Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

  • S. Raghu Talluri
  • Swapnoneel Roy
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 28)

Abstract

In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Jiang et al., is a password-based authentication scheme. which does not use smart cards. We note that this scheme is an improvement over Chen et al.’s scheme shown vulnerable to the off-line dictionary attack by Jiang et al. We perform a cryptanalysis on Jiang at al.’s improved protocol and observe that it is prone to the clogging attack, a kind of denial of service (DoS) attack. We then suggest an improvement on the protocol to prevent the clogging attack.

The other protocol we consider for analysis is by Wang et al. This is a smart card based authentication protocol. We again perform the clogging (DoS) attack on this protocol via replay. We observe that all smart card based authentication protocols which precede the one by Wang et al., and require the server to compute the computationally intensive modular exponentiation are prone to the clogging attack. We suggest (another) improvement on the protocol to prevent the clogging attack, which also applies to the protocol by Jiang et. al.

Keywords

Authentication Protocols Smart Cards DoS Replay Attacks Clogging Attack 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Jiang, Q., Ma, J., Li, G., Ma, Z.: An Improved Password-Based Remote User Authentication Protocol without Smart Cards. Information Technology and Control 42(2) (2013)Google Scholar
  2. 2.
    Jiang, Q., Ma, J., Li, G., Ma, Z.: Improvement of Robust Smart-card-based Password Authentication Scheme. International Journal of Communication Systems (2013)Google Scholar
  3. 3.
    Wang, D., Ma, C.: Robust smart card based password authentication scheme against smart card security breach. Cryptology ePrint Archive (2013), http://eprint.iacr.org/2012/439
  4. 4.
    Chen, B.L., Kuo, W.C., Wuu, L.C.: A Secure Password-Based Remote User Authentication Scheme Without Smart Cards. Information Technology and Control 41(1) (2012)Google Scholar
  5. 5.
    Chen, B.L., Kuo, W.C., Wuu, L.C.: Robust Smart Card Based Remote Password Authentication Scheme. International Journal of Communication Systems (2012)Google Scholar
  6. 6.
    Rhee, H.S., Kwon, J.O., Lee, D.H.: A remote user authentication scheme without using smart cards. Computer Standards & Interfaces Archive 31(1) (2009)Google Scholar
  7. 7.
    Chen, T., Hsiang, H., Shih, W.: Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Generation Computer Systems 27(4), 377–380 (2011)CrossRefMATHGoogle Scholar
  8. 8.
    He, D., Chen, J., Hu, J.: Improvement on a smart card based password authentication scheme. Journal of Internet Technology 13(3), 38–42 (2012)Google Scholar
  9. 9.
    Juang, W.S., Chen, S.T., Liaw, H.T.: Robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics 55(6), 2551–2556 (2008)CrossRefGoogle Scholar
  10. 10.
    Li, C.T.: A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Information Security 7(1), 3–10 (2013)CrossRefGoogle Scholar
  11. 11.
    Sood, S.K.: Secure dynamic identity-based authentication scheme using smart cards. Information Security Journal: A Global Perspective 20(2), 67–77 (2011)Google Scholar
  12. 12.
    Orman, H.: The Oakley Key Determination Protocol. University of Arizona. TR 97 02Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • S. Raghu Talluri
    • 1
  • Swapnoneel Roy
    • 1
  1. 1.School of ComputingUniversity of North FloridaJacksonvilleUSA

Personalised recommendations