Acta Metallurgica Sinica(English letters) ›› 2012, Vol. 19 ›› Issue (5): 104-114.doi: 10.1016/S1005-8885(11)60307-5

• Others • Previous Articles     Next Articles

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

WANG Ding1, MA Chun-guang1   

  1. 1. College of Computer Science and Technology, Harbin Engineering University, Harbin 150001, China 2. Automobile Management Institute of PLA, Bengbu 233011, China
  • Received:2012-04-05 Revised:2012-07-03 Online:2012-10-31 Published:2012-10-08
  • Contact: Wang Ding E-mail:wangdingg@mail.nankai.edu.cn

Abstract:

With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. showed that Wang et al.’s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.’s scheme still cannot achieve the claimed security goals and report its following problems: (1) It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; (2) It fails to provide forward secrecy; (3) It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.

Key words:

cryptanalysis, authentication protocol, smart card, non-tamper resistant, forward secrecy

CLC Number: