中国邮电高校学报(英文) ›› 2012, Vol. 19 ›› Issue (5): 104-114.doi: 10.1016/S1005-8885(11)60307-5

• Others • 上一篇    下一篇

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

汪定,Chunguang Ma   

  1. 哈尔滨工程大学
  • 收稿日期:2012-04-05 修回日期:2012-07-03 出版日期:2012-10-31 发布日期:2012-10-08
  • 通讯作者: 汪定 E-mail:wangdingg@mail.nankai.edu.cn
  • 基金资助:

    国家自然科学基金;国家自然科学基金;博士后落户黑龙江科研启动基金;网络与交换技术国家重点实验室开放课题

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

WANG Ding1, MA Chun-guang1   

  1. 1. College of Computer Science and Technology, Harbin Engineering University, Harbin 150001, China 2. Automobile Management Institute of PLA, Bengbu 233011, China
  • Received:2012-04-05 Revised:2012-07-03 Online:2012-10-31 Published:2012-10-08
  • Contact: Wang Ding E-mail:wangdingg@mail.nankai.edu.cn

摘要:

With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. showed that Wang et al.’s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.’s scheme still cannot achieve the claimed security goals and report its following problems: (1) It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; (2) It fails to provide forward secrecy; (3) It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.

关键词:

cryptanalysis, authentication protocol, smart card, non-tamper resistant, forward secrecy

Abstract:

With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. showed that Wang et al.’s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.’s scheme still cannot achieve the claimed security goals and report its following problems: (1) It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; (2) It fails to provide forward secrecy; (3) It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.

Key words:

cryptanalysis, authentication protocol, smart card, non-tamper resistant, forward secrecy

中图分类号: