article

An improved smart card based password authentication scheme with provable security

Authors:

Jing Xu,

Wen-Tao Zhu,

Deng-Guo FengAuthors Info & Claims

Computer Standards & Interfaces, Volume 31, Issue 4

Pages 723 - 728

https://doi.org/10.1016/j.csi.2008.09.006

Published: 01 June 2009 Publication History

Abstract

Password authentication has been adopted as one of the most commonly used solutions in network environment to protect resources from unauthorized access. Recently, Lee-Kim-Yoo [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards & Interfaces 27 (2) (2005) 181-183] and Lee-Chiu [N.Y. Lee, Y.C. Chiu, Improved remote authentication scheme with smart card, Computer Standards & Interfaces 27 (2) (2005) 177-180] respectively proposed a smart card based password authentication scheme. We show that these two schemes are both subject to forgery attacks provided that the information stored in the smart card is disclosed by the adversary. We also propose an improved scheme with formal security proof.

References

[1]

Lamport, L., Password authentication with insecure communication. Communications of the ACM. v24 i11. 770-772.

Digital Library

Google Scholar

[2]

Haller, N., The S/KEY one-time password system. In: Proceedings of the ISOC Symposium on Network and Distributed System Security, pp. 151-157.

Google Scholar

[3]

Chen, C.M. and Ku, W.C., Stolen-verifier attack on two new strong-password authentication protocol. IEICE Transactions on Communications. vE85-B i11. 2519-2521.

Google Scholar

[4]

Kocher, P., Jaffe, J. and Jun, B., Differential power analysis. In: Proceedings of Advances in Cryptology (CRYPTO 99), pp. 388-397.

Digital Library

Google Scholar

[5]

Messerges, T.S., Dabbish, E.A. and Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers. v51 i5. 541-552.

Digital Library

Google Scholar

[6]

Chien, H.-Y., Jan, J.-K. and Tseng, Y.-M., An efficient and practical solution to remote authentication: smart card. Computers & Security. v21 i4. 372-375.

Google Scholar

[7]

Hsu, C.L., Security of Chien et al.'s remote user authentication scheme using smart cards. Computer Standards & Interfaces. v26 i3. 167-169.

Google Scholar

[8]

Lee, S.W., Kim, H.S. and Yoo, K.Y., Improvement of Chien et al.'s remote user authentication scheme using smart cards. Computer Standards & Interfaces. v27 i2. 181-183.

Google Scholar

[9]

Lee, N.Y. and Chiu, Y.C., Improved remote authentication scheme with smart card. Computer Standards & Interfaces. v27 i2. 177-180.

Google Scholar

[10]

Wu, S.T. and Chieu, B.C., A user friendly remote authentication scheme with smart cards. Computer & Security. v22 i6. 547-550.

Google Scholar

[11]

Bellare, M., Pointcheval, D. and Rogaway, P., Authenticated key exchange secure against dictionary attacks. In: Proceedings of Advances in Cryptology (EUROCRYPT 2000), pp. 139-155.

Digital Library

Google Scholar

Cited By

View all

Fan CKarati AWu S(2024)A Privacy-Aware Provably Secure Smart Card Authentication Protocol Based on Physically Unclonable FunctionsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.331767521:4(2766-2778)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3317675
Ramya SDoraipndian MAmirtharajan R(2023)LAPE2D: Lightweight Authentication Protocol to Secure End and Edge Devices in Iot FrameworkWireless Personal Communications: An International Journal10.1007/s11277-023-10539-5131:3(2217-2239)Online publication date: 9-Jun-2023
https://dl.acm.org/doi/10.1007/s11277-023-10539-5
Liu RWang XWang C(2022)An efficient two-factor authentication scheme based on negative databasesApplied Soft Computing10.1016/j.asoc.2022.108558119:COnline publication date: 1-Apr-2022
https://dl.acm.org/doi/10.1016/j.asoc.2022.108558
Show More Cited By

An improved smart card based password authentication scheme with provable security
1. Security and privacy
  1. Security services

Recommendations

Improved convertible authenticated encryption scheme with provable security

Convertible authenticated encryption (CAE) schemes allow a signer to produce an authenticated ciphertext such that only a designated recipient can decrypt it and verify the recovered signature. The conversion property further enables the designated ...
Improved Biometric-Based Three-factor Remote User Authentication Scheme with Key Agreement Using Smart Card
ICISS 2013: Proceedings of the 9th International Conference on Information Systems Security - Volume 8303

Remote user authentication is a very important mechanism in the network system to verify the correctness of remote user and server over the insecure channel. In remote user authentication, server and user mutually authenticate each other and draw a ...
Efficient certificateless proxy signature scheme with provable security

In this paper we propose a very efficient and provably secure proxy signature scheme with implicit certificate (called ''certificateless proxy signature scheme''), where a receiver does not have to verify a certificate before verifying a signed message, ...

Comments

Information & Contributors

Information

Published In

cover image Computer Standards & Interfaces

Computer Standards & Interfaces Volume 31, Issue 4

June, 2009

257 pages

ISSN:0920-5489

Issue’s Table of Contents

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 June 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

107
Total Citations
View Citations
1
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Fan CKarati AWu S(2024)A Privacy-Aware Provably Secure Smart Card Authentication Protocol Based on Physically Unclonable FunctionsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.331767521:4(2766-2778)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3317675
Ramya SDoraipndian MAmirtharajan R(2023)LAPE2D: Lightweight Authentication Protocol to Secure End and Edge Devices in Iot FrameworkWireless Personal Communications: An International Journal10.1007/s11277-023-10539-5131:3(2217-2239)Online publication date: 9-Jun-2023
https://dl.acm.org/doi/10.1007/s11277-023-10539-5
Liu RWang XWang C(2022)An efficient two-factor authentication scheme based on negative databasesApplied Soft Computing10.1016/j.asoc.2022.108558119:COnline publication date: 1-Apr-2022
https://dl.acm.org/doi/10.1016/j.asoc.2022.108558
Yuvaraj NRaja RKarthikeyan TPraghash K(2022)Improved Authentication in Secured Multicast Wireless Sensor Network (MWSN) Using Opposition Frog Leaping Algorithm to Resist Man-in-Middle AttackWireless Personal Communications: An International Journal10.1007/s11277-021-09209-1123:2(1715-1731)Online publication date: 1-Mar-2022
https://dl.acm.org/doi/10.1007/s11277-021-09209-1
Kumar VMahmoud MAlkhayyat ASrinivas JAhmad MKumari A(2022)RAPCHI: Robust authentication protocol for IoMT-based cloud-healthcare infrastructureThe Journal of Supercomputing10.1007/s11227-022-04513-478:14(16167-16196)Online publication date: 1-Sep-2022
https://dl.acm.org/doi/10.1007/s11227-022-04513-4
Zhai XWang J(2022)A multi-server biometric authentication scheme based on extended chaotic map for telecare medical information systemMultimedia Tools and Applications10.1007/s11042-022-13177-481:28(40159-40179)Online publication date: 1-Nov-2022
https://dl.acm.org/doi/10.1007/s11042-022-13177-4
Shukla SPatel S(2022)A novel ECC-based provably secure and privacy-preserving multi-factor authentication protocol for cloud computingComputing10.1007/s00607-021-01041-6104:5(1173-1202)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1007/s00607-021-01041-6
Anand DKhemchandani VSabharawal MCheikhrouhou OBen Fredj O(2021)Lightweight Technical Implementation of Single Sign-On Authentication and Key Agreement Mechanism for Multiserver Architecture-Based SystemsSecurity and Communication Networks10.1155/2021/99401832021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/9940183
Liu PShirazi SLiu WXie Y(2021)pKASSecurity and Communication Networks10.1155/2021/65717002021Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1155/2021/6571700
Azrour MMabrouki JChaganti R(2021)New Efficient and Secured Authentication Protocol for Remote Healthcare Systems in Cloud-IoTSecurity and Communication Networks10.1155/2021/55463342021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/5546334
Show More Cited By

Abstract

References

Cited By

Recommendations

Improved convertible authenticated encryption scheme with provable security

Improved Biometric-Based Three-factor Remote User Authentication Scheme with Key Agreement Using Smart Card

Efficient certificateless proxy signature scheme with provable security

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations