Cryptanalysis and improvement of Chen-Hsiang- Shih’s remote user authentication scheme using smart cards

Rafael Martínez-Peláez; Francisco Rico-Novella; Pablo Velarde-Alvarado

doi:10.17533/udea.redin.17038

Autores/as

Rafael Martínez-Peláez Universidad de la Sierra Sur https://orcid.org/0000-0003-2188-9892
Francisco Rico-Novella Universidad Politécnica de Cataluña
Pablo Velarde-Alvarado Universidad Autónoma de Nayarit https://orcid.org/0000-0002-1211-1061

DOI:

https://doi.org/10.17533/udea.redin.17038

Palabras clave:

autenticación mutua, seguridad en redes, acuerdo de clave de sesión, tarjetas inteligentes, criptoanálisis

Resumen

Recientemente, Chen-Hsiang-Shih propusieron un nuevo esquema de autenticación de usuario remoto basado en un identificador dinámico. Los autores afirman que su esquema es más seguro que los trabajos previos. Sin embargo, se demuestra que su esquema continúa siendo inseguro contra diferentes tipos de ataques. Con el fin de mejorar la seguridad del esquema propuesto por Chen-Hsiang-Shih, se propone un esquema que consigue los siguientes objetivos de seguridad: el esquema no requiere de una tabla de verificación, cada usuario elige y cambia su contraseña libremente, cada usuario mantiene su contraseña en secreto, el esquema requiere autenticación mutua, el esquema establece una clave de sesión después de una autenticación correcta, y el esquema mantiene el anonimato del usuario. El análisis de seguridad y la comparación demuestran que nuestro esquema es más seguro que el esquema propuesto por Das-Saxena-Gulati, Wang-Liu-Xiao-Dan, y Chen-Hsiang-Shih.

|Resumen

= 96 veces | PDF

= 63 veces|

Descargas

Los datos de descargas todavía no están disponibles.

Biografía del autor/a

Rafael Martínez-Peláez, Universidad de la Sierra Sur

Instituto de Informática.

Francisco Rico-Novella, Universidad Politécnica de Cataluña

Departamento de Ingeniería Telemática.

Pablo Velarde-Alvarado, Universidad Autónoma de Nayarit

Área de Ciencias Básicas e Ingenierías.

Citas

L. Lamport. “Password authentication with insecure communication”. Communications of the ACM. Vol. 24. 1981. pp. 770-772. DOI: https://doi.org/10.1145/358790.358797

R. Rivest. RFC 1321 - the MD5 message-disgest algorithm. IETF Working Group. 1992. Available on: http://www.ietf.org/rfc/rfc1321.txt. Accessed: 4 Feb. 2013.

NIST. Secure Hash Standard (SHA), FIPS PUB 180-1. 1995, National Institute of Standards and Technology. Available on: http://www.itl.nist.gov/fipspubs/fip180- 1.htm. Accessed: 4 Feb. 2013.

C. Chang, T. Wu. “Remote password authentication with smart cards”. IEE Proceedings-E. Vol. 138. 1991. pp. 165-168. DOI: https://doi.org/10.1049/ip-e.1991.0022

M. Hwang, L. Li. “A new remote user authentication scheme using smart card”. IEEE Transactions on Consumer Electronics. Vol. 46. 2000. pp. 28-30. DOI: https://doi.org/10.1109/30.826377

T. Hwang, Y. Chen, C. Laih. Non-interactive password authentication without password tables. In IEEE Region 10 Conference on Computer and Communication System. Hong Kong, China. 1990. pp. 429-431.

C. Chang, T. Wu. A password authentication scheme without verification tables. In 8th IASTED International Symposium of Applied Informatics. Innsbruck, Austria. 1990. pp. 202-204.

T. Wu, H. Sung. “Authenticating passwords over an insecure channel”. Computer & Security. Vol. 15. 1996. pp. 431-439. DOI: https://doi.org/10.1016/0167-4048(96)00004-1

W. Yang, S. Shieh. “Password Authentication Schemes with Smart Cards”. Computers & Security. Vol. 18. 1999. pp. 727-733. DOI: https://doi.org/10.1016/S0167-4048(99)80136-9

H. Sun. “An efficient remote use authentication scheme using smart cards”. IEEE Transactions on Consumer Electronics. Vol. 46. 2000. pp. 958-961. DOI: https://doi.org/10.1109/30.920446

M. Sandirigama, A. Shimizu, M. Noda. “Simple and secure pass-word authentication protocol (SAS)”. IEICE Transactions on Communications. Vol. 6. 2000. pp. 1363-1365.

C. Lee, M. Hwang, W. Yang. “A flexible remote user authentication scheme using smart cards”. ACM Operating Systems Review. Vol. 36. 2002. pp. 46-52. DOI: https://doi.org/10.1145/567331.567335

H. Chien, J. Jan, Y. Tseng. “An efficient and practical solution to remote authentication: smart card”. Computer & Security. Vol. 21. 2002. pp. 372-375. DOI: https://doi.org/10.1016/S0167-4048(02)00415-7

Y. Tang, M. Hwang, C. Lee. “A simple remote user authentication scheme”. Mathematical and Computer Modeling. Vol. 36. 2002. pp. 103-107. DOI: https://doi.org/10.1016/S0895-7177(02)00106-1

C. Lee, L. Li, M. Hwang. “A remote user authentication scheme using hash functions”. ACM SIGOPS Operating Systems Review. Vol. 36. 2002. pp. 23-29. DOI: https://doi.org/10.1145/583800.583803

J. Shen, C. Lin, M. Hwang. “A modified remote user authentication scheme using smart cards”. IEEE Transactions on Consumer Electronics. Vol. 29. 2003. pp. 414-416. DOI: https://doi.org/10.1109/TCE.2003.1209534

W. Ku, S. Chen. “Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards”. IEEE Transactions on Consumer Electronics. Vol. 50. 2004. pp. 204-207. DOI: https://doi.org/10.1109/TCE.2004.1277863

E. Yoon, E. Ryu, K. Yoo. “Further improvement of an efficient password based remote user authentication scheme using smart cards”. IEEE Transactions on Consumer Electronics. Vol. 50. 2004. pp. 612-614. DOI: https://doi.org/10.1109/TCE.2004.1309437

M. Das, A. Saxena, V. Gulati. “A Dynamic ID-based remote user authentication scheme”. IEEE Transactions on Consumer Electronics. Vol. 50. 2004. pp. 629-631. DOI: https://doi.org/10.1109/TCE.2004.1309441

W. Ku, S. Chen, “Impersonation attack on a dynamic ID based remote user authentication using smartcards”. IEICE Transactions on Communications. Vol. E88-B. 2004. pp. 2165-2167. DOI: https://doi.org/10.1093/ietcom/e88-b.5.2165

Y. Wang, J. Liu, F. Xiao, J. Dan. “A more efficient and secure dynamic ID-based remote user authentication scheme”. Computer Communications. Vol. 32. 2009. pp. 583-585. DOI: https://doi.org/10.1016/j.comcom.2008.11.008

A. Awasthi. “Comment on A Dynamic ID-based remote user authentication scheme”. Transaction on Cryptology. Vol. 1. 2004. pp. 15-16.

I. Liao, C. Lee, M. Hwang. Security enhancement for a dynamic ID-based remote user authentication Scheme. in International Conference on Next Generation Web Services Practices. Seoul, South Korea. 2005. pp. 1-4.

L. Hu, X. Niu, Y. Yang. “Weaknesses and improvements of a remote user authentication scheme using smart cards”. The Journal of China Universities of Posts and Telecommunications. Vol. 14. 2007. pp. 91-94. DOI: https://doi.org/10.1016/S1005-8885(07)60155-1

Y. Liou, J. Lin, S. Wang. A New Dynamic ID-Based Remote User Authentication Scheme using Smart Cards. In 16th Information Security Conference. Taichung, Taiwan. 2006. pp. 198-205.

M. Ahmed, D. Lakshmi, S. Sattar. “Cryptanalysis of a more efficient and secure dynamic ID-based remote user authentication scheme”. International Journal of Network Security & Its Applications. Vol. 1. 2009. pp. 32-37.

S. Kim, M. Chung, “More secure remote user authentication scheme”. Computer Communications. Vol. 32. 2009. pp. 1018-1021. DOI: https://doi.org/10.1016/j.comcom.2008.11.026

T. Chen, H. Hsiang, W. Shih. “Security enhancement on an improvement on two remote user authentication schemes using smart cards”. Future Generation Computer Systems. Vol. 27. 2011. pp. 377-380. DOI: https://doi.org/10.1016/j.future.2010.08.007

E. Yoon, K. Yoo. “Improving the dynamic ID-based remote mutual authentication scheme”. On the Move to Meaningful Internet Systems. Vol. LNCS 4277. 2006. pp. 499-507. DOI: https://doi.org/10.1007/11915034_73

X. Wang, W. Zhang, J. Zhang, M. Khan. “Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards”. Computer Standards & Interfaces. Vol. 29. 2007. pp. 507-512. DOI: https://doi.org/10.1016/j.csi.2006.11.005

M. Misbahuddin, C. Bindu. “Cryptanalysis of LiaoLee-Hwang’s dynamic ID scheme”. International Journal of Network Security. Vol. 6. 2008. pp. 211- 213.

Y. Lee, G. Chang, W. Kuo, J. Chu. Improvement on the dynamic ID-based remote user authentication scheme. In 7th International Conference on Machine Learning and Cybernetics. Kunming, China. 2008. pp. 3283- 3287.

S. Sood, A. Sarje, K. Singh. An Improvement of Liao et al.’s Authentication Scheme using Smart Cards. In IEEE 2nd International Advance Computing Conference. Patiala, India. 2010. pp. 240-245. DOI: https://doi.org/10.1109/IADCC.2010.5423004

S. Sood, A. Sarje, K. Singh. An improvement of Wang et al.’s authentication scheme using smart cards. In National Conference on Communications. Chennai, India. 2010. pp. 29-31. DOI: https://doi.org/10.1145/1754288.1754303

R. Martínez, F. Rico, C. Satizabal, J. Pomykala. Improvement of the dynamic ID-based remote user authentication scheme. In International Conference on Information Society. London, UK. 2010. pp. 199-208.

M. Khan, S. Kim, K. Alghathbar. “Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme”. Computer Communications. Vol. 34. 2011. pp. 305-309. DOI: https://doi.org/10.1016/j.comcom.2010.02.011

S. Sood. “Secure dynamic identity-based authentication scheme using smart cards”. Information Security Journal: A Global Perspective. Vol. 20. 2011. pp. 67- 77. DOI: https://doi.org/10.1080/19393555.2011.560921

F. Wen, X. Li. “An improved dynamic ID-based remote user authentication with key agreement scheme”. Computers and Electrical Engineering. Vol. 38. 2012. pp. 381-387. DOI: https://doi.org/10.1016/j.compeleceng.2011.11.010

R. Martínez, F. Rico, C. Satizabal, J. Pomykala. “Efficient remote user authentication scheme using smart cards”. International Journal of Internet Technology and Secured Transactions. Vol. 3. 2011. pp. 407-418. DOI: https://doi.org/10.1504/IJITST.2011.043137

Y. Chang, H. Chang. Security of dynamic ID-based remote user authentication scheme. In 5th International Joint Conference on INC, IMS and IDC. Seoul, South Korea. 2009. pp. 2108-2110. DOI: https://doi.org/10.1109/NCM.2009.101

K. Yeh, C. Su, N. Lo, Y. Li, Y. Hung. “Two robust remote user authentication protocols using smart cards”. The Journal of Systems and Software. Vol. 83. 2010. pp. 2556-2565. DOI: https://doi.org/10.1016/j.jss.2010.07.062

R. Madhusudhan, R. Mittal, “Dynamic ID-based remote user password authentication schemes using smart cards: A review”. Journal of Network and Computer Applications. Vol. 35. 2012. pp. 1235-1248. DOI: https://doi.org/10.1016/j.jnca.2012.01.007

R. Wang, W. Juang, C. Lei. “Robust authentication and key agreement scheme preserving the privacy of secret key”. Computer Communications. Vol. 34. 2011. pp. 274-280. DOI: https://doi.org/10.1016/j.comcom.2010.04.005