article

Robust smart-card-based remote user password authenticationscheme

Authors:

Lih-Chyau WuuAuthors Info & Claims

International Journal of Communication Systems, Volume 27, Issue 2

Pages 377 - 389

https://doi.org/10.1002/dac.2368

Published: 01 February 2014 Publication History

Abstract

Smart-card-based remote user password authentication schemes are commonly used for providing authorized users a secure method for remotely accessing resources over insecure networks. In 2009, Xu etal. proposed a smart-card-based password authentication scheme. They claimed their scheme can withstand attacks when the information stored on the smart card is disclosed. Recently, Sood etal. and Song discovered that the smart-card-based password authentication scheme of Xu etal. is vulnerable to impersonation and internal attacks. They then proposed their respective improved schemes. However, we found that there are still flaws in their schemes: the scheme of Sood etal. does not achieve mutual authentication and the secret key in the login phase of Song's scheme is permanent and thus vulnerable to stolen-smart-card and off-line guessing attacks. In this paper, we will propose an improved and efficient smart-card-based password authentication and key agreement scheme. According to our analysis, the proposed scheme not only maintains the original secret requirement but also achieves mutual authentication and withstands the stolen-smart-card attack. Copyright © 2012 John Wiley & Sons, Ltd.

References

[1]

Lamport L .Password authentication with insecure communication. Communications of the ACM 1987; Volume 24 Issue 11: pp.770-772.

[2]

Hwang MS, Li LH .A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 2000; Volume 46 Issue 1: pp.28-30.

[3]

Chen BL, Kuo WC, Wuu LC .A secure password-based remote user authentication scheme without smart cards. Information Technology and Control 2012; Volume 41 Issue 1: pp.53-59.

[4]

Chien HY, Jan JK, Tseng YM .An efficient and practical solution to remote authentication: Smart card. Computers & Security 2002; Volume 21 Issue 4: pp.372-375.

[5]

Das ML .Two-factor user authentication in wireless sensor networks. IEEE Transactions on Wireless Communications 2009; Volume 8 Issue 3: pp.1086-1090.

[6]

Lee SW, Kim HS, Yoo KY .Improvement of Chien et al.'s remote user authentication scheme using smart cards. Computer Standards & Interfaces 2005; Volume 27 Issue 2: pp.181-183.

[7]

Lin CY, Hwang T .On 'a simple three-party password-based key exchange protocol'. IJCS: International Journal of Communication Systems 2011; Volume 24 Issue 11: pp.1520-1532.

[8]

Pippal RS, Jaidhar CD, Tapaswi S .Comments on symmetric key encryption based smart card authentication scheme. Proceedings of the Second International Conference on Computer Technology and Development ICCTD, Cairo, Egypt, 2-4 November 2010; pp.482-484.

[9]

Song R .Advanced smart card based password authentication protocol. Computer Standards & Interfaces 2010; Volume 32 Issue 5: pp.321-325.

[10]

Sood SK, Sarje AK, Singh K .An improvement of Xu et al.'s authentication scheme using smart cards. Proceedings of The Third Annual ACM Bangalore Conference, Bangalore, Karnataka, India, 2010; pp.1-5.

Digital Library

[11]

Xu J, Zhu WT, Feng DG .An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 2009; Volume 31 Issue 4: pp.723-728.

[12]

Yang G, Wong DS, Wang H, Deng X .Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences 2008; Volume 74: pp.1160-1172.

[13]

Yeh KH, Lo NW, Li Y .Cryptanalysis of Hsiang-Shih's authentication scheme for multi-server architecture. IJCS:International Journal of Communication Systems 2011; Volume 24 Issue 7: pp.829-836.

[14]

Kocher P, Jaffe J, Jun B .Differential power analysis. Advances in Cryptology, CRYPTO'99 1999; Volume 1666: pp.788-797.

[15]

Messerges TS, Dabbish EA, Sloan RH .Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers 2002; Volume 51 Issue 5: pp.541-552.

[16]

Forouzan BA .Introduction to Cryptography and Network Security. McGraw-Hill, Inc: New York, 2008.

Cited By

Kandar SGhosh A(2023)Smart Card Based Remote User Authentication Scheme in Multi-server Environment Using Chebyshev Chaotic MapWireless Personal Communications: An International Journal10.1007/s11277-024-10895-w133:4(2657-2685)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s11277-024-10895-w
Zhang YHuang ZZhu QMeng L(2022)Patient Family Binding and Authentication Scheme with Privacy Protection for E-Health SystemSecurity and Communication Networks10.1155/2022/18832932022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1883293
Shukla SPatel S(2022)A novel ECC-based provably secure and privacy-preserving multi-factor authentication protocol for cloud computingComputing10.1007/s00607-021-01041-6104:5(1173-1202)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1007/s00607-021-01041-6
Show More Cited By

Robust smart-card-based remote user password authenticationscheme
1. Security and privacy
  1. Security services
2. Theory of computation

Recommendations

Improved Biometric-Based Three-factor Remote User Authentication Scheme with Key Agreement Using Smart Card
ICISS 2013: Proceedings of the 9th International Conference on Information Systems Security - Volume 8303

Remote user authentication is a very important mechanism in the network system to verify the correctness of remote user and server over the insecure channel. In remote user authentication, server and user mutually authenticate each other and draw a ...
Cryptanalysis and improvement of 'a robust smart-card-based remote user password authentication scheme'

With the use of smart card in user authentication mechanisms, the concept of two-factor authentication came into existence. This was a forward move towards more secure and reliable user authentication systems. It elevated the security level by requiring ...
Improvement of robust smart-card-based password authentication scheme

Smart-card-based password authentication scheme is one of the commonly used mechanisms to prevent unauthorized service and resource access and to remove the potential security threats over the insecure networks and has been investigated extensively in ...

Comments

Information & Contributors

Information

Published In

cover image International Journal of Communication Systems

International Journal of Communication Systems Volume 27, Issue 2

February 2014

202 pages

ISSN:1074-5351

EISSN:1099-1131

Issue’s Table of Contents

Publisher

John Wiley and Sons Ltd.

United Kingdom

Publication History

Published: 01 February 2014

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

42
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kandar SGhosh A(2023)Smart Card Based Remote User Authentication Scheme in Multi-server Environment Using Chebyshev Chaotic MapWireless Personal Communications: An International Journal10.1007/s11277-024-10895-w133:4(2657-2685)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s11277-024-10895-w
Zhang YHuang ZZhu QMeng L(2022)Patient Family Binding and Authentication Scheme with Privacy Protection for E-Health SystemSecurity and Communication Networks10.1155/2022/18832932022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1883293
Shukla SPatel S(2022)A novel ECC-based provably secure and privacy-preserving multi-factor authentication protocol for cloud computingComputing10.1007/s00607-021-01041-6104:5(1173-1202)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1007/s00607-021-01041-6
Liu PShirazi SLiu WXie Y(2021)pKASSecurity and Communication Networks10.1155/2021/65717002021Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1155/2021/6571700
Maitra TSingh SSaurabh RGiri D(2021)Analysis and enhancement of secure three-factor user authentication using Chebyshev Chaotic MapJournal of Information Security and Applications10.1016/j.jisa.2021.10291561:COnline publication date: 1-Sep-2021
https://dl.acm.org/doi/10.1016/j.jisa.2021.102915
Meshram CIbrahim RDeng LShende SMeshram SBarve S(2021)A robust smart card and remote user password-based authentication protocol using extended chaotic maps under smart cities environmentSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-021-05929-525:15(10037-10051)Online publication date: 1-Aug-2021
https://dl.acm.org/doi/10.1007/s00500-021-05929-5
Yang HZhang YZhao PCheng XHuang Q(2020)A privacy protection secure communication protocols for the Industrial Internet of ThingsProceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies10.1145/3444370.3444580(250-255)Online publication date: 4-Dec-2020
https://dl.acm.org/doi/10.1145/3444370.3444580
Wang PLi BShi HShen YWang DLi F(2019)Revisiting Anonymous Two-Factor Authentication Schemes for IoT-Enabled Devices in Cloud Computing EnvironmentsSecurity and Communication Networks10.1155/2019/25169632019Online publication date: 23-May-2019
https://dl.acm.org/doi/10.1155/2019/2516963
Tritilanunt S(2019)A Biometric Smart Card Based Remote User Authentication for Telecare Medicine Information SystemProceedings of the 2019 4th International Conference on Cloud Computing and Internet of Things10.1145/3361821.3361822(59-65)Online publication date: 20-Sep-2019
https://dl.acm.org/doi/10.1145/3361821.3361822
Karuppiah MDas ALi XKumari SWu FChaudhry SNiranchana R(2019)Secure Remote User Mutual Authentication Scheme with Key Agreement for Cloud EnvironmentMobile Networks and Applications10.1007/s11036-018-1061-824:3(1046-1062)Online publication date: 1-Jun-2019
https://dl.acm.org/doi/10.1007/s11036-018-1061-8
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents