Enhanced Smart-Card-Based Authentication Scheme Providing Forward-Secure Key Agreement

  • Mahdi Asadpour
  • Behnam Sattarzadeh
  • Rasool Jalili

Abstract

Many smart-card-based remote authentication schemes have been proposed recently. In 2004, Yoon et al. presented an improved scheme which is the leading of a research track started from Sun, 2000. In this paper, we illustrate that Yoon et al.’s scheme is vulnerable to the parallel session attack and propose an enhancement of the scheme to resist that attack. In our scheme the parties further establish a forward-secure session key by employing only hash functions to protect the subsequent communications. We also demonstrate that our scheme has better security in comparison to other related works, while it does not incur much computational cost

Keywords

Authentication Parallel session attack Forward secrecy 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bellare M, Yee B (2003) Forward-security in private-key cryptography. Topics in Cryptology– CT-RSA, Lecture Notes in Computer Science 2612:1–18MathSciNetCrossRefGoogle Scholar
  2. 2.
    Chien HY, Jan JK, Tseng YM (2002) An efficient and practical solution to remote authentication: smart card. Computers&Security 21(4):372–375Google Scholar
  3. 3.
    Clark J, Jacob J (1996) Attacking authentication protocols. High Integrity Systems 1(5):465–474Google Scholar
  4. 4.
    Diffie W, Hellman M (1976) New directions in cryptography. IEEE Transactions on Information Theory 22(6):644–654MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Diffie W, Oorschot PCV, Wiener MJ (1992) Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2(2):107–125CrossRefMathSciNetGoogle Scholar
  6. 6.
    Hwang MS, Li LH (2000) A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(1):28–30CrossRefGoogle Scholar
  7. 7.
    Hwang T, Ku WC (1995) Reparable key distribution protocols for Internet environments. IEEE Transactions on Communications 43(5):1947–1949CrossRefGoogle Scholar
  8. 8.
    Juang WS (2004) Efficient password authenticated key agreement using smart cards. Computers&Security 23(2):167–173Google Scholar
  9. 9.
    Ku WC, Chen SM (2004) Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(1):204–207CrossRefGoogle Scholar
  10. 10.
    Lamport L (1981) Password authentication with insecure communication. Communications of the ACM 24(11):770–772CrossRefMathSciNetGoogle Scholar
  11. 11.
    Liao IE, Lee CC, Hwang MS (2006) A password authentication scheme over insecure networks. Journal of Computer and System Sciences 72(4):727–740MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Shieh WG, Wang JM (2006) Efficient remote mutual authentication and key agreement. Computers&Security 25(1):72–77Google Scholar
  13. 13.
    Stallings W (2005) Cryptography and network security. 4th ed. New Jersey, Prentice HallGoogle Scholar
  14. 14.
    Sun HM (2000) An efficient remote use authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(4):958–961CrossRefGoogle Scholar
  15. 15.
    Yoon EJ, Ryu EK, Yoo KY (2004) Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(2):612–614CrossRefGoogle Scholar

Copyright information

© Springer 2007

Authors and Affiliations

  • Mahdi Asadpour
    • 1
  • Behnam Sattarzadeh
    • 1
  • Rasool Jalili
    • 1
  1. 1.Department of Computer EngineeringSharif University of TechnologyTehranIran

Personalised recommendations