Abstract
With the exponential growth of Internet users, various business transactions take place over an insecure channel. To secure these transactions, authentication is the primary step that needs to be passed. To overcome the problems associated with traditional password based authentication methods, smart card authentication schemes have been widely used. However, most of these schemes are vulnerable to one or the other possible attack. Recently, Yang, Jiang and Yang proposed RSA based smart card authentication scheme. They claimed that their scheme provides security against replay attack, password guessing attack, insider attack and impersonation attack. This paper demonstrates that Yang et al.’s scheme is vulnerable to impersonation attack and fails to provide essential features to satisfy the needs of a user. Further, comparative study of existing schemes is also presented on the basis of various security features provided and vulnerabilities present in these schemes.
Chapter PDF
Similar content being viewed by others
References
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24, 770–772 (1981)
Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46, 28–30 (2000)
Chan, C.K., Cheng, L.M.: Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46, 992–993 (2000)
Sun, H.M.: An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46, 958–961 (2000)
Hsu, C.L.: Security of two remote user authentication schemes using smart cards. IEEE Transactions on Consumer Electronics 49, 1196–1198 (2003)
Chien, H.Y., Jan, J.K., Tseng, Y.M.: An efficient and practical solution to remote authentication: smart card. Computers and Security 21, 372–375 (2002)
Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50, 204–207 (2004)
Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50, 612–614 (2004)
Wang, X.M., Zhang, W.F., Zhang, J.S., Khan, M.K.: Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Standards and Interfaces 29, 507–512 (2007)
Yoon, E.J., Lee, E.J., Yoo, K.Y.: Cryptanalysis of Wang et al.’s remote user authentication scheme using smart cards. In: 5th International Conference on Information Technology: New Generations, Las Vegas, USA, pp. 575–580 (2008)
Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 50, 629–631 (2004)
Liao, I.E., Lee, C.C., Hwang, M.S.: Security enhancement for a dynamic ID-based remote user authentication scheme. In: International Conference on Next Generation Web Services Practices, Seoul, Korea, pp. 437–440 (2005)
Wang, Y.Y., Liu, J.Y., Xiao, F.X., Dan, J.: A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 32, 583–585 (2009)
Ahmed, M.A., Lakshmi, D.R., Sattar, S.A.: Cryptanalysis of a more efficient and secure dynamic id-based remote user authentication scheme. International Journal of Network Security and its Applications 1, 32–37 (2009)
Hao, Z., Yu, N.: A security enhanced remote password authentication scheme using smart card. In: 2nd International Symposium on Data, Privacy and E-Commerce, Buffalo, USA, pp. 56–60 (2010)
Zhang, H., Li, M.: Security vulnerabilities of an remote password authentication scheme with smart card. In: 2011 International Conference on Consumer Electronics, Communications and Networks, XianNing, China, pp. 698–701 (2011)
Song, R.: Advanced smart card based password authentication protocol. Computer Standards and Interfaces 32, 321–325 (2010)
Pippal, R.S., Jaidhar, C.D., Tapaswi, S.: Comments on symmetric key encryption based smart card authentication scheme. In: 2nd International Conference on Computer Technology and Development, Cairo, Egypt, pp. 482–484 (2010)
Horng, W.B., Lee, C.P., Peng, J.W.: Security weaknesses of Song’s advanced smart card based password authentication protocol. In: 2010 IEEE International Conference on Progress in Informatics and Computing, Shanghai, China, pp. 477–480 (2010)
Yang, C., Jiang, Z., Yang, J.: Novel access control scheme with user authentication using smart cards. In: 3rd International Joint Conference on Computational Science and Optimization, Huangshan, China, pp. 387–389 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Pippal, R.S., C.D., J., Tapaswi, S. (2012). Security Vulnerabilities of User Authentication Scheme Using Smart Card. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds) Data and Applications Security and Privacy XXVI. DBSec 2012. Lecture Notes in Computer Science, vol 7371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31540-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-31540-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31539-8
Online ISBN: 978-3-642-31540-4
eBook Packages: Computer ScienceComputer Science (R0)