Advertisement

Cryptanalysis and Improvement of an ECC-Based Password Authentication Scheme Using Smart Cards

  • Cheng-Chi Lee
  • Chun-Ta Li
  • Chi-Yao Weng
  • Jian-Jhong Jheng
  • Xiao-Qian Zhang
  • Yi-Rui Zhu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8300)

Abstract

Remote password authentication has been widely used in network systems and it aims to provide secure remote access control. In 2013, Li proposed a novel password authentication scheme based on elliptic curve cryptography and smart card [17]. However, we found that Li’s authentication scheme has a serious security problem in that all registered users’ sensitive passwords can be easily derived by the privileged-insider of remote server. Therefore, in this paper, we propose a slight modification on Li’s scheme to prevent the shortcomings. Our improved scheme not only inherits the advantages of Li’s password authentication scheme but also remedies the serious security weakness of not being able to withstand insider attack.

Keywords

Cryptanalysis Elliptic curve cryptography (ECC) Password authentication Insider attack Smart card 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chang, C.C., Lee, C.Y.: A smart card-based authentication scheme uing user identify cryptography. International Journal of Network Security 15(2), 139–147 (2013)Google Scholar
  2. 2.
    Das, A.K.: Improving identity-based random key establishment scheme for large-scale hierarchical wireless sensor networks. International Journal of Network Security 14(1), 1–21 (2012)Google Scholar
  3. 3.
    He, D., Zhao, W., Wu, S.: Security analysis of a dynamic ID-based authentication scheme for multi-server environment using smart cards. International Journal of Network Security 15(5), 350–356 (2013)Google Scholar
  4. 4.
    Islam, S.H., Biswas, G.P.: Design of improved password authentication and update scheme based on elliptic curve cryptography. Mathematical and Computer Modelling 57(11-12), 2703–2717 (2013)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Kar, J.: ID-based deniable authentication protocol based on Diffie-Hellman problem on elliptic curve. International Journal of Network Security 15(5), 357–364 (2013)Google Scholar
  6. 6.
    Kim, S.K., Chung, M.G.: More secure remote user authentication scheme. Computer Communications 32(6), 1018–1021 (2009)CrossRefGoogle Scholar
  7. 7.
    Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Lee, C.C., Chen, C.L., Wu, C.Y., Huang, S.Y.: An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dynamics 69(1-2), 79–87 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Lee, C.C., Hsu, C.W.: A secure biometric-based remote user authentication with key agreement protocol using extended chaotic maps. Nonlinear Dynamics 71(1-2), 201–211 (2013)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Lee, C.C., Li, C.T., Hsu, C.W.: A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dynamics 73(1-2), 125–132 (2013)CrossRefMathSciNetGoogle Scholar
  11. 11.
    Lee, C.C., Chen, C.T., Li, C.T., Wu, P.H.: A practical RFID authentication mechanism for digital television. Telecommunication Systems (article in press, 2013)Google Scholar
  12. 12.
    Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 33(1), 1–5 (2010)CrossRefGoogle Scholar
  13. 13.
    Li, C.T., Hwang, M.S.: An online biometrics-based secret sharing scheme for multiparty cryptosystem using smart cards. International Journal of Innovative Computing, Information and Control 6(5), 2181–2188 (2010)Google Scholar
  14. 14.
    Li, C.T.: Secure smart card based password authentication scheme with user anonymity. Information Technology and Control 40(2), 157–162 (2011)CrossRefGoogle Scholar
  15. 15.
    Li, C.T., Lee, C.C.: A robust remote user authentication scheme using smart card. Information Technology and Control 40(3), 236–245 (2011)CrossRefGoogle Scholar
  16. 16.
    Li, C.T., Lee, C.C.: A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling 55(1-2), 35–44 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Li, C.T.: A new password authentication and user anonymity scheme Based on elliptic curve cryptography and smart card. IET Information Security 7(1), 3–10 (2013)CrossRefGoogle Scholar
  18. 18.
    Li, C.T., Lee, C.C., Weng, C.Y., Fan, C.I.: An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Transactions on Internet and Information Systems 7(1), 119–131 (2013)Google Scholar
  19. 19.
    Li, C.T., Weng, C.Y., Lee, C.C.: An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks. Sensors 13(8), 9589–9603 (2013)CrossRefGoogle Scholar
  20. 20.
    Li, C.T., Lee, C.C., Weng, C.Y.: An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dynamics (article in press, 2013)Google Scholar
  21. 21.
    Liao, I.E., Lee, C.C., Hwang, M.S.: A password authentication scheme over insecure networks. Journal of Computer and System Sciences 72(4), 727–740 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Naveed, M., Habib, W., Masud, U., Ullah, U., Ahmad, G.: Reliable and low cost RFID based authentication system for large scale deployment. International Journal of Network Security 14(3), 173–179 (2012)Google Scholar
  23. 23.
    Kumar, M.: A new secure remote user authentication scheme with smart cards. International Journal of Network Security 11(2), 88–93 (2010)Google Scholar
  24. 24.
    Ramasamy, R., Muniyandi, A.P.: An efficient password authentication scheme for smart card. International Journal of Network Security 14(3), 180–186 (2012)Google Scholar
  25. 25.
    National Institute of Standards and Technology, US department of commerce, secure hash standard. US Federal Information Processing Standard Publication, 180–182 (2002)Google Scholar
  26. 26.
    Yang, L., Ma, J.F., Jiang, Q.: Mutual authentication scheme with smart cards and password under trusted computing. International Journal of Network Security 14(3), 156–163 (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Cheng-Chi Lee
    • 1
    • 2
  • Chun-Ta Li
    • 3
  • Chi-Yao Weng
    • 4
  • Jian-Jhong Jheng
    • 3
  • Xiao-Qian Zhang
    • 3
  • Yi-Rui Zhu
    • 3
  1. 1.Department of Library and Information ScienceFu Jen Catholic UniversityNew Taipei CityTaiwan (R.O.C.)
  2. 2.Department of Photonics and Communication EngineeringAsia UniversityTaichung CityTaiwan (R.O.C.)
  3. 3.Department of Information ManagementTainan University of TechnologyTainan CityTaiwan (R.O.C.)
  4. 4.Department of Computer ScienceNational Tsing Hua UniversityHsinchu CityTaiwan (R.O.C.)

Personalised recommendations