Skip to main content
SpringerLink
Log in

Security Enhancement on an Improvement on Two Remote User Authentication Scheme Using Smart Cards

  • Conference paper
Book cover Communication and Networking (FGCN 2009)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 56))

Abstract

In 2004, Ku et al. proposed an improved efficient remote authentication scheme using smart cards to repair the security pitfalls found in Chien et al.’s scheme, in which only few hashing operations are required. Later, Yoon et al. presented an enhancement on Ku et al.’s scheme. Recently, Wang et al. showed that both Ku et al.’s scheme and Yoon et al.’s scheme are still vulnerable to the guessing attack, forgery attack and denial of service (DoS) attack. Then, proposed an efficient improvement over Ku et al.’s and Yoon et al.’s schemes with more security. In this paper, we state that Wang et al.’s scheme is vulnerable to the impersonation attack and parallel session attack. A modification to enhance the security of Wang et al.’s scheme is proposed. Our scheme is suitable for applications with high security requirement.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  2. Lennon, R.E., Matyas, S.M., Mayer, C.H.: Cryptographic authentication of time-invariant quantities. IEEE Transactions on Communications 29(6), 773–777 (1981)

    Article  Google Scholar 

  3. Yen, S.M., Liao, K.H.: Shared authentication token secure against replay and weak key attack. Information Processing Letters, 78–80 (1997)

    Google Scholar 

  4. Chien, H.Y., Jan, J.K., Tseng, Y.M.: An efficient and practical solution to remote authentication smart card. Computers and Security 21(4), 372–375 (2002)

    Article  Google Scholar 

  5. Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)

    Article  Google Scholar 

  6. Mitchell, C.: Limitations of challenge-response entity authentication. Electronic Letters 25(17), 1195–1196 (1989)

    Article  Google Scholar 

  7. Ku, W.C., Chen, C.M., Lee, H.L.: Cryptanalysis of a variant of Peyravian-Zunic’s password authentication scheme. IEICE Transactions on Communication E86-B(5), 1682–1684 (2003)

    Google Scholar 

  8. Hsu, C.L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards & Interfaces 26(3), 167–169 (2004)

    Article  Google Scholar 

  9. Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(2), 612–614 (2004)

    Article  Google Scholar 

  10. Wang, X.M., Zhang, W.F., Zhang, J.S., Khan, M.K.: Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Standards & Interfaces 29, 507–512 (2007)

    Article  Google Scholar 

  11. Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(1), 28–30 (2000)

    Article  Google Scholar 

  12. Chan, C.K., Cheng, L.M.: Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(4), 992–993 (2000)

    Article  Google Scholar 

  13. Sun, H.M.: An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(4), 958–961 (2000)

    Article  Google Scholar 

  14. Ku, W.C., Chang, S.T.: Impersonation attack on a dynamic ID based remote user authentication using smartcards. IEICE Transaction on Communication 88–b (5), 2165–2167 (2005)

    Article  Google Scholar 

  15. Wang, X., Guo, F., Lai, X., Yu, H.: Collisions for Hash Functions MD4,MD5, HAVAL-128 and RIPEMD, Rump Session of Crypto 2004 and IACR Eprint Archive (2004)

    Google Scholar 

  16. Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA1 (2005), http://www.infosec.sdu.edu.cn/paper/sha1-crypto-auth-new-2-yao.pdf

  17. Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Management, Vanung University, Taiwan, R.O.C

    HanCheng Hsiang

  2. Department of Computer Science, National Tsing Hua University, No. 101, Kuang Fu Rd, Sec. 2, 300, HsingChu, Taiwan, ROC

    TienHo Chen & WeiKuan Shih

Authors
  1. HanCheng Hsiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. TienHo Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. WeiKuan Shih
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Warsaw & Infobright Inc., Poland

    Dominik Ślęzak

  2. Hannam University, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  3. National Chung Cheng University, Chiayi County, Taiwan

    Alan Chin-Chen Chang

  4. University of Western Macedonia, West Macedonia, Greece

    Thanos Vasilakos

  5. Tianjin University, China

    MingChu Li

  6. Faculty of Information Science and Electrical Engineering, Kyushu University, 6-10-1 Hakozaki, 812-8581, Fukuoka, Japan

    Kouichi Sakurai

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hsiang, H., Chen, T., Shih, W. (2009). Security Enhancement on an Improvement on Two Remote User Authentication Scheme Using Smart Cards. In: Ślęzak, D., Kim, Th., Chang, A.CC., Vasilakos, T., Li, M., Sakurai, K. (eds) Communication and Networking. FGCN 2009. Communications in Computer and Information Science, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10844-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10844-0_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10843-3

  • Online ISBN: 978-3-642-10844-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation