Abstract
Designing cryptographic protocols well suited for today’s distributed large networks poses great challenges in terms of cost, performance, user convenience, functionality, and above all security. As has been pointed out for many years, even designing a two-party authentication scheme is extremely error-prone. This paper discusses the security of Lee et al.’s remote user authentication scheme making use of smart cards. Lee et al.’s scheme was proposed to solve the security problem with Chien et al.’s authentication scheme and was claimed to provide mutual authentication between the server and the remote user. However, we demonstrate that Lee et al.’s scheme only achieves unilateral authentication — only the server can authenticate the remote user, but not vice versa. In addition, we recommend changes to the scheme that fix the security vulnerability.
This work was supported by the Korean Ministry of Information and Communication under the Information Technology Research Center (ITRC) support program supervised by the Institute of Information Technology Assessment (IITA).
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11915034_125.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anti-Phishing Working Group, http://www.antiphishing.org
Bird, R., Gopal, I., Herzberg, A., Janson, P.A., Kutten, S., Molva, R., Yung, M.: Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)
Carlsen, U.: Cryptographic protocol flaws: know your enemy. In: Proc. 7th IEEE Computer Security Foundations Workshop, pp. 192–200 (1994)
Chang, C.-C., Wu, T.-C.: Remote password authentication with smart cards. IEE Proceedings E - Computers and Digital Techniques 138(3), 165–168 (1991)
Chien, H.-Y., Jan, J.-K., Tseng, Y.-M.: An efficient and practical solution to remote authentication: smart card. Computers & Security 21(4), 372–375 (2002)
Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchange. Designs, Codes and Cryptography 2(2), 107–125 (1992)
Hsu, C.-L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces 26(3), 167–169 (2004)
Hwang, M.-S., Li, L.-H.: A new remote user authentication scheme using smart cards. IEEE Trans. on Consumer Electronics 46(1), 28–30 (2000)
Ku, W.-C., Chang, S.-T., Chiang, M.-H.: Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Trans. on Commmunications E88-B(8), 3451–3454 (2005)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Lee, S.-W., Kim, H.-S., Yoo, K.-Y.: Improved efficient remote user authentication scheme using smart cards. IEEE Trans. on Consumer Electronics 50(2), 565–567 (2004)
Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1995)
Sun, H.-M.: An efficient remote user authentication scheme using smart cards. IEEE Trans. on Consumer Electronics 46(4), 958–961 (2000)
Yang, W.-H., Shieh, S.-P.: Password authentication schemes with smart card. Computers & Security 18(8), 727–733 (1999)
Yoon, E.-J., Kim, W.-H., Yoo, K.-Y.: Security enhancement for password authentication schemes with smart cards. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 90–99. Springer, Heidelberg (2005)
Yoon, E.-J., Ryu, E.-K., Yoo, K.-Y.: An Improvement of Hwang-Lee-Tang’s simple remote user authentication scheme. Computers & Security 24(1), 50–56 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, Y., Nam, J., Won, D. (2006). Security Enhancement of a Remote User Authentication Scheme Using Smart Cards. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4277. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11915034_74
Download citation
DOI: https://doi.org/10.1007/11915034_74
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-48269-7
Online ISBN: 978-3-540-48272-7
eBook Packages: Computer ScienceComputer Science (R0)