Security Enhancements of a Mutual Authentication Scheme Using Smart Cards

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 214)


Password-based authentication schemes have been widely adopted to protect resources from unauthorized access. In 2008, Liu et al. proposed a new mutual authentication scheme using smart cards which can withstand the forgery attack. In this paper, we analyze the security of Liu et al.’s scheme, and we show that Liu et al.’s scheme is still vulnerable to the various attacks. Also, we propose the enhanced scheme to overcome these security weaknesses and provide mutual authentication between the user and the server, even if the secret information stored in the smart card is revealed by an attacker. As a result of security analysis, the enhanced scheme is more secure than Liu et al.’s scheme.


Mutual authentication Smart card User impersonation attack Password guessing attack 


  1. 1.
    Yang, W.H., Shieh, S.P.: Password authentication with smart cards. Comput. Secur. 18(8), 727–733 (1999)CrossRefGoogle Scholar
  2. 2.
    Shen, J.J., Lin, C.W., Hwang, M.S.: Security enhancement for the timestamp-based password authentication scheme using smart cards. Comput. Secur. 22(7), 591–595 (2003)CrossRefGoogle Scholar
  3. 3.
    Wu, S.T., Chieu, B.C.: A user friendly remote authentication scheme with smart cards. Comput. Secur. 22(6), 457–550 (2003)CrossRefGoogle Scholar
  4. 4.
    Das, M.L., Sxena, A., Gulathi, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2), 629–631 (2004)CrossRefGoogle Scholar
  5. 5.
    Chien, H.Y., Chen, C.H.: A remote password authentication preserving user anonymity. In: Proceedings of the 19th International Conference on Advanced Information Networking and Applications, (AINA ‘05) (2005)Google Scholar
  6. 6.
    Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Attack on the Shen et al.’s timestamp-based password authentication scheme using smart cards. IEICE Trans. Fundam. E88-A(1), 319–321 (2005)Google Scholar
  7. 7.
    Lin, C.W., Tsai, C.S., Hwang, M.S.: A new strong-password authentication scheme using one-way hash functions. J. Comput. Syst. Sci. Int. 45(4), 623–626 (2006)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Bindu, C.S., Reddy, P.C.S., Satyanarayana, B.: Improved remote user authentication scheme preserving user anonymity. Int. J. Comput. Sci. Netw. Secur. 8(3), 62–66 (2008)Google Scholar
  9. 9.
    Chang, C.C., Lee, C.Y.: A friendly password mutual authentication scheme for remote login network systems. Int. J. Multimedia Ubiquit. Eng. 3(1), 59–63 (2008)Google Scholar
  10. 10.
    Liu, J.Y., Zhou, A.M., Gao, M.X.: A new mutual authentication scheme based on nonce and smart cards. Comput. Commun. 31, 2205–2209 (2008)CrossRefGoogle Scholar
  11. 11.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of Advances in Cryptology, pp. 388–397 (1999)Google Scholar
  12. 12.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Brier, E., Clavier, C., Oliver, F.: Correlation power analysis with a leakage model. Lect. Notes Comput. Sci. 3156, 135–152 (2004)Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2013

Authors and Affiliations

  1. 1.Computer and Media Information EngineeringKangnam UniversityYongin-siKorea

Personalised recommendations