Abstract
In 2004, Ku et al. proposed an improved efficient remote authentication scheme using smart cards to repair the security pitfalls found in Chien et al.’s scheme, in which only few hashing operations are required. Later, Yoon et al. presented an enhancement on Ku et al.’s scheme. Recently, Wang et al. showed that both Ku et al.’s scheme and Yoon et al.’s scheme are still vulnerable to the guessing attack, forgery attack and denial of service (DoS) attack. Then, proposed an efficient improvement over Ku et al.’s and Yoon et al.’s schemes with more security. In this paper, we state that Wang et al.’s scheme is vulnerable to the impersonation attack and parallel session attack. A modification to enhance the security of Wang et al.’s scheme is proposed. Our scheme is suitable for applications with high security requirement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Lennon, R.E., Matyas, S.M., Mayer, C.H.: Cryptographic authentication of time-invariant quantities. IEEE Transactions on Communications 29(6), 773–777 (1981)
Yen, S.M., Liao, K.H.: Shared authentication token secure against replay and weak key attack. Information Processing Letters, 78–80 (1997)
Chien, H.Y., Jan, J.K., Tseng, Y.M.: An efficient and practical solution to remote authentication smart card. Computers and Security 21(4), 372–375 (2002)
Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)
Mitchell, C.: Limitations of challenge-response entity authentication. Electronic Letters 25(17), 1195–1196 (1989)
Ku, W.C., Chen, C.M., Lee, H.L.: Cryptanalysis of a variant of Peyravian-Zunic’s password authentication scheme. IEICE Transactions on Communication E86-B(5), 1682–1684 (2003)
Hsu, C.L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards & Interfaces 26(3), 167–169 (2004)
Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(2), 612–614 (2004)
Wang, X.M., Zhang, W.F., Zhang, J.S., Khan, M.K.: Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Standards & Interfaces 29, 507–512 (2007)
Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(1), 28–30 (2000)
Chan, C.K., Cheng, L.M.: Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(4), 992–993 (2000)
Sun, H.M.: An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(4), 958–961 (2000)
Ku, W.C., Chang, S.T.: Impersonation attack on a dynamic ID based remote user authentication using smartcards. IEICE Transaction on Communication 88–b (5), 2165–2167 (2005)
Wang, X., Guo, F., Lai, X., Yu, H.: Collisions for Hash Functions MD4,MD5, HAVAL-128 and RIPEMD, Rump Session of Crypto 2004 and IACR Eprint Archive (2004)
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA1 (2005), http://www.infosec.sdu.edu.cn/paper/sha1-crypto-auth-new-2-yao.pdf
Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hsiang, H., Chen, T., Shih, W. (2009). Security Enhancement on an Improvement on Two Remote User Authentication Scheme Using Smart Cards. In: Ślęzak, D., Kim, Th., Chang, A.CC., Vasilakos, T., Li, M., Sakurai, K. (eds) Communication and Networking. FGCN 2009. Communications in Computer and Information Science, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10844-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-10844-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10843-3
Online ISBN: 978-3-642-10844-0
eBook Packages: Computer ScienceComputer Science (R0)