Skip to main content
SpringerLink
Log in

Security Enhancement of a Remote User Authentication Scheme Using Smart Cards

  • Conference paper
On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops (OTM 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4277))

Abstract

Designing cryptographic protocols well suited for today’s distributed large networks poses great challenges in terms of cost, performance, user convenience, functionality, and above all security. As has been pointed out for many years, even designing a two-party authentication scheme is extremely error-prone. This paper discusses the security of Lee et al.’s remote user authentication scheme making use of smart cards. Lee et al.’s scheme was proposed to solve the security problem with Chien et al.’s authentication scheme and was claimed to provide mutual authentication between the server and the remote user. However, we demonstrate that Lee et al.’s scheme only achieves unilateral authentication — only the server can authenticate the remote user, but not vice versa. In addition, we recommend changes to the scheme that fix the security vulnerability.

This work was supported by the Korean Ministry of Information and Communication under the Information Technology Research Center (ITRC) support program supervised by the Institute of Information Technology Assessment (IITA).

An erratum to this chapter can be found at http://dx.doi.org/10.1007/11915034_125.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anti-Phishing Working Group, http://www.antiphishing.org

  2. Bird, R., Gopal, I., Herzberg, A., Janson, P.A., Kutten, S., Molva, R., Yung, M.: Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)

    Article  Google Scholar 

  3. Carlsen, U.: Cryptographic protocol flaws: know your enemy. In: Proc. 7th IEEE Computer Security Foundations Workshop, pp. 192–200 (1994)

    Google Scholar 

  4. Chang, C.-C., Wu, T.-C.: Remote password authentication with smart cards. IEE Proceedings E - Computers and Digital Techniques 138(3), 165–168 (1991)

    Article  Google Scholar 

  5. Chien, H.-Y., Jan, J.-K., Tseng, Y.-M.: An efficient and practical solution to remote authentication: smart card. Computers & Security 21(4), 372–375 (2002)

    Article  Google Scholar 

  6. Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchange. Designs, Codes and Cryptography 2(2), 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  7. Hsu, C.-L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces 26(3), 167–169 (2004)

    Article  Google Scholar 

  8. Hwang, M.-S., Li, L.-H.: A new remote user authentication scheme using smart cards. IEEE Trans. on Consumer Electronics 46(1), 28–30 (2000)

    Article  Google Scholar 

  9. Ku, W.-C., Chang, S.-T., Chiang, M.-H.: Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Trans. on Commmunications E88-B(8), 3451–3454 (2005)

    Article  Google Scholar 

  10. Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  11. Lee, S.-W., Kim, H.-S., Yoo, K.-Y.: Improved efficient remote user authentication scheme using smart cards. IEEE Trans. on Consumer Electronics 50(2), 565–567 (2004)

    Article  Google Scholar 

  12. Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1995)

    Article  MATH  Google Scholar 

  13. Sun, H.-M.: An efficient remote user authentication scheme using smart cards. IEEE Trans. on Consumer Electronics 46(4), 958–961 (2000)

    Article  Google Scholar 

  14. Yang, W.-H., Shieh, S.-P.: Password authentication schemes with smart card. Computers & Security 18(8), 727–733 (1999)

    Article  Google Scholar 

  15. Yoon, E.-J., Kim, W.-H., Yoo, K.-Y.: Security enhancement for password authentication schemes with smart cards. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 90–99. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  16. Yoon, E.-J., Ryu, E.-K., Yoo, K.-Y.: An Improvement of Hwang-Lee-Tang’s simple remote user authentication scheme. Computers & Security 24(1), 50–56 (2005)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Sungkyunkwan University, Korea

    Youngsook Lee, Junghyun Nam & Dongho Won

Authors
  1. Youngsook Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Junghyun Nam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STARLab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. School of Computer Science and Information Technology, RMIT University, Bld 10.10, 376-392 Swanston Street, 3001, Melbourne, VIC, Australia

    Zahir Tari

  3. Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, 28660, Boadilla del Monte, Madrid, Spain

    Pilar Herrero

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lee, Y., Nam, J., Won, D. (2006). Security Enhancement of a Remote User Authentication Scheme Using Smart Cards. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4277. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11915034_74

Download citation

  • DOI: https://doi.org/10.1007/11915034_74

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-48269-7

  • Online ISBN: 978-3-540-48272-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation