Skip to main content
SpringerLink
Log in

Security Vulnerabilities of a Remote User Authentication Scheme Using Smart Cards Suited for a Multi-server Environment

  • Conference paper
Book cover Computational Science and Its Applications – ICCSA 2009 (ICCSA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5593))

Included in the following conference series:

Abstract

Recently, Liu et al. have proposed an efficient scheme for a remote user authentication using smart cards suited for a multi-server environment. This work reviews Liu et al,’s scheme and provides a security analysis on the scheme. Our analysis shows that Liu et al.’s scheme does not achieve its fundamental goal not only of mutual authentication bur also of password security. We demonstrate these by mounting a user impersonation attack and an off-line password guessing attack, respectively, on Liu et al.’s scheme.

This work was supported by Howon University in 2009.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anti-Phishing Working Group, http://www.antiphishing.org

  2. Bird, R., Gopal, I., Herzberg, A., Janson, P.A., Kutten, S., Molva, R., Yung, M.: Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)

    Article  Google Scholar 

  3. Carlsen, U.: Cryptographic protocol flaws: know your enemy. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop, pp. 192–200 (1994)

    Google Scholar 

  4. Chang, C., Lee, J.S.: An efficient and secure multi-server password authentication scheme using smart cards. In: IEEE Proceeding of the International Conference on Cyberworlds (2004)

    Google Scholar 

  5. Chang, C.-C., Wu, T.-C.: Remote password authentication with smart cards. IEE Proceedings E - Computers and Digital Techniques 138(3), 165–168 (1991)

    Article  Google Scholar 

  6. Chien, H.-Y., Jan, J.-K., Tseng, Y.-M.: An efficient and practical solution to remote authentication: smart card. Computers & Security 21(4), 372–375 (2002)

    Article  Google Scholar 

  7. Chang, C., Kuo, J.Y.: An efficient multi-server password authenticated keys agreement scheme using smart cards with access control. In: IEEE Proceeding of the 19th International Conference on Advanced Information Networking and Applications, vol. 2, pp. 257–260 (2005)

    Google Scholar 

  8. Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchange. Designs, Codes and Cryptography 2(2), 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  9. National Institute of Standards and Technology (NIST), Digital signatur standard, FIPS PUB 186, p. 20 (1994)

    Google Scholar 

  10. Hsu, C.-L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards & Interfaces 26(3), 167–169 (2004)

    Article  Google Scholar 

  11. Hwang, M.-S., Li, L.-H.: A new remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics 46(1), 28–30 (2000)

    Article  Google Scholar 

  12. Hwang, M.-S., Li, L.-H., Tang, Y.-L.: A simple remote user authentication. Mathematical and Computer Modelling 36, 103–107 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  13. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  14. Juang, W.S.: Efficient multi-server password authenticated key agreement using smart cards. IEEE Transaction on Consumer Electronics 50(1), 251–255 (2004)

    Article  Google Scholar 

  15. Ku, W.-C., Chang, S.-T., Chiang, M.-H.: Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Transaction on Commmunications E88-B(8), 3451–3454 (2005)

    Article  Google Scholar 

  16. Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  17. Li, L.-H., Lin, I.-C., Hwang, M.-S.: A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transaction on Neural Networks 12(6) (2001)

    Google Scholar 

  18. Lin, I.-C., Hwang, M.-S., Li, L.-H.: A new remote user authentication scheme for multi-server internet environments. Future Generation Computer System 19, 13–22 (2003)

    Article  MATH  Google Scholar 

  19. Liu, J., Liao, J., Zhu, X.: A password-based authentication and key establishment scheme for mobile environment. In: 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW 2007), vol. 2, pp. 99–104 (2007)

    Google Scholar 

  20. Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1995)

    Article  MATH  Google Scholar 

  21. Lee, Y., Won, D.: Security Weaknesses in Chang and Wu’s Key Agreement Protocol for a Multi-Server Environment. In: IEEE Proceeding of 2008 International Conference on e-Business Engineering, pp. 308–314. IEEE Computer Society, Los Alamitos (2008)

    Chapter  Google Scholar 

  22. Messerges, T.-S., Dabbish, E.-A., Sloan, R.-H.: Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  23. Sun, H.-M.: An efficient remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics 46(4), 958–961 (2000)

    Article  Google Scholar 

  24. Tsuar, W.-J.: An enhanced user authentication scheme for multi-server internet services. Applied Mathematics and Computation 170, 258–266 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  25. Tsuar, W.-J., Wu, C.-C., Lee, W.-B.: A flexible user authentication for multiserver internet services. In: Lorenz, P. (ed.) ICN 2001. LNCS, vol. 2093, pp. 174–183. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  26. Tsaur, W.-J., Wu, C.-C., Lee, W.-B.: A smart card-based remote scheme for password authentication in multi-server Internet services. Computer Standards & Interfaces 27, 39–51 (2004)

    Article  Google Scholar 

  27. Tian, X., Zhu, R.W., Wong, D.S.: Improved efficient remote user authentication schemes. International Jounal of Network Security 4(2), 149–154 (2007)

    Google Scholar 

  28. Yoon, E.-J., Kim, W.-H., Yoo, K.-Y.: Security enhancement for password authentication schemes with smart cards. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 311–320. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  29. Yang, W.-H., Shieh, S.-P.: Password authentication schemes with smart card. Computers & Security 18(8), 727–733 (1999)

    Article  Google Scholar 

  30. Yoon, E.-J., Ryu, E.-K., Yoo, K.-Y.: An improvement of Hwang-Lee-Tang’s simple remote user authentication scheme. Computers & Security 24(1), 50–56 (2005)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Cyber Investigation Police, Howon University, Korea

    Youngsook Lee

  2. Department of Computer Engineering, Sungkyunkwan University, Korea

    Dongho Won

Authors
  1. Youngsook Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Perugia, Via Vanvitelli, 1, 06123, Perugia, Italy

    Osvaldo Gervasi

  2. School of Business Systems, Clayton, Monash University, 3800, Victoria, Australia

    David Taniar

  3. L.I.S.U.T. - D.A.P.I.T., University of Basilicata, Viale dell’Ateneo Lucano 10, 85100, Potenza, Italy

    Beniamino Murgante

  4. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, 06123, Perugia, Italy

    Antonio Laganà

  5. School of Computing, Computer Communication Laboratory, SoongSil University, 1-1 Sang-do 5 Dong, Dong-jak Ku, 156-743, Seoul, Korea

    Youngsong Mun

  6. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lee, Y., Won, D. (2009). Security Vulnerabilities of a Remote User Authentication Scheme Using Smart Cards Suited for a Multi-server Environment. In: Gervasi, O., Taniar, D., Murgante, B., Laganà, A., Mun, Y., Gavrilova, M.L. (eds) Computational Science and Its Applications – ICCSA 2009. ICCSA 2009. Lecture Notes in Computer Science, vol 5593. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02457-3_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02457-3_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02456-6

  • Online ISBN: 978-3-642-02457-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation