Skip to main content
SpringerLink
Log in

Cryptanalysis of Enhancements of a Password Authentication Scheme over Insecure Networks

  • Conference paper
Contemporary Computing (IC3 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 168))

Included in the following conference series:

Abstract

In 2005, Liao et al. pointed out some weaknesses in Das et al.’s dynamic ID-based scheme. They proposed a slight modification to Das et al.’s scheme to improve its weaknesses. In 2008, Gao-Tu, and in 2010, Sood et al., found vulnerabilities in Liao et al.’s scheme; and independently proposed its security enhanced versions. However, we identify that Gao-Tu’s scheme is insecure against user impersonation attack, server counterfeit attack, man in the middle attack, server’s resource exhaustion attack and does not provide session key agreement. We also demonstrate that Sood et al.’s scheme is still vulnerable to malicious user attack in different ways and user’s password is revealed to the server. Besides both the schemes have no provision for revocation of lost or stolen smart card. Our cryptanalysis results are important for security engineers, who are responsible for the design and development of smart card-based user authentication systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chang, C.C., Wu, T.C.: Remote Password Authentication with Smart Cards. IEE Proceedings-E 138(3), 165–168 (1991)

    Google Scholar 

  2. Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme using Smart Cards. IEEE Trans. on Cons. Elect. 46(1), 28–30 (2000)

    Article  Google Scholar 

  3. Juang, W.S.: Efficient Password Authenticated Key Agreement using Smart Cards. Computers and Security 23(2), 167–173 (2004)

    Article  Google Scholar 

  4. Fan, C.I., Chan, Y.C., Zhang, Z.K.: Robust Remote Authentication Scheme with Smart Cards. Computers and Security 24(8), 619–628 (2005)

    Article  Google Scholar 

  5. Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Trans. on Cons. Elect. 50(2), 629–631 (2004)

    Article  Google Scholar 

  6. Liao, I.E., Lee, C.C., Hwang, M.S.: Security enhancement for a dynamic ID-based remote user authentication scheme. In: International Conference on Next Generation Web Services Practices, pp. 437–440. IEEE CS Press, Los Alamitos (2005)

    Chapter  Google Scholar 

  7. Chien, H.Y., Chen, C.H.: A Remote Authentication Scheme Preserving User Anonymity. In: Proc. 19th Inter. Conf. Advd. Infmn. Netw. and Applns.,Taipei, Taiwan, vol. 2, pp. 245–248 (2005)

    Google Scholar 

  8. Zhang, X., Feng, Q.Y., Li, M.: A Modified Dynamic ID-Based Remote User Authentication Scheme. In: Proc. of Inter. Conf. on Communcs. Circuits and Syst., vol. 3, pp. 1602–1604 (2006)

    Google Scholar 

  9. Misbahuddin, M., Ahmed, M.A., Rao, A.A., Bindu, C.S., Khan, M.A.M.: A Novel Dynamic-ID Based Remote User Authentication Scheme. In: Annual India Conf., pp. 1–5 (2006)

    Google Scholar 

  10. Liao, I.E., Lee, C.C., Hwang, M.S.: A Password Authentication Scheme over Insecure Networks. Journal of Computer and System Sciences 72, 727–740 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  11. Gao, Z.X., Tu, Y.Q.: An Improvement of a Dynamic ID-Based Remote User Authentication Scheme with Smart Card. In: Proc. Of the 7th World Congress on Intelligent Control and Automation, pp. 4562–4567 (2008)

    Google Scholar 

  12. Sood, S.K., Sarjee, A.K., Singh, K.: An Improvement of Liao et al.’s Authentication Scheme using Smart Card. In: IEEE 2nd International Advance Computing Conf., pp. 240–245 (2010)

    Google Scholar 

  13. Ku, W.C., Chang, S.T.: Impersonation Attack On A Dynamic ID-Based Remote User Authentication Scheme using Smart Cards. IEICE Transactions on Communications E88-B(5), 2165–2167 (2005)

    Article  Google Scholar 

  14. Manoj, K.: On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme, Cryptology ePrint Archive: a publication of The International Association for Cryptologic Research (IACR), Santa Rosa Administrative Center, University of California, Santa Barbara, CA, 93106-6120, USA, Report (2009), http://www.eprint.iacr.org/2009/560

  15. Manoj, K., Gupta, M.K., Kumari, S.: A Remote Login Authentication Scheme with Smart Cards Based on Unit Sphere. Indian Journal of Computer Science and Engineering 11(3), 192–198 (2010) ISSN: 0976-5166

    Google Scholar 

  16. Manoj, K.: Security Vulnerabilities of a Novel Remote User Authentication Scheme Using Smart Card Based on ECDLP. Contemporary Computing, Communications in Computer and Information Science 95(5), 252–259 (2010) ISSN: 1865-0929

    Google Scholar 

  17. Manoj, K.: An Enhanced remote user authentication scheme with smart cards. International Journal of Network Security 10(3) (2010) ISSN 1816-353X (Print) ISSN 1816-3548 (Online)

    Google Scholar 

  18. Manoj, K.: A New Secure Remote User Authentication Scheme with Smart Cards. International Journal of Network Security 11(2), 88–93 (2010) ISSN 1816-353X (Print), ISSN 1816-3548(Online)

    Google Scholar 

  19. Manoj, K.: New Remote User Authentication Scheme with Smart Cards. IEEE Trans. Consumer Electronic 50(2), 597–600 (2004) ISSN: 0098-3063

    Article  Google Scholar 

  20. Manoj, K.: Some Remarks on a Remote User Authentication Scheme Using Smart Cards with Forward Secrecy. IEEE Trans. Consumer Electronic 50(2), 615–618 (2004) ISSN: 0098-3063

    Article  Google Scholar 

  21. Yeh, K.-H., et al.: Two Robust Remote User Authentication Protocols Using Smart Cards. Journal of System and Software (2010), doi:10.1016/j.jss.2010.07.062

    Google Scholar 

  22. Wang, Y.Y., Liu, J.Y., Xiao, F.X., Dan, J.: A More Efficient and Secure Dynamic ID-based Remote User Authentication Scheme. Computer Communications 32, 583–585 (2009)

    Article  Google Scholar 

  23. Hsiang, H.C., Shih, W.K.: Weaknesses and Improvements of the Yoon–Ryu–Yoo Remote User Authentication Scheme Using Smart Cards. Computer Communications 32, 649–652 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, R. K. College, Shamli, Muzaffarnagar, Uttar Pradesh, India

    Manoj Kumar

  2. Department of Mathematics, Choudhary Charan Singh University, Meerut, Uttar Pradesh, India

    Mridul Kumar Gupta

  3. Department of Mathematics, Agra College, Agra, Uttar Pradesh, India

    Saru Kumari

Authors
  1. Manoj Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mridul Kumar Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Iowa State University and IIT Bombay, India, 329 Durham, Ames, IA 5001, Iowa, USA

    Srinivas Aluru

  2. Indian Statistical Institute, 203 B.T. Road, 700 108, Kolkata, West Bengal, India

    Sanghamitra Bandyopadhyay

  3. The Ohio State University, 3190 Graves Hall, 333 W 10th Ave, 43210, Columbus, OH, USA

    Umit V. Catalyurek

  4. Department of Computing Science, Chalmers University, Rännvagen 6B, 412 96, Göteborg, Sweden

    Devdatt P. Dubhashi

  5. Dept. of Electrical and Computer Engineering, Iowa State University, 329 Durham, IA 50011, Ames, USA

    Phillip H. Jones

  6. TASSL, Dept. of Electrical & Computer Engineering, Rutgers, The State University of New Jersey, Brett Road, NJ 08854-8058, Piscataway, USA

    Manish Parashar

  7. School of Computer Engineering, Nanyang Technological University, N4-02a-32 Nanyang Ave, 639798, Singapore

    Bertil Schmidt

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kumar, M., Gupta, M.K., Kumari, S. (2011). Cryptanalysis of Enhancements of a Password Authentication Scheme over Insecure Networks. In: Aluru, S., et al. Contemporary Computing. IC3 2011. Communications in Computer and Information Science, vol 168. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22606-9_51

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22606-9_51

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22605-2

  • Online ISBN: 978-3-642-22606-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation