Yung-Cheng Lee*¹, Yi-Chih Hsieh², Pei-Ju Lee³ and Peng-Sheng You⁴

¹ Department of Security Technology and Management, WuFeng University, Chiayi, Taiwan. *yclee@wfu.edu.tw.

² Department of Industrial Management, National Formosa University, Yunlin, Taiwan.

³ School of Information Science and Technology, University of Pittsburgh, 135 N Bellefield, Pittsburgh, PA 15260.

⁴ Graduate Institute of Marketing and Logistics/Transportation, National Chiayi University, Chiayi, Taiwan.

Nowadays, we can easily obtain variety of services through networks. But due to the open environment, networks are vulnerable to many security threats. The remote user authentication scheme is one of the most widely used mechanisms for servers to authorize users to access the services. In 2009, Ramasamy and Muniyandi proposed a discrete logarithm based remote authentication scheme with smart cards. Their scheme provides mutual authentication and withstands the denial of service attack, forgery attack and parallel session attack. In this article, we show that their scheme is not a practical solution for remote access. It lacks key agreement mechanism and users cannot choose or update passwords freely. Moreover, their scheme cannot resist the stolen-verifier attack, off-line guessing attack, impersonation attack and smart-card-loss-attack. We propose an improved scheme to remedy the drawbacks. The improved scheme has the merits of providing mutual authentication and key agreement, while forward and backward secrecy are ensured as well. The users can choose and update their passwords freely. Furthermore, the scheme can also withstand many attacks such as the smart-card-loss-attack, the replay attack, the off-line guessing attack, the insider attack, the impersonation attack and the parallel session attack.

Keywords: Remote authentication, smart cards, discrete logarithm problem.

DESCARGAR ARTÍCULO EN FORMATO PDF

Aknowledgments

This work was partially supported by the National Science Council of the Republic of China under the contract number NSC 101-2632-E-274-001-MY3.

References

[1] C. C. Chang and T. C. Wu, "Remote password authentication with smart cards," IEE Proc E- Comput Digit Tech, vol. 138, no. 3, pp. 165-168, 1991.         [ Links ]

[2] B. T. Hsieh et al., "On the security of some password authentication protocols," Informatica, vol. 14, no. 2, pp. 195-204, 2003.         [ Links ]

[3] M. S. Hwang and L. H. Li, "A new remote user authentication scheme using smart cards," IEEE T Consum Electr, vol. 1, no. 46, pp. 28-30, 2000.         [ Links ]

[4] C. W. Lin et al., "A new strong password authentication scheme using one-way hash functions," J Comput Sys Sc Int, vol. 45, no. 4, pp. 623-626, 2006.         [ Links ]

[5] X. Tian et al., "Improved efficient remote user authentication schemes," Int J Net Sec, vol. 4, no. 2, pp. 149-154, 2007.         [ Links ]

[6] W. H. Yang and S. P. Shieh, "Password authentication schemes with smart card," COMPSEC, vol. 8, no. 18, pp. 727-733, 1999.         [ Links ]

[7] E. J. Yoon et al., "Further improvement of an efficient password based remote user authentication scheme using smart cards," IEEE T Consum Electr, vol. 50, no. 2, pp. 612-614, 2004.         [ Links ]

[8] R. Martinez-Pelàez et al., "Security improvement of two dynamic ID-based authentication schemes by Sood-Sarje-Singh," J Appl Res Technol, vol. 11, no. 5, pp. 755-763, Oct. 2013.         [ Links ]

[9] M. Kumar, "Some remarks on a remote user authentication scheme using smart cards with forward secrecy," IEEE T Consum Electr, vol. 50, no. 2, pp. 615-618, 2004.         [ Links ]

[10] H. Y. Chien et al., "An efficient and practical solution to remote authentication: smart card," COMPSEC, vol. 4, no. 21, pp. 372-375, 2002.         [ Links ]

[11] H. C. Hsiang and W. K. Shih, "Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards," Comput Commun, vol. 32, no. 4, pp. 649-652, 2009.         [ Links ]

[12] W. C. Ku and S. M. Chen, "Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards," IEEE T Consum Electr, vol. 50, no. 1, pp. 204-207, 2004.         [ Links ]

[13] R. Ramasamy, A. P. Muniyandi, "New remote mutual authentication scheme using smart cards," T data privacy, vol. 2, pp. 141-152, 2009.         [ Links ]

[14] L. Lamport, "Password authentication with insecure communication," Commun ACM, vol. 24, no. 11, pp. 770-772, 1981.         [ Links ]

[15] M. S. Hwang and L. H. Li, "A new remote user authentication scheme using smart cards," IEEE T Consum Electr, vol. 46, no. 1, pp. 28-30, 2000.         [ Links ]

[16] T. ElGamal, "A public key cryptosystem and a signature scheme based on discrete logarithms," IEEE T Inform Theory, vol. 31, no. 4, pp. 469-472, 1985.         [ Links ]

[17] C. K. Chan and L. M. Cheng, "Cryptanalysis of a remote user authentication scheme using smart cards," IEEE T Consum Electr, vol. 46, pp. 992-993, 2000.         [ Links ]

[18] J. J. Shen et al., "A modified remote user authentication scheme using smart cards," IEEE T Consum Electr, vol. 49, no. 2, pp. 414-416, 2003.         [ Links ]

[19] K. C. Leung et al., "Cryptanalysis of a remote user authentication scheme using smart cards", IEEE T Consum Electr, vol. 49, no. 4, pp. 1243-1245, 2003.         [ Links ]

[20] A. K. Awasthi and S. Lal, "A remote user authentication scheme using smarts cards with forward secrecy," IEEE T Consum Electr, vol. 49, no. 4, pp. 1246-1248, 2003.         [ Links ]

[21] E. J. Yoon et al., "Efficient remote user authentication scheme based on generalized ElGamal signature scheme," IEEE T Consum Electr, vol. 50, no. 2, pp. 568-570, 2004.         [ Links ]

[22] X. Tian et al., "Improved efficient remote user authentication schemes," Int J Net Sec, vol.4, no.2, pp.149-154, 2007.         [ Links ]

[23] Y. C. Lee, "Smart - card - loss - attack and improvement of Hsiang et al.'s authentication scheme," J Appl Res Technol, vol. 11, no. 4, pp. 597-603, Aug. 2013.         [ Links ]