Lo, Y. Li, Y. Hung. “Two robust remote user authentication protocols using smart cards”. The Journal of Systems and Software. Vol. 83. 2010. pp. 2556-2565. DOI: https://doi.org/10.1016/j.jss.2010.07.062

R. Madhusudhan, R. Mittal, “Dynamic ID-based remote user password authentication schemes using smart cards: A review”. Journal of Network and Computer Applications. Vol. 35. 2012. pp. 1235-1248. DOI: https://doi.org/10.1016/j.jnca.2012.01.007

R. Wang, W. Juang, C. Lei. “Robust authentication and key agreement scheme preserving the privacy of secret key”. Computer Communications. Vol. 34. 2011. pp. 274-280. DOI: https://doi.org/10.1016/j.comcom.2010.04.005