Skip to main content
SpringerLink
Log in

On the Analysis and Design of a Family Tree of Smart Card Based User Authentication Schemes

  • Conference paper
Ubiquitous Intelligence and Computing (UIC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4611))

Included in the following conference series:

  • 1483 Accesses

Abstract

A family (tree) of 2-party password-based authentication protocols based on smart cards abounds in security literature, more popularly known as remote user authentication schemes using smart cards. In this paper, we give a generic treatment to the security and analyses of such protocols, tracing back to the original versions due to Hwang et al. and Hwang-Li from which many variants have been derived. Our work here highlights the security implications of taking the break-and-tweak approach to protocol design.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R. (ed.): Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley Publishing, Chichester (2001)

    Google Scholar 

  2. Awasthi, A.K., Lal, S.: A Remote User Authentication Scheme using Smart Cards with Forward Secrecy. IEEE Trans. on Consumer Electronics 49(4), 1246–1248 (2003)

    Article  Google Scholar 

  3. Boyd, C., Mathuria, A. (eds.): Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)

    Google Scholar 

  4. Chan, C.K., Cheng, L.M.: Cryptanalysis of a Remote User Authentication Scheme using Smart Cards. IEEE Trans. on Consumer Electronics 46(4), 992–993 (2000)

    Article  Google Scholar 

  5. Chang, C.C., Hwang, K.F.: Some Forgery Attacks on a Remote User Authentication Scheme using Smart Cards. Informatics 14(3), 289–294 (2003)

    MATH  MathSciNet  Google Scholar 

  6. Ding, Y., Horster, P.: Undetectable On-line Password Guessing Attacks. ACM Operating Systems Review 29(4), 77–86 (1995)

    Article  Google Scholar 

  7. Guillou, L.C., Quisquater, J.-J.: Efficient Digital Public-Key Signature with Shadow (Abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, Springer, Heidelberg (1988)

    Google Scholar 

  8. Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme using Smart Cards. IEEE Trans. on Consumer Electronics 46(1), 28–30 (2000)

    Article  Google Scholar 

  9. Hwang, T., Chen, Y., Laih, C.S.: Non-Interactive Password Authentications without Password Tables. In: IEEE Region 10 Conference on Computer and Communication Systems 1990, pp. 429–431 (1990)

    Google Scholar 

  10. Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  11. Lee, S.-W., Kim, H.-S., Yoo, K.-Y.: Efficient Nonce-based Remote User Authentication Scheme using Smart Cards. Applied Mathematics and Computation 167(1), 355–361 (2005)

    Article  MATH  MathSciNet  Google Scholar 

  12. Leung, K.-C., Cheng, L.M., Fong, A.S., Chan, C.-K.: Cryptanalysis of a Modified Remote User Authentication Scheme using Smart Cards. IEEE Trans. on Consumer Electronics 49(4), 1243–1245 (2003)

    Article  Google Scholar 

  13. Nam, J., Kim, S., Park, S., Won, D.: Security Analysis of a Nonce-based User Authentication Scheme using Smart Cards. IEICE Trans. Fundamentals E90A(1), 299–302 (2007)

    Article  Google Scholar 

  14. Phan, R.C.-W., Goi, B.-M.: Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 33–39. Springer, Heidelberg (2005)

    Google Scholar 

  15. Phan, R.C.-W., Goi, B.-M.: Cryptanalysis of the N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 226–238. Springer, Heidelberg (2006)

    Google Scholar 

  16. Phan, R.C.-W., Goi, B.-M.: Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 104–117. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Schneier, B. (ed.): Applied Cryptography, 2nd edn. John Wiley & Sons, Chichester (1996)

    Google Scholar 

  18. Schneier, B., Shostack, A.: Breaking up is Hard to do: Modeling Security Threats for Smart Cards. USENIX Workshop on Smart Card Technology, USENIX PRESS, pp. 175–185 (1999)

    Google Scholar 

  19. Shen, J.J., Lin, C.W., Hwang, M.S.: A Modified Remote User Authentication Scheme using Smart Cards. IEEE Trans. on Consumer Electronics 49(2), 414–416 (2003)

    Article  Google Scholar 

  20. Stern, J.: Why Provable Security Matters? Advances in Cryptology - Eurocrypt ’03. In: Biham, E. (ed.) Advances in Cryptology – EUROCRPYT 2003. LNCS, vol. 2656, pp. 449–461. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LASEC, EPFL, Switzerland

    Raphael C. -W. Phan

  2. Centre for Cryptography and Information Security (CCIS), Faculty of Engineering, Multimedia University, Cyberjaya, Malaysia

    Bok-Min Goi

Authors
  1. Raphael C. -W. Phan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bok-Min Goi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Jadwiga Indulska Jianhua Ma Laurence T. Yang Theo Ungerer Jiannong Cao

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Phan, R.C.W., Goi, BM. (2007). On the Analysis and Design of a Family Tree of Smart Card Based User Authentication Schemes. In: Indulska, J., Ma, J., Yang, L.T., Ungerer, T., Cao, J. (eds) Ubiquitous Intelligence and Computing. UIC 2007. Lecture Notes in Computer Science, vol 4611. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73549-6_118

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-73549-6_118

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73548-9

  • Online ISBN: 978-3-540-73549-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation