Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

doi:10.1016/S1005-8885(11)60307-5

中国邮电高校学报(英文) ›› 2012, Vol. 19 ›› Issue (5): 104-114.doi: 10.1016/S1005-8885(11)60307-5

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

汪定,Chunguang Ma

哈尔滨工程大学

收稿日期:2012-04-05 修回日期:2012-07-03 出版日期:2012-10-31 发布日期:2012-10-08
通讯作者: 汪定 E-mail:wangdingg@mail.nankai.edu.cn
基金资助:
国家自然科学基金;国家自然科学基金;博士后落户黑龙江科研启动基金;网络与交换技术国家重点实验室开放课题

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

WANG Ding1, MA Chun-guang1

1. College of Computer Science and Technology, Harbin Engineering University, Harbin 150001, China 2. Automobile Management Institute of PLA, Bengbu 233011, China

Received:2012-04-05 Revised:2012-07-03 Online:2012-10-31 Published:2012-10-08
Contact: Wang Ding E-mail:wangdingg@mail.nankai.edu.cn

摘要/Abstract

摘要：

With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. showed that Wang et al.’s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.’s scheme still cannot achieve the claimed security goals and report its following problems: (1) It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; (2) It fails to provide forward secrecy; (3) It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.

关键词:

cryptanalysis, authentication protocol, smart card, non-tamper resistant, forward secrecy

Abstract:

Key words:

cryptanalysis, authentication protocol, smart card, non-tamper resistant, forward secrecy

中图分类号:

TP309

参考文献

1. Ku W C, Chen S M. Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 2004, 50(1): 204-207

2. Hu L L, Niu X X, Yang Y X. Weaknesses and improvements of a remote user authentication scheme using smart cards. The Journal of China Universities of Posts and Telecommunications, 2007, 14(3): 91-94

3. Song R G. Advanced smart card based password authentication protocol. Computer Standards & Interfaces, 2010, 32 (4): 321-325

4. Chen Y, Chou J S, Huang C H. Improvements on two password-based authentication protocols. IACR Cryptology ePrint Archive, 2009: 561

5. Yeh K H, Su C H, Lo N W. Two robust remote user authentication protocols using smart cards. Journal of Systems and Software, 2010, 83(12): 2556-2565

6. Sood K S. Secure dynamic identity-based authentication scheme using smart cards. Information Security Journal: A Global Perspective, 2011, 20(2): 67-77

7. Yang G, Wong D S, Wang H, et al. Two-factor mutual authentication based on smart cards and password. Journal of Computer and System Sciences, 2008, 74(7): 1160-1172

8. Ma C G, Wang D, Zhang Q M. Cryptanalysis and improvement of Sood et al’s dynamic ID-based authentication scheme. Proceedings of the 8th International Conference on Distributed Computing and Internet Technology (ICDCIT’12), Feb 2-4, 2012, Bhubaneswar, India. LNCS 7154. Berlin, Germany: Springer-Verlag, 2012: 141-152

9. Wu S H, Zhu Y F, Pu Q. Robust smart-cards-based user authentication scheme with user anonymity. Security and Communication Networks, 2012, 5(2): 236-248

10. Xu J, Zhu W T, Feng D G. An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces, 2009, 31(4): 723-728

11. Chen T H, Hsiang H C, Shih W K. S ecurity enhancement on an improvement on two remote user authentication schemes using smart cards. Future Generation Computer Systems, 2011, 27(4): 377-380

12. Wang X M, Zhang W F, Zhang J S, et al. Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Standards & Interfaces, 2007, 29(5): 507-512

13. Tsai J L, Wu T C, Tsai K Y. New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems, 2010, 23(12): 1449-1462

14. Kim J Y, Choi H K, Copeland J A. Further improved remote user authentication scheme. IEICE Transactions on Fundamentals, 2011, 94(6): 1426-1433

15. Blake-Wilson S, Johnson D, Menezes A. Key agreement protocols and their security analysis. Proceedings of the 6th IMA International Conference on Cryptography and Coding (IMACC’97), Dec 17-19, 1997, Cirencester, UK. LNCS 1355. Berlin, Germany: Springer-Verlag, 1997: 30-45

16. Messerges T S, Dabbish E A., Sloan R H. Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 2002, 51(5): 541-552

17. Mangard S, Oswald E, Popp T. Power analysis attacks—Revealing the secrets of smart cards. New York, NY, USA: Springer-Verlag , 2007

18. Mangard S, Oswald E, Standaert F X. One for all-all for one: unifying standard differential power analysis attacks. IET Information Security, 2011, 5(2): 100-110

19. Klein D V.Foiling the cracker: a survey of and improvements to password security . Proceedings of the 2nd Conference on USENIX Security Symposium(USENIX’90), Aug, 1990, Anaheim, CA, USA. Berkeley, CA, USA: USENIX Association, 1990: 5-14

20. Krawczyk H. HMQV: a high-performance secure Diffie-Hellman protocol. Advances in Crytography: Proceedings of the 25st Annual International Cryptology Conference (Crypto’05), Aug 14-18, 2005, Santa Barbara, CA, USA. LNCS 3621. Berlin, Germany: Springer-Verlag, 2005: 546-566

21. Tang C, Wu D. Mobile privacy in wireless networks-revisited. IEEE Transactions on Wireless Communications, 2008, 7(3): 1035-1042

22. Chung H R, Ku W C, Tsaur M J. Weaknesses and improvement of Wang et al’s remote user password authentication scheme for resource-limited environments. Computer Standards & Interfaces, 2009, 31(4): 863-868

23. Ferguson N, Schneier B, Kohno T. Cryptography engineering: design principles and practical applications. New York, NY, USA: John Wiley & Sons, 2010

24. Mao W B. Modern cryptography: theory and practice. Englewood Cliffs, NJ,USA: Prentice Hall, 2004

25. Wong D S, Fuentes H H, Chan A H. The performance measurement of cryptographic primitives on palm devices. Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC’01), Dec 10-14, 2001, New Orleans, LA, USA. Los Alamitos, CA, USA: IEEE Computer Society, 2001: 92-101

26. Großschädl J, Kamendje G A. Architectural enhancements for montgomery multiplication on embedded RISC processors. Proceedings of the 1st International Conference on Applied Cryptography and Network Security (ACNS’03), Oct 16-19, 2003, Kunming, China. LNCS 2846. Berlin, Germany: Springer-Verlag, 2003: 418-434

27. Potlapally N R, Ravi S, Raghunathan A, et al. A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing, 2006, 5(2): 128-143

[1]	傅镜艺黄勤龙马兆丰杨义先. Secure personal data sharing in cloud computing using attribute-based broadcast encryption[J]. Acta Metallurgica Sinica(English letters), 2014, 21(6): 45-51.
[2]	张德栋马兆丰钮心忻 LI Guo-you. Secure and efficient anonymous proxy signature scheme in the random oracle model [J]. Acta Metallurgica Sinica(English letters), 2013, 20(4): 87-92.
[3]	张德栋马兆丰钮心忻 Peng Yong. Anonymous authentication scheme of trusted mobile terminal undermobile Internet[J]. Acta Metallurgica Sinica(English letters), 2013, 20(1): 58-65.
[4]	叶青郑世慧郭洪福杨义先. Generalization of perfect concurrent signatures[J]. Acta Metallurgica Sinica(English letters), 2012, 19(6): 94-104.
[5]	CHEN Shuai, ZHONG Xian-xin. Chaotic block iterating method for pseudo-random sequence generator[J]. Acta Metallurgica Sinica(English letters), 2007, 14(1): 45-48.

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 5

编辑推荐

Metrics

本文评价