SciELO - Scientific Electronic Library Online

 
vol.18 número4Simulation of Baseball Gaming by Cooperation and Non-Cooperation StrategiesA Heuristic Approach for Blind Source Separation of Instant Mixtures índice de autoresíndice de materiabúsqueda de artículos
Home Pagelista alfabética de revistas  

Servicios Personalizados

Revista

Articulo

Indicadores

Links relacionados

  • No hay artículos similaresSimilares en SciELO

Compartir


Computación y Sistemas

versión impresa ISSN 1405-5546

Comp. y Sist. vol.18 no.4 México oct./dic. 2014

http://dx.doi.org/10.13053/CyS-18-4-1398 

Artículos regulares

 

Security Enhancement on Li-Lee's Remote User Authentication Scheme Using Smart Card

 

Rafael Martínez-Peláez1, Francisco Rico-Novella2, and Pablo Velarde-Alvarado3

 

1 Institute of Informatics, University of Sierra Sur, Miahuatlán de Porfirio Díaz, Mexico. rpelaez@unsis.edu.mx

2 Department of Telematics Engineering, Universitat Politecnica de Catalunya, Barcelona, Spain. f.rico@entel.upc.edu

3 Area of Basic Sciences and Engineering, Autonomous University of Nayarit, Tepic, Mexico. pvelarde@uan.edu.mx

 

Article received on 19/09/2012.
Accepted on 07/08/2013.

 

Abstract

Recently, Li and Lee proposed a new remote user authentication scheme using smart card. However, their scheme requires a verification table and the user's identity is not protected. Moreover, users cannot change their password off-line. In order to overcome the security flaws, we propose a new scheme which provides more security without affecting the merits of the original scheme.

Keywords: Cryptanalysis, mutual authentication, network security, session key, smart card.

 

DESCARGAR ARTÍCULO EN FORMATO PDF

 

References

1 Ahmed, M.A., Lakshmi, D.R., & Sattar, S.A. (2009). Cryptanalysis of a more efficient and secure dynamic ID-based remote user authentication scheme. International Journal of Network Security & Its Applications, Vol. 1, No. 3, pp. 32-37.         [ Links ]

2 Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., & Hankes Drielsma, P. (2005). The AVISPA Tool for the automated validation of internet security protocols and applications. Proc. of 17th International Conference on Computer Aided Verfication, pp. 281-285.         [ Links ]

3 Chang, C.C. & Wu, T.C. (1991). Remote password authentication with smart cards. IEE Proceedings-E, Vol. 138, No. 3, pp. 165-168.         [ Links ]

4 Chen, T.H., Hsiang, H.C., & Shih, W.K. (2011). Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Generation Computer Systems, Vol. 27, No. 4, pp. 377-380.         [ Links ]

5 Chevalier, Y., Compagna, L., Cuellar, J., & Hankes Drielsma, P. (2004). A High Level Protocol Specifiction Language for Industrial Security-Sensitive Protocols. Workshop on Specification and Automated Processing of Security Requirements, pp. 193-205.         [ Links ]

6 Das, M.L., Saxena, A., & Gulati, V.P. (2004). A Dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629-631.         [ Links ]

7 Hu, L.I., Niu, X.X., & Yang, Y.X. (2007). Weaknesses and improvements of a remote user authentication scheme using smart cards. The Journal of China Universities of Posts and Telecommunications, Vol. 14, No. 3, pp. 91 -94.         [ Links ]

8 Hwang, M.S. & Li, L.H. (2000). A new remote user authentication scheme using smart card. IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30.         [ Links ]

9 Kim, S.K. & Chung, M.G. (2009). More secure remote user authentication scheme. Computer Communications, Vol. 32, No. 66, pp. 1018-1021.         [ Links ]

10 Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, Vol. 24, No. 11, pp. 770-772.         [ Links ]

11 Lee, Y.C., Chang, G.K., Kuo, W.C., & Chu, J.L. (2008). Improvement on the dynamic ID-based remote user authentication scheme. Proc. of 7th International Conference on Machine Learning and Cybernetics, pp. 3283-3287.         [ Links ]

12 Li, C.T. (2011). Secure smart card based password authentication scheme with user anonymity. Information Technology and Control, Vol. 40, No. 2, pp. 157-162.         [ Links ]

13 Li, C.T. & Lee, C.C. (2011). A Robust remote user authentication scheme using smart card. Information Technology and Control, Vol. 40, No. 3, pp. 236-244.         [ Links ]

14 Liou, Y.P., Lin, J., & Wang, S.S. (2006). A New Dynamic ID-Based Remote User Authentication Scheme using Smart Cards. Proc. of 16th Information Security Conference, pp. 198-205.         [ Links ]

15 Madhusudhan, R. & Mittal, R.C. (2012). Dynamic ID-based remote user password authentication schemes using smart cards: A review. Journal of Network and Computer Applications, Vol. 35, No. 4, pp. 1235-1248.         [ Links ]

16 Martinez-Peláez, R., Rico-Novella, F., & Velarde-Alvarado, P. (2013). Cryptanalysis and improvement of Chen-Hsiang-Shih's remote user authentication scheme using smart cards. Revista Facultad de Ingeniería Universidad de Antioquia, Vol. 68, pp. 27-35.         [ Links ]

17 Martínez-Peláez, R., Rico-Novella, F.J., Forné, J., & Velarde-Alvarado, P. (2013). Security Improvement of Two Dynamic ID-based Authentication Schemes by Sood-Sarje-Singh. Journal of Applied Research and Technology, Vol. 11, No. 5, pp. 755-763.         [ Links ]

18 Misbahuddin, M. & Bindu, C.S. (2008). Cryptanalysis of Liao-Lee-Hwang's dynamic ID scheme. International Journal of Network Security, Vol. 6, No. 2, pp. 211-213.         [ Links ]

19 NIST (1995). Secure Hash Standard (SHA), FIPS PUB 180-1, National Institute of Standards and Technology, http://www.itl.nist.gov/fipspubs/fip180-1.htm.         [ Links ]

20 Rivest, R. (1992). RFC 1321 - the MD5 message-disgest algorithm, IETF Working Group, http://www.ietf.org/rfc/rfc1321.txt.         [ Links ]

21 Sandirigama, M., Shimizu, A., & Noda, M.T. (2000). Simple and secure pass-word authentication protocol (SAS). IEICE Transactions on Communications, E83-B(6), pp.1363-1365.         [ Links ]

22 Sun, H.M. (2000). An efficient remote user authentication scheme using smart cards. IEEE Transactions on Computers, Vol. 46, No. 4, pp. 958-961.         [ Links ]

23 Wang, X.M., Zhang, W.F., Zhang, J. S., & Khan, M.K. (2007). Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Standards & Interfaces, Vol. 29, No. 5, pp. 507-512.         [ Links ]

24 Wang, Y.Y., Liu, J.Y., Xiao, F.X., & Dan, J. (2009). A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications, Vol. 32, No. 2, pp. 583-585.         [ Links ]

25 Wu, T. & Sung, H. (1996). Authenticating passwords over an insecure channel. Computer & Security, Vol.15, No. 5, pp. 431-439.         [ Links ]

26 Yang, W.H. & Shieh, S.P. (1999). Password Authentication Schemes with Smart Cards. Computers & Security, Vol.18, No. 8, pp. 727-733.         [ Links ]

27 Yoon, E.J. & Yoo, K.Y. (2006). Improving the dynamic ID-based remote mutual authentication scheme. in On the Move to Meaningful Internet Systems, Vol. LNCS 4277, pp. 499-507.         [ Links ]

Creative Commons License Todo el contenido de esta revista, excepto dónde está identificado, está bajo una Licencia Creative Commons