Abstract
Authentication is a very important ingredient service for the network system to verify whether a remote user is legal through any insecure channel. Recently, Hsiang and Shih proposed a remote user authentication scheme as an improved scheme over Yoon-Ryu-Yoo’s, and asserted that their scheme could escape from masquerade attack, parallel session attack, etc. In this paper, we show that Hsiang and Shih’s scheme still suffers from parallel session attack. To mend the problem, we offer a procedure to improve Hsiang and Shih’s scheme. Consequently, our scheme is suitable for applications with higher secure requirement.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Chien, H., Jan, J., Tseng, Y.: An efficient and practical solution to remote authentication smart card. Computers & Security 21(4), 372–375 (2002)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory IT-21(6), 644–654 (1976)
Duan, X., Liu, J., Zhang, Q.: Security improvement on Chien Et Al.’s remote user authentication scheme using smart cards. In: The 2006, IEEE International Conference on Computational Intelligence and Security (CIS 2006), vol. 2, pp. 1133–1135 (2006)
Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Trans. Inf. Syst. Secur. 2(3), 230–268 (1999)
Hsiang, H., Shih, W.: Weaknesses and improvements of the YoonRyuYoo remote user authentication scheme using smart cards. Computer Communications 32(4), 649–652
Hwang, M., Li, L.: A new remote user authentication scheme using smart card. IEEE Transactions on Consumer Electronics 46(1), 28–30 (2000)
Hwang, T., Chen, Y., Laih, C.: Non-interactive password authentication without password tables. In: IEEE region 10 conference on computer and communication system, September 1990, vol. 1, pp. 429–431 (1990)
Hwang, T., Ku, W.: Reparable key distribution protocols for Internet environments. IEEE Trans. Consum. Electron. 43(5), 1947–1949 (1995)
Joux, A.: A One Round Protocol for Tripartite Diffie–Hellman. J. Cryptology 17, 263–276 (2004), doi:10.1007/s00145-004-0312-y
Ku, W., Chen, S.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)
Ku, W., Chen, C., Lee, H.: Cryptanalysis of a variant of Peyravian–Zunic’s password authentication scheme. IEICE Transactions on Communication E86-B(5), 1682–1684 (2003)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Lee, W., Chang, C.: User identification and key distribution maintaining anonymity for distributed computer network. Comput. Syst. Sci. 15(4), 211–214 (2000)
Lennon, R., Matyas, S., Mayer, C.: Cryptographic authentication of time invariant quantities. IEEE Transactions on Communications 29(6), 773–777 (1981)
Liao, I., Lee, C., Hwang, M.: A password authentication scheme over insecure networks. J. Comput. System Sci. 72(4), 727–740 (2006)
Mitchell, C.: Limitations of challenge-response entity authentication. Electronic Letters 25(17), 1195–1196 (1989)
Sun, H.: An efficient remote use authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(4), 958–961 (2000)
Yang, G., Wong, D., Wang, H., Deng, X.: Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences (May 15, 2008) (in press) (corrected Proof)
Yen, S., Liao, K.: Shared authentication token secure against replay and weak key attack. Information Processing Letters, 78–80 (1997)
Yoon, E., Ryu, E., Yoo, K.: Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(2), 612–614 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, TH., Hsiang, HC., Shih, WK. (2010). Security Improvement on a Remote User Authentication Scheme Using Smart Cards. In: Bandyopadhyay, S.K., Adi, W., Kim, Th., Xiao, Y. (eds) Information Security and Assurance. ISA 2010. Communications in Computer and Information Science, vol 76. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13365-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-13365-7_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13364-0
Online ISBN: 978-3-642-13365-7
eBook Packages: Computer ScienceComputer Science (R0)