Wen-Gong Shieh1 and Wen-Bing Horng This email address is being protected from spambots. You need JavaScript enabled to view it.2

1Department of Information Management, Chinese Culture University, Taipei, Taiwan 111, R.O.C.
2Department of Computer Science and Information Engineering, Tamkang University Tamsui, Taiwan 251, R.O.C.


 

Received: September 4, 2011
Accepted: May 17, 2013
Publication Date: September 1, 2013

Download Citation: ||https://doi.org/10.6180/jase.2013.16.3.11  


ABSTRACT


Remote authentication is an essential part of the rapid-growing electronic commerce. Recently, Huang and Wei proposed a complete authentication scheme using smart cards with only lightweight operations, such as exclusive-or operations, secure one-way hash functions, and pseudo-random number generators. However, Yeh et al. indicated that Huang-Wei’s scheme is vulnerable to the probing analysis attack and then presented a security-enhanced scheme. In this paper, we will show that Yeh et al.’s enhanced scheme suffers from two different kinds of attacks. First, Yeh et al.’s scheme is also vulnerable to two different types of probing analysis attacks. Second, their scheme is susceptible to the user impersonation attack. Moreover, we also develop the mathematical backgrounds for these two types of probing analysis attacks, which can be used by the authentication protocol designers to avoid such kind of attacks.


Keywords: Authentication, Cryptanalysis, Probing Analysis Attack, Security, Smart Card


REFERENCES


  1. [1] M’Raïhi, D. and Yung, M., “E-Commerce Applications of Smart Cards,” Computer Networks, Vol. 36, No. 4, pp. 453472 (2001). doi: 10.1016/S1389-1286 (01)00166-9
  2. [2] Lamport, L., “Password Authentication with Insecure Communication,” Communications of the ACM, Vol. 24, No. 11, pp. 770772 (1981). doi: 10.1145/358790. 358797
  3. [3] Hwang, M. S. and Li, L. H., “A New Remote User Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 2830 (2000). doi: 10.1109/30.826377
  4. [4] Juang, W. S., “Efficient Password Authenticated Key Agreement Using Smart Cards,” Computers & Security, Vol. 23, No. 2, pp. 167173 (2004). doi: 10.1016/ j.cose.2003.11.005
  5. [5] Fan, C. I., Chan, Y. C. and Zhang, Z. K., “Robust Remote Authentication Scheme with Smart Cards,” Computers & Security, Vol. 24, No. 8, pp. 619628 (2005). doi: 10.1016/j.cose.2005.03.006
  6. [6] Liaw, H. T., Lin, J. F. and Wu, W. C., “An Efficient and Complete Remote User Authentication Scheme Using Smart Cards,” Mathematical and Computer Modelling, Vol. 44, No. 12, pp. 223228 (2006). doi: 10. 1016/j.mcm.2006.01.015
  7. [7] Liao, I. E., Lee, C. C. and Hwang, M. S., “A Password Authentication Scheme over Insecure Networks,” Journal of Computer and System Sciences, Vol. 72, No. 4, pp. 727740 (2006). doi: 10.1016/j.jcss.2005.10.001
  8. [8] Chung, H. R., Ku, W. C. and Tsaur, M. J., “Weaknesses and Improvement of Wang et al.’s Remote User Password Authentication Scheme for Resource-Limited Environments,” Computer Standards & Interfaces, Vol. 31, No. 4, pp. 863868 (2009). doi: 10.1016/ j.csi.2008.09.020
  9. [9] Song, R., “Advanced Smart Card Based Password Authentication Protocol,” Computer Standards & Interfaces, Vol. 32, No. 56, pp. 321325 (2010). doi: 10.1016/j.csi.2010.03.008
  10. [10] Sun, H. M., “An Efficient Remote User Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, pp. 958961 (2000). doi: 10.1109/30.920446
  11. [11] Hwang, M. S., Lee, C. C. and Tang, Y. L., “A Simple Remote User Authentication Scheme,” Mathematical and Computer Modelling, Vol. 36, No. 12, pp. 103 107 (2002). doi: 10.1016/S0895-7177(02)00106-1
  12. [12] Chien, H. Y., Jan, J. K. and Tseng, Y. M., “An Efficient and Practical Solution to Remote Authentication: Smart Card,” Computers & Security, Vol. 21, No. 4, pp. 372 375 (2002). doi: 10.1016/S0167-4048(02)00415-7
  13. [13] Ku, W. C. and Chen, S. M., “Weaknesses and Improvements of an Efficient Password Based Remote User authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, pp. 204207 (2004). doi: 10.1109/TCE.2004.1277863
  14. [14] Shieh, W. G. and Wang, J. M., “Efficient Remote Mutual Authentication and Key Agreement,” Computers & Security, Vol. 25, No. 1, pp. 7277 (2006). doi: 10.1016/j.cose.2005.09.008
  15. [15] Shieh, W. G. and Horng, W. B., “An Improvement of Liaw-Lin-Wu’s Efficient and Complete Remote Mutual Authentication with Smart Cards,” WSEAS Transactions on Information Science and Applications, Vol. 4, No. 6, pp. 12001205 (2007).
  16. [16] Huang, H. F. and Wei, W. C., “A New Efficient and Complete Remote User Authentication Protocol with Smart Card,” International Journal of Innovative Computing, Information and Control, Vol. 4, No. 11, pp. 28032808 (2008).
  17. [17] Yeh, K. H., Lo, N. W. and Winata, E., “Cryptanalysis of an Efficient Remote User Authentication Scheme with Smart Cards,” International Journal of Innovative Computing, Information and Control, Vol. 6, No. 6, pp. 25952608 (2010).


    
 

0.9
2021CiteScore
 
 
42nd percentile
Powered by  Scopus

SCImago Journal & Country Rank

Enter your name and email below to receive latest published articles in Journal of Applied Science and Engineering.