Abstract
Recently, Liu et al. have proposed an efficient scheme for a remote user authentication using smart cards suited for a multi-server environment. This work reviews Liu et al,’s scheme and provides a security analysis on the scheme. Our analysis shows that Liu et al.’s scheme does not achieve its fundamental goal not only of mutual authentication bur also of password security. We demonstrate these by mounting a user impersonation attack and an off-line password guessing attack, respectively, on Liu et al.’s scheme.
This work was supported by Howon University in 2009.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anti-Phishing Working Group, http://www.antiphishing.org
Bird, R., Gopal, I., Herzberg, A., Janson, P.A., Kutten, S., Molva, R., Yung, M.: Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)
Carlsen, U.: Cryptographic protocol flaws: know your enemy. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop, pp. 192–200 (1994)
Chang, C., Lee, J.S.: An efficient and secure multi-server password authentication scheme using smart cards. In: IEEE Proceeding of the International Conference on Cyberworlds (2004)
Chang, C.-C., Wu, T.-C.: Remote password authentication with smart cards. IEE Proceedings E - Computers and Digital Techniques 138(3), 165–168 (1991)
Chien, H.-Y., Jan, J.-K., Tseng, Y.-M.: An efficient and practical solution to remote authentication: smart card. Computers & Security 21(4), 372–375 (2002)
Chang, C., Kuo, J.Y.: An efficient multi-server password authenticated keys agreement scheme using smart cards with access control. In: IEEE Proceeding of the 19th International Conference on Advanced Information Networking and Applications, vol. 2, pp. 257–260 (2005)
Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchange. Designs, Codes and Cryptography 2(2), 107–125 (1992)
National Institute of Standards and Technology (NIST), Digital signatur standard, FIPS PUB 186, p. 20 (1994)
Hsu, C.-L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards & Interfaces 26(3), 167–169 (2004)
Hwang, M.-S., Li, L.-H.: A new remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics 46(1), 28–30 (2000)
Hwang, M.-S., Li, L.-H., Tang, Y.-L.: A simple remote user authentication. Mathematical and Computer Modelling 36, 103–107 (2002)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Juang, W.S.: Efficient multi-server password authenticated key agreement using smart cards. IEEE Transaction on Consumer Electronics 50(1), 251–255 (2004)
Ku, W.-C., Chang, S.-T., Chiang, M.-H.: Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Transaction on Commmunications E88-B(8), 3451–3454 (2005)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Li, L.-H., Lin, I.-C., Hwang, M.-S.: A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transaction on Neural Networks 12(6) (2001)
Lin, I.-C., Hwang, M.-S., Li, L.-H.: A new remote user authentication scheme for multi-server internet environments. Future Generation Computer System 19, 13–22 (2003)
Liu, J., Liao, J., Zhu, X.: A password-based authentication and key establishment scheme for mobile environment. In: 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW 2007), vol. 2, pp. 99–104 (2007)
Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1995)
Lee, Y., Won, D.: Security Weaknesses in Chang and Wu’s Key Agreement Protocol for a Multi-Server Environment. In: IEEE Proceeding of 2008 International Conference on e-Business Engineering, pp. 308–314. IEEE Computer Society, Los Alamitos (2008)
Messerges, T.-S., Dabbish, E.-A., Sloan, R.-H.: Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)
Sun, H.-M.: An efficient remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics 46(4), 958–961 (2000)
Tsuar, W.-J.: An enhanced user authentication scheme for multi-server internet services. Applied Mathematics and Computation 170, 258–266 (2005)
Tsuar, W.-J., Wu, C.-C., Lee, W.-B.: A flexible user authentication for multiserver internet services. In: Lorenz, P. (ed.) ICN 2001. LNCS, vol. 2093, pp. 174–183. Springer, Heidelberg (2001)
Tsaur, W.-J., Wu, C.-C., Lee, W.-B.: A smart card-based remote scheme for password authentication in multi-server Internet services. Computer Standards & Interfaces 27, 39–51 (2004)
Tian, X., Zhu, R.W., Wong, D.S.: Improved efficient remote user authentication schemes. International Jounal of Network Security 4(2), 149–154 (2007)
Yoon, E.-J., Kim, W.-H., Yoo, K.-Y.: Security enhancement for password authentication schemes with smart cards. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 311–320. Springer, Heidelberg (2005)
Yang, W.-H., Shieh, S.-P.: Password authentication schemes with smart card. Computers & Security 18(8), 727–733 (1999)
Yoon, E.-J., Ryu, E.-K., Yoo, K.-Y.: An improvement of Hwang-Lee-Tang’s simple remote user authentication scheme. Computers & Security 24(1), 50–56 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, Y., Won, D. (2009). Security Vulnerabilities of a Remote User Authentication Scheme Using Smart Cards Suited for a Multi-server Environment. In: Gervasi, O., Taniar, D., Murgante, B., Laganà, A., Mun, Y., Gavrilova, M.L. (eds) Computational Science and Its Applications – ICCSA 2009. ICCSA 2009. Lecture Notes in Computer Science, vol 5593. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02457-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-02457-3_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02456-6
Online ISBN: 978-3-642-02457-3
eBook Packages: Computer ScienceComputer Science (R0)