Security Analysis of an Efficient Smart Card-Based Remote User Authentication Scheme Using Hash Function

  • Ashok Kumar Das
  • Vanga Odelu
  • Adrijit Goswami
Part of the Communications in Computer and Information Science book series (CCIS, volume 377)


In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics and the smart card have been proposed in the literature. In 2012, Sonwanshi et al. proposed a password-based remote user authentication scheme using smart card, which uses the hash function and bitwise XOR operation. Their scheme is very efficient because of the usage of efficient one-way hash function and bitwise XOR operations. They claimed that their scheme is secure against several known attacks. Unfortunately, in this paper we find that their scheme has several vulnerabilities including the offline password guessing attack and stolen smart card attack. In addition, we show that their scheme fails to protect strong replay attack.


Cryptanalysis Password Remote user authentication Smart card Security Hash function 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Secure Hash Standard, FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce (April 1995)Google Scholar
  2. 2.
    Das, A.K.: Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security 5(3), 145–151 (2011)CrossRefGoogle Scholar
  3. 3.
    Das, A.K.: Cryptanalysis and further improvement of a biometric-based remote user authentication scheme using smart cards. International Journal of Network Security & Its Applications 3(2), 13–28 (2011)CrossRefGoogle Scholar
  4. 4.
    Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(1), 28–30 (2000)CrossRefGoogle Scholar
  5. 5.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Li, C.T., Hwang, M.S.: An efficient biometric-based remote authentication scheme using smart cards. Journal of Network and Computer Applications 33, 1–5 (2010)CrossRefGoogle Scholar
  7. 7.
    Li, C.-T., Lee, C.-C., Liu, C.-J., Lee, C.-W.: A Robust Remote User Authentication Scheme against Smart Card Security Breach. In: Li, Y. (ed.) DBSec. LNCS, vol. 6818, pp. 231–238. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Sonwanshi, S.S., Ahirwal, R.R., Jain, Y.K.: An Efficient Smart Card based Remote User Authentication Scheme using hash function. In: Proceedings of IEEE SCEECS 2012, pp. 1–4 (March 2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Ashok Kumar Das
    • 1
  • Vanga Odelu
    • 2
  • Adrijit Goswami
    • 3
  1. 1.Center for Security, Theory and Algorithmic ResearchInternational Institute of Information TechnologyHyderabadIndia
  2. 2.Department of MathematicsRajiv Gandhi University of Knowledge TechnologiesHyderabadIndia
  3. 3.Department of MathematicsIndian Institute of TechnologyKharagpurIndia

Personalised recommendations