Skip to main content
SpringerLink
Log in

Cryptanalysis and Improvement of an ECC-Based Password Authentication Scheme Using Smart Cards

  • Conference paper
Cyberspace Safety and Security (CSS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8300))

Included in the following conference series:

Abstract

Remote password authentication has been widely used in network systems and it aims to provide secure remote access control. In 2013, Li proposed a novel password authentication scheme based on elliptic curve cryptography and smart card [17]. However, we found that Li’s authentication scheme has a serious security problem in that all registered users’ sensitive passwords can be easily derived by the privileged-insider of remote server. Therefore, in this paper, we propose a slight modification on Li’s scheme to prevent the shortcomings. Our improved scheme not only inherits the advantages of Li’s password authentication scheme but also remedies the serious security weakness of not being able to withstand insider attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chang, C.C., Lee, C.Y.: A smart card-based authentication scheme uing user identify cryptography. International Journal of Network Security 15(2), 139–147 (2013)

    Google Scholar 

  2. Das, A.K.: Improving identity-based random key establishment scheme for large-scale hierarchical wireless sensor networks. International Journal of Network Security 14(1), 1–21 (2012)

    Google Scholar 

  3. He, D., Zhao, W., Wu, S.: Security analysis of a dynamic ID-based authentication scheme for multi-server environment using smart cards. International Journal of Network Security 15(5), 350–356 (2013)

    Google Scholar 

  4. Islam, S.H., Biswas, G.P.: Design of improved password authentication and update scheme based on elliptic curve cryptography. Mathematical and Computer Modelling 57(11-12), 2703–2717 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  5. Kar, J.: ID-based deniable authentication protocol based on Diffie-Hellman problem on elliptic curve. International Journal of Network Security 15(5), 357–364 (2013)

    Google Scholar 

  6. Kim, S.K., Chung, M.G.: More secure remote user authentication scheme. Computer Communications 32(6), 1018–1021 (2009)

    Article  Google Scholar 

  7. Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)

    Article  Google Scholar 

  8. Lee, C.C., Chen, C.L., Wu, C.Y., Huang, S.Y.: An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dynamics 69(1-2), 79–87 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  9. Lee, C.C., Hsu, C.W.: A secure biometric-based remote user authentication with key agreement protocol using extended chaotic maps. Nonlinear Dynamics 71(1-2), 201–211 (2013)

    Article  Google Scholar 

  10. Lee, C.C., Li, C.T., Hsu, C.W.: A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dynamics 73(1-2), 125–132 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  11. Lee, C.C., Chen, C.T., Li, C.T., Wu, P.H.: A practical RFID authentication mechanism for digital television. Telecommunication Systems (article in press, 2013)

    Google Scholar 

  12. Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 33(1), 1–5 (2010)

    Article  Google Scholar 

  13. Li, C.T., Hwang, M.S.: An online biometrics-based secret sharing scheme for multiparty cryptosystem using smart cards. International Journal of Innovative Computing, Information and Control 6(5), 2181–2188 (2010)

    Google Scholar 

  14. Li, C.T.: Secure smart card based password authentication scheme with user anonymity. Information Technology and Control 40(2), 157–162 (2011)

    Article  Google Scholar 

  15. Li, C.T., Lee, C.C.: A robust remote user authentication scheme using smart card. Information Technology and Control 40(3), 236–245 (2011)

    Article  Google Scholar 

  16. Li, C.T., Lee, C.C.: A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling 55(1-2), 35–44 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  17. Li, C.T.: A new password authentication and user anonymity scheme Based on elliptic curve cryptography and smart card. IET Information Security 7(1), 3–10 (2013)

    Article  Google Scholar 

  18. Li, C.T., Lee, C.C., Weng, C.Y., Fan, C.I.: An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Transactions on Internet and Information Systems 7(1), 119–131 (2013)

    Article  Google Scholar 

  19. Li, C.T., Weng, C.Y., Lee, C.C.: An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks. Sensors 13(8), 9589–9603 (2013)

    Article  Google Scholar 

  20. Li, C.T., Lee, C.C., Weng, C.Y.: An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dynamics (article in press, 2013)

    Google Scholar 

  21. Liao, I.E., Lee, C.C., Hwang, M.S.: A password authentication scheme over insecure networks. Journal of Computer and System Sciences 72(4), 727–740 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  22. Naveed, M., Habib, W., Masud, U., Ullah, U., Ahmad, G.: Reliable and low cost RFID based authentication system for large scale deployment. International Journal of Network Security 14(3), 173–179 (2012)

    Google Scholar 

  23. Kumar, M.: A new secure remote user authentication scheme with smart cards. International Journal of Network Security 11(2), 88–93 (2010)

    Google Scholar 

  24. Ramasamy, R., Muniyandi, A.P.: An efficient password authentication scheme for smart card. International Journal of Network Security 14(3), 180–186 (2012)

    Google Scholar 

  25. National Institute of Standards and Technology, US department of commerce, secure hash standard. US Federal Information Processing Standard Publication, 180–182 (2002)

    Google Scholar 

  26. Yang, L., Ma, J.F., Jiang, Q.: Mutual authentication scheme with smart cards and password under trusted computing. International Journal of Network Security 14(3), 156–163 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Library and Information Science, Fu Jen Catholic University, 510 Jhongjheng Road, New Taipei City, 24205, Taiwan (R.O.C.)

    Cheng-Chi Lee

  2. Department of Photonics and Communication Engineering, Asia University, 500 Lioufeng Road, Taichung City, 41354, Taiwan (R.O.C.)

    Cheng-Chi Lee

  3. Department of Information Management, Tainan University of Technology, 529 Zhongzheng Road, Tainan City, 71002, Taiwan (R.O.C.)

    Chun-Ta Li, Jian-Jhong Jheng, Xiao-Qian Zhang & Yi-Rui Zhu

  4. Department of Computer Science, National Tsing Hua University, 101 Kuang-Fu Road, Hsinchu City, 30013, Taiwan (R.O.C.)

    Chi-Yao Weng

Authors
  1. Cheng-Chi Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chun-Ta Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chi-Yao Weng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jian-Jhong Jheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiao-Qian Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yi-Rui Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Science and Engineering, Central South University, 410083, Changsha, Hunan, P.R. China

    Guojun Wang

  2. Computer Science Department, Colorado State University, 1873 Campus Delivery, 80523-1873, Fort Collins, CO, USA

    Indrakshi Ray

  3. Chinese Academy of Sciences, Institute of Software, 100190, Beijing, P.R. China

    Dengguo Feng

  4. information Security Group, City University London, EC1V 0HB, London, UK

    Muttukrishnan Rajarajan

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Lee, CC., Li, CT., Weng, CY., Jheng, JJ., Zhang, XQ., Zhu, YR. (2013). Cryptanalysis and Improvement of an ECC-Based Password Authentication Scheme Using Smart Cards. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds) Cyberspace Safety and Security. CSS 2013. Lecture Notes in Computer Science, vol 8300. Springer, Cham. https://doi.org/10.1007/978-3-319-03584-0_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-03584-0_25

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-03583-3

  • Online ISBN: 978-3-319-03584-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation