Skip to main content
SpringerLink
Log in

Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards

  • Conference paper
  • First Online:
Information Security

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7807))

Abstract

The design of secure and efficient smart-card-based password authentication schemes remains a challenging problem today despite two decades of intensive research in the security community, and the current crux lies in how to achieve truly two-factor security even if the smart cards can be tampered. In this paper, we analyze two recent proposals, namely, Hsieh-Leu’s scheme and Wang’s PSCAV scheme. We show that, under their non-tamper-resistance assumption of the smart cards, both schemes are still prone to offline dictionary attack, in which an attacker can obtain the victim’s password when getting temporary access to the victim’s smart card. This indicates that compromising a single factor (i.e., the smart card) of these two schemes leads to the downfall of both factors (i.e., both the smart card and the password), thereby invalidating their claim of preserving two-factor security. Remarkably, our attack on the latter protocol, which is not captured in Wang’s original protocol security model, reveals a new attacking scenario and gives rise to the strongest adversary model so far. In addition, we make the first attempt to explain why smart cards, instead of common cheap storage devices (e.g., USB sticks), are preferred in most two-factor authentication schemes for security-critical applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that the terms “protocol” and “scheme” will be used interchangeably thereafter.

  2. 2.

    Hereafter, we use “USB sticks” and “common memory devices" interchangeably. In this work, we do not consider hybrid devices like Trust Extension Devices [1].

  3. 3.

    This ambiguity and our suggested remedy have been confirmed by the author of [54], and he earns our deep respect for his frankly and quickly acknowledgement.

References

  1. Asokan, N., Ekberg, J.-E., Kostiainen, K.: The untapped potential of trusted execution environments on mobile devices. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 293–294. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  2. Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)

    Article  Google Scholar 

  3. Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of IEEE S&P 1992, pp. 72–84. IEEE (1992)

    Google Scholar 

  4. Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of ACM CCS 2012, pp. 833–844. ACM (2012)

    Google Scholar 

  5. Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: Proceedings of IEEE S&P 2012, pp. 538–552. IEEE Computer Society (2012)

    Google Scholar 

  6. Boyd, C., Montague, P., Nguyen, K.: Elliptic curve based password authenticated key exchange protocols. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, p. 487. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  8. Burr, W., Dodson, D., Perlner, R., Polk, W., Gupta, S., Nabbus, E.: NIST Special Publication 800–63-1: Electronic Authentication Guideline. National Institute of Standards and Technology, Gaithersburg (2011)

    Book  Google Scholar 

  9. Chang, C.C., Wu, T.C.: Remote password authentication with smart cards. IEE Proc. Comput. Digital Tech. 138(3), 165–168 (1991)

    Article  Google Scholar 

  10. Chen, B.L., Kuo, W.C., Wuu, L.C.: A secure password-based remote user authentication scheme without smart cards. Inf. Technol. Control 41(1), 53–59 (2012)

    Google Scholar 

  11. Chen, B.L., Kuo, W.C., Wuu, L.C.: Robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27(2), 377–389 (2014)

    Article  Google Scholar 

  12. Chen, T.H., Hsiang, H.C., Shih, W.K.: Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Gener. Comput. Syst. 27(4), 377–380 (2011)

    Article  MATH  Google Scholar 

  13. Constantin, L.: Sony stresses that PSN passwords were hashed. Online news (2011). http://news.softpedia.com/news/Sony-Stresses-PSN-Passwords-Were-Hashed-198218.shtml

  14. Das, M.L.: Two-factor user authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 8(3), 1086–1090 (2009)

    Article  Google Scholar 

  15. Das, M., Saxena, A., Gulati, V.: A dynamic id-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2), 629–631 (2004)

    Article  Google Scholar 

  16. Dazzlepod Inc.: CSDN cleartext passwords. Online news (2013). http://dazzlepod.com/csdn/

  17. Degabriele, J.P., Paterson, K., Watson, G.: Provable security in the real world. IEEE Secur. Priv. 9(3), 33–41 (2011)

    Article  Google Scholar 

  18. Dell’Amico, M., Michiardi, P., Roudier, Y.: Password strength: an empirical analysis. In: Proceedings of INFOCOM 2010, pp. 1–9. IEEE (2010)

    Google Scholar 

  19. Drimer, S., Murdoch, S.J., Anderson, R.: Thinking inside the box: system-level failures of tamper proofing. In: Proceedings IEEE S&P 2008, pp. 281–295. IEEE (2008)

    Google Scholar 

  20. Fan, C., Chan, Y., Zhang, Z.: Robust remote authentication scheme with smart cards. Comput. Secur. 24(8), 619–628 (2005)

    Article  Google Scholar 

  21. Focus Technology Co., Ltd: Prices for 1GB Usb Flash Drive (2013). http://www.made-in-china.com/products-search/hot-china-products/1gb_Usb_Flash_Drive.html

  22. Hao, F.: On robust key agreement based on public key authentication. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 383–390. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  23. He, D., Ma, M., Zhang, Y., Chen, C., Bu, J.: A strong user authentication scheme with smart cards for wireless communications. Comput. Commun. 34(3), 367–374 (2011)

    Article  Google Scholar 

  24. Hsiang, H., Shih, W.: Weaknesses and improvements of the yoon-ryu-yoo remote user authentication scheme using smart cards. Comput. Commun. 32(4), 649–652 (2009)

    Article  Google Scholar 

  25. Hsieh, W., Leu, J.: Exploiting hash functions to intensify the remote user authentication scheme. Comput. Secur. 31(6), 791–798 (2012)

    Article  Google Scholar 

  26. Juang, W.S., Chen, S.T., Liaw, H.T.: Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Industr. Electron. 55(6), 2551–2556 (2008)

    Article  Google Scholar 

  27. Katz, J., Ostrovsky, R., Yung, M.: Efficient and secure authenticated key exchange using weak passwords. J. ACM 57(1), 1–41 (2009)

    Article  MathSciNet  Google Scholar 

  28. Khan, M., Kim, S.: Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput. Commun. 34(3), 305–309 (2011)

    Article  Google Scholar 

  29. Kim, T.H., Kim, C., Park, I.: Side channel analysis attacks using am demodulation on commercial smart cards with seed. J. Syst. Soft. 85(12), 2899–2908 (2012)

    Article  Google Scholar 

  30. Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  31. Li, X., Qiu, W., Zheng, D., Chen, K., Li, J.: Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57(2), 793–800 (2010)

    Article  Google Scholar 

  32. Long, J.: No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing. Syngress, Burlington (2011)

    Google Scholar 

  33. Ma, C.G., Wang, D., Zhao, S.: Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. 27(10), 2215–2227 (2014)

    Article  Google Scholar 

  34. Madhusudhan, R., Mittal, R.: Dynamic id-based remote user password authentication schemes using smart cards: a review. J. Netw. Comput. Appl. 35(4), 1235–1248 (2012)

    Article  Google Scholar 

  35. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)

    Google Scholar 

  36. Menezes, A.: Another look at HMQV. J. Math. Cryptol. 1(1), 47–64 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  37. Menezes, A.: Another look at provable security. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 8–8. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  38. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  39. Moradi, A., Barenghi, A., Kasper, T., Paar, C.: On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs. In: Proceedings of ACM CCS 2011, pp. 111–124. ACM (2011)

    Google Scholar 

  40. Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and pin is broken. In: Proceedings of IEEE Security & Privacy 2010, pp. 433–446. IEEE Computer Society (2010)

    Google Scholar 

  41. Naccache, D.: National security, forensics and mobile communications. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 1–1. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  42. Nohl, K., Evans, D., Starbug, S., Plötz, H.: Reverse-engineering a cryptographic rfid tag. In: Proceedings of USENIX Security 2008, pp. 185–193. USENIX Association (2008)

    Google Scholar 

  43. Pointcheval, D.: Password-based authenticated key exchange. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 390–397. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  44. Rhee, H.S., Kwon, J.O., Lee, D.H.: A remote user authentication scheme without using smart cards. Comput. Stan. Interfaces 31(1), 6–13 (2009)

    Article  Google Scholar 

  45. Scott, M.: Replacing username/password with software-only two-factor authentication. Technical report, Cryptology ePrint Archive, Report 2012/148 (2012). http://eprint.iacr.org/2012/148.pdf

  46. Shamus Software Ltd.: Miracl library (2013). http://www.shamus.ie/index.php?page=home

  47. Smart Card Alliance: Philips Advances Smart Card Security for Mobile Applications (2013). http://www.ceic-cn.org/files/NXP2006zcard.pdf

  48. Son, K., Han, D., Won, D.: A privacy-protecting authentication scheme for roaming services with smart cards. IEICE Trans. Commun. 95(5), 1819–1821 (2012)

    Article  Google Scholar 

  49. Song, R.: Advanced smart card based password authentication protocol. Comput. Stand. Interfaces 32(5), 321–325 (2010)

    Article  Google Scholar 

  50. Sun, D.Z., Huai, J.P., Sun, J.Z.: Improvements of juang et al’.s password-authenticated key agreement scheme using smart cards. IEEE Trans. Industr. Electron. 56(6), 2284–2291 (2009)

    Article  Google Scholar 

  51. Wang, D., Ma, C., Wu, P.: Secure password-based remote user authentication scheme with non-tamper resistant smart cards. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 114–121. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  52. Wang, D., Ma, C., Wang, P., Chen, Z.: Robust smart card based password authentication scheme against smart card security breach. In: Cryptology ePrint Archive, Report 2012/439 (2012). http://eprint.iacr.org/2012/439.pdf

  53. Wang, Y., Liu, J., Xiao, F., Dan, J.: A more efficient and secure dynamic id-based remote user authentication scheme. Comput. Commun. 32(4), 583–585 (2009)

    Article  Google Scholar 

  54. Wang, Y.: Password protected smart card and memory stick authentication against off-line dictionary attacks. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 489–500. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  55. Wu, S.H., Zhu, Y.F., Pu, Q.: Robust smart-cards-based user authentication scheme with user anonymity. Secur. Commun. Netw. 5(2), 236–248 (2012)

    Article  Google Scholar 

  56. Wu, T.: A real-world analysis of kerberos password security. In: Proceedings of NDSS 1999, pp. 13–22. Internet Society (1999)

    Google Scholar 

  57. Xu, J., Zhu, W., Feng, D.: An improved smart card based password authentication scheme with provable security. Comput. Stand. Inter. 31(4), 723–728 (2009)

    Article  Google Scholar 

  58. Xue, K., Hong, P., Ma, C.: A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J. Comput. Syst. Sci, 80(1), 195–206 (2014)

    Article  MATH  MathSciNet  Google Scholar 

  59. Yang, G., Wong, D., Wang, H., Deng, X.: Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7), 1160–1172 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  60. Zhao, Z., Dong, Z., Wang, Y.G.: Security analysis of a password-based authentication protocol proposed to IEEE 1363. Theoret. Comput. Sci. 352(1), 280–287 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  61. Zhao, Z., Wang, Y.G.: Secure communication and authentication against off-line dictionary attacks in smart grid systems (2013). http://coitweb.uncc.edu/yonwang/papers/smartgridfull.pdf

Download references

Acknowledgment

The corresponding author is Ping Wang. We are grateful to Prof. Yongge Wang from UNC Charlotte, USA, for the constructive discussions and Prof. David Naccache for referring us to [41]. This research was partially supported by the National Natural Science Foundation of China under No. 61472016.

Author information

Authors and Affiliations

  1. School of EECS, Peking University, Beijing, 100871, China

    Ding Wang

  2. National Engineering Research Center for Software Engineering, Beijing, 100871, China

    Ding Wang & Ping Wang

  3. School of Software and Microelectronics, Peking University, Beijing, 100260, China

    Ping Wang

Authors
  1. Ding Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ping Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ding Wang .

Editor information

Editors and Affiliations

  1. University of Texas at Dallas, Richardson, Texas, USA

    Yvo Desmedt

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Wang, D., Wang, P. (2015). Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards. In: Desmedt, Y. (eds) Information Security. Lecture Notes in Computer Science(), vol 7807. Springer, Cham. https://doi.org/10.1007/978-3-319-27659-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27659-5_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27658-8

  • Online ISBN: 978-3-319-27659-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation