Computer Science and Information Engineering

Jian-Wen Peng1, Wen-Bing Horng This email address is being protected from spambots. You need JavaScript enabled to view it.2, Ying-Ching Chiu2 and Chao-Sheng Liu2

1Department of Commerce Technology and Management, Chihlee Institute of Technology, Taipei, Taiwan 220, R.O.C.
2Department of Computer Science and Information Engineering, Tamkang University, Tamsui, Taiwan 251, R.O.C.

 

Received: February 18, 2013
Accepted: June 28, 2013
Publication Date: September 1, 2013

Download Citation: ||https://doi.org/10.6180/jase.2013.16.3.07  


ABSTRACT

Remote user authentication is an essential part in electronic commerce to identify legitimate users over the Internet. However, how to protect user privacy in the authentication has become an important issue recently. Therefore, many secure authentication schemes with smart cards have been proposed. In this paper, we will analyze the security weaknesses of two recently proposed authentication schemes for preserving user privacy. First, Chang et al. (2011) proposed a robust and efficient remote user authentication scheme to provide user anonymity. However, this scheme fails to protect user privacy in terms of anonymity and traceability. In addition, it is vulnerable to the server counterfeit attack and it does not provide perfect forward secrecy for session keys. Furthermore, if the smart card is lost, it will suffer from the offline password guessing attack as well as the user impersonation attack. Second, Wen and Li (2012) recently presented an improved dynamic ID-based authentication scheme with key agreement. However, this scheme is vulnerable to traceability. In addition, it does not support perfect forward secrecy for session keys. Furthermore, the insecure offline password change phase and online secret renewal phase will result in the denial of service attack.


Keywords: Authentication, Cryptanalysis, Perfect Forward Secrecy, Session Key, Smart Card


REFERENCES

  1. [1] Lamport, L., “Password Authentication with Insecure Communication,” Communications of the ACM, Vol. 24, No. 11, pp. 770772 (1981). doi: 10.1145/358790. 358797
  2. [2] Hwang, M. S. and Li, L. H., “A New Remote User Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 2830 (2000). doi: 10.1109/30.826377
  3. [3] Hwang, M. S., Lee, C. C. and Tang, Y. L., “A Simple Remote User Authentication Scheme,” Mathematical and Computer Modelling, Vol. 36, No. 12, pp. 103 107 (2002). doi: 10.1016/S0895-7177(02)00106-1
  4. [4] Chien, H. Y., Jan, J. K. and Tseng, Y. M., “An Efficient and Practical Solution to Remote Authentication: Smart Card,” Computers & Security, Vol. 21, No. 4, pp. 372375 (2002). doi: 10.1016/S0167-4048(02)00415-7
  5. [5] Fan, C. I., Chan, Y. C. and Zhang, Z. K., “Robust Remote Authentication Scheme with Smart Cards,” Computers & Security, Vol. 24, No. 8, pp. 619628 (2005). doi: 10.1016/j.cose.2005.03.006
  6. [6] Shieh, W. G. and Wang, J. M., “Efficient Remote Mutual Authentication and Key Agreement,” Computers & Security, Vol. 25, No. 1, pp. 7277 (2006). doi: 10.1016/j.cose.2005.09.008
  7. [7] Liao, I. E., Lee, C. C. and Hwang, M. S., “A Password Authentication Scheme over Insecure Networks,” Journal of Computer and System Sciences, Vol. 72, No. 4, pp. 727740 (2006). doi: 10.1016/j.jcss.2005. 10.001
  8. [8] Shieh, W. G. and Horng, W. B., “Efficient and Complete Remote Authentication Scheme with Smart Cards,” Proc. IEEE International Conference on Intelligence and Security Informatics, Taipei, Taiwan, June 1720, pp. 122127 (2008). doi: 10.1109/ISI.2008.4565041
  9. [9] Chung, H. R., Ku, W. C. and Tsaur, M. J., “Weaknesses and Improvement of Wang et al.’s Remote User Password Authentication Scheme for Resource-Limited Environments,” Computer Standards & Interfaces, Vol. 31, No. 4, pp. 863868 (2009). doi: 10.1016/j.csi. 2008.09.020
  10. [10] Hsiang, H. C. and Shih, W. K., “Weaknesses and Improvements of the Yoon-Ryu-Yoo Remote User Authentication Scheme Using Smart Cards,” Computer Communications, Vol. 32, No. 4, pp. 649652 (2009). doi: 10.1016/j.comcom.2008.11.019
  11. [11] Shieh, W. G. and Horng, W. B., “A Security and Efficiency Improvement of Chung et al.’s Remote Authentication Scheme for Resource-Limited Environments,” Journal of Converge Information Technology, Vol. 8, No. 2, pp. 795803 (2013). doi: 10.4156/jcit.vol8. issue2.95
  12. [12] Das, M. L., Saxena, A. and Gulati, V. P., “A Dynamic ID-Based Remote User Authentication Scheme,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629631 (2004). doi: 10.1109/TCE.2004.1309441
  13. [13] Awasthi, A. K. and Lal, S., “Security Analysis of a Dynamic ID-Based Remote User Authentication Scheme,” http://eprint.iacr.org/2004/238.pdf (2004).
  14. [14] Ku, W. C. and Chang, S. T., “Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards,” IEICE Transactions on Communications, Vol. E88-B, No. 5, pp. 21652167 (2005). doi: 10.1093/ietcom/e88-b.5.2165
  15. [15] Shieh, W. G. and Chi, Y. H., “A Mutual Authentication Scheme Protecting User’s Anonymity Using Smart Card,” WSEAS Transactions on Information Science and Applications, Vol. 3, No. 6, pp. 10721077 (2006).
  16. [16] Wang, Y. Y., Liu, J. Y., Xiao, F. X. and Dan, J., “A More Efficient and Secure Dynamic ID-Based Remote User Authentication Scheme,” Computer Communications, Vol. 32, No. 4, pp. 583585 (2009). doi: 10.1016/j.comcom.2008.11.008
  17. [17] Yeh, K. H., Su, C., Lo, N. W., Li, Y. and Hung, Y. X., “Two Robust Remote User Authentication Protocols Using Smart Cards,” Journal of System and Software, Vol. 83, No. 12, pp. 25562565 (2010). doi: 10.1016/ j.jss.2010.07.062
  18. [18] Khan, M. K., Kim, S. K. and Alghathbar, K., “Cryptanalysis and Security Enhancement of a ‘More Efficient & Secure Dynamic ID-Based Remote User Authentication Scheme’,” Computer Communications, Vol. 34, No. 3, pp. 305309 (2011). doi: 10.1016/ j.comcom.2010.02.011
  19. [19] Chang, C. C., Le, H. D., Lee, C. Y. and Chang, C. H., “A Robust and Efficient Smart Card Oriented Remote User Authentication Protocol,” Proc. of 7th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Dalian, China, Oct. 1416, pp. 252255 (2011). doi: 10.1109/IIHMSP. 2011.51
  20. [20] Wen, F. and Li, X., “An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme,” Computers and Electrical Engineering, Vol. 38, No. 2, pp. 381387 (2012). doi: 10.1016/j. compeleceng.2011.11.010
  21. [21] Chien, H. Y. and Chen, C. H., “A Remote Authentication Scheme Preserving User Anonymity,” Proc. of IEEE 19th International Conference on Advanced Information Networking and Applications, Taipei, Taiwan, March 2830, pp. 245248 (2005). doi: 10. 1109/AINA.2005.54

Latest Articles

Dynamic Analysis of the UHPFRC High-rise Building under High Explosion using Coupled Eulerian-Lagrangian Approach
Dynamic Analysis of the UHPFRC High-rise Building under High Explosion using Coupled Eulerian-Lagrangian ApproachVolume 28, Issue 2 (In Press)

Read more: ...

NSGA-II Algorithm-Based Wide Area Measurement (WAMS) Allocation with Considering Reliability
NSGA-II Algorithm-Based Wide Area Measurement (WAMS) Allocation with Considering ReliabilityVolume 28, Issue 2 (In Press)

Read more: ...

Predicting Demand for Emergency Ambulance Services: A Comparative Approach
Predicting Demand for Emergency Ambulance Services: A Comparative ApproachVolume 27, Issue 10

Read more: ...

Multi-level Semantic Fusion Network for Few-shot Multimedia Image Recognition in Education Management
Multi-level Semantic Fusion Network for Few-shot Multimedia Image Recognition in Education ManagementVolume 28, Issue 2 (In Press)

Read more: ...

River bank erosion prediction using multivariable linear regression
River bank erosion prediction using multivariable linear regressionVolume 27, Issue 12 (In Press)

Read more: ...

Optimization of Ultrasound-Assisted Pectin Extraction from Durian Rind
Optimization of Ultrasound-Assisted Pectin Extraction from Durian RindVolume 28, Issue 2 (In Press)

Read more: ...

Short-time prediction model for cross-section passenger flow in urban transit trains using GCN-AM-BiLSTM
Short-time prediction model for cross-section passenger flow in urban transit trains using GCN-AM-BiLSTMVolume 28, Issue 2 (In Press)

Read more: ...

Response Prediction Analysis of RC Frame Structures Using Support Vector Machine Algorithm
Response Prediction Analysis of RC Frame Structures Using Support Vector Machine AlgorithmVolume 28, Issue 2 (In Press)

Read more: ...

Using the non-dominated sorting genetic algorithm II for multi-objective optimization of acoustic performance in sandwich panels with cellular honeycomb core
Using the non-dominated sorting genetic algorithm II for multi-objective optimization of acoustic performance in sandwich panels with cellular honeycomb coreVolume 28, Issue 2 (In Press)

Read more: ...