Two Efficient and Secure Authentication Schemes Using Smart Cards

  • Youngsook Lee
  • Junghyun Nam
  • Seungjoo Kim
  • Dongho Won
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3984)


A mutual authentication scheme is a two-party protocol designed to allow the communicating parties to confirm each other’s identity over a public, insecure network. Passwords provide the most convenient means of authentication because they are easy for humans to remember. Whilst there have been many proposals for password authentication, they are vulnerable to various attacks and are neither efficient, nor user friendly. In this paper we propose two new password authentication schemes making use of smart cards: the timestamp-based authentication scheme (TBAS) and the nonce-based authentication scheme (NBAS). Both TBAS and NBAS provide many desirable features: (1) they do not require the server to maintain a password table for verifying the legitimacy of login users; (2) they allow users to choose their passwords according to their liking and hence give more user convenience; (3) they are extremely efficient in terms of the computational cost since the protocol participants perform only a few hash function operations; and (4) they achieve mutual authentication between the remote user and the server. In addition, NBAS does not require synchronized clocks between the remote user and the server.


Authentication scheme mutual authentication password smart card 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anti-Phishing Working Group,
  2. 2.
    Bellovin, S.M., Merritt, M.: Limitations of the Kerberos authentication system. ACM Computer Communication Review 20(5), 119–132 (1990)CrossRefGoogle Scholar
  3. 3.
    Bird, R., Gopal, I., Herzberg, A., Janson, P.A., Kutten, S., Molva, R., Yung, M.: Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)CrossRefGoogle Scholar
  4. 4.
    Carlsen, U.: Cryptographic protocol flaws: know your enemy. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop, pp. 192–200 (1994)Google Scholar
  5. 5.
    Chang, C.-C., Wu, T.-C.: Remote password authentication with smart cards. IEE Proceedings E - Computers and Digital Techniques 138(3), 165–168 (1991)CrossRefGoogle Scholar
  6. 6.
    Chien, H.-Y., Jan, J.-K., Tseng, Y.-M.: An efficient and practical solution to remote authentication: smart card. Computers & Security 21(4), 372–375 (2002)CrossRefGoogle Scholar
  7. 7.
    Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchange. Designs, Codes and Cryptography 2(2), 107–125 (1992)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Gong, L.: A security risk of depending on synchronized clocks. ACM SIGOPS Operating Systems Review 26(1), 49–53 (1992)CrossRefGoogle Scholar
  9. 9.
    Hsu, C.-L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces 26(3), 167–169 (2004)CrossRefGoogle Scholar
  10. 10.
    Hwang, M.-S., Li, L.-H.: A new remote user authentication scheme using smart cards. IEEE Trans. on Consumer Electronics 46(1), 28–30 (2000)CrossRefGoogle Scholar
  11. 11.
    Ku, W.-C., Chang, S.-T., Chiang, M.-H.: Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Trans. on Commmunications E88-B(8), 3451–3454 (2005)Google Scholar
  12. 12.
    Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1995)zbMATHCrossRefGoogle Scholar
  14. 14.
    Sun, H.-M.: An efficient remote user authentication scheme using smart cards. IEEE Trans. on Consumer Electronics 46(4), 958–961 (2000)CrossRefGoogle Scholar
  15. 15.
    Yang, W.-H., Shieh, S.-P.: Password authentication schemes with smart card. Computers & Security 18(8), 727–733 (1999)CrossRefGoogle Scholar
  16. 16.
    Yoon, E.-J., Kim, W.-H., Yoo, K.-Y.: Security enhancement for password authentication schemes with smart cards. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 90–99. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Yoon, E.-J., Ryu, E.-K., Yoo, K.-Y.: An Improvement of Hwang-Lee-Tang’s simple remote user authentication scheme. Computers & Security 24(1), 50–56 (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Youngsook Lee
    • 1
  • Junghyun Nam
    • 1
  • Seungjoo Kim
    • 1
  • Dongho Won
    • 1
  1. 1.Information Security GroupSungkyunkwan UniversityKorea

Personalised recommendations