Skip to main content
SpringerLink
Log in

Attacking and Improving on Lee and Chiu’s Authentication Scheme Using Smart Cards

  • Conference paper
Information Security, Practice and Experience (ISPEC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6047))

  • 692 Accesses

Abstract

This paper discusses the security of Lee and Chiu’s remote user authentication scheme making use of smart cards. We first figure out that Lee and Chiu’s scheme does not achieve two-factor security. If an attacker steals some user’s smart card and extracts the information stored in the smart card, he/she can easily find out the user’s password. We show this by mounting an off-line dictionary attack on the scheme. In addition, we showed what really is causing the problem and how to fix it and proposed the scheme which improves on Lee and Chiu’s scheme.

This work was supported by Howon University in 2010.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anti-Phishing Working Group, http://www.antiphishing.org

  2. Bird, R., Gopal, I., Herzberg, A., Janson, P.A., Kutten, S., Molva, R., Yung, M.: Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)

    Article  Google Scholar 

  3. Carlsen, U.: Cryptographic protocol flaws: know your enemy. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop, pp. 192–200 (1994)

    Google Scholar 

  4. Chang, C.-C., Wu, T.-C.: Remote password authentication with smart cards. IEE Proceedings E-Computers and Digital Techniques 138(3), 165–168 (1991)

    Google Scholar 

  5. Chien, H.-Y., Jan, J.-K., Tseng, Y.-M.: An efficient and practical solution to remote authentication: smart card. Computers & Security 21(4), 372–375 (2002)

    Article  Google Scholar 

  6. Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchange. Designs, Codes and Cryptography 2(2), 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  7. Hsu, C.-L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces 26(3), 167–169 (2004)

    Article  Google Scholar 

  8. Hwang, M.-S., Li, L.-H.: A new remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics 46(1), 28–30 (2000)

    Article  Google Scholar 

  9. Hwang, M.-S., Li, L.-H., Tang, Y.-L.: A simple remote user authentication. Mathematical and Computer Modelling 36, 103–107 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  10. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  11. Ku, W.-C., Chang, S.-T., Chiang, M.-H.: Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Transactions on Commmunications E88-B(8), 3451–3454 (2005)

    Google Scholar 

  12. Lee, N.-Y., Chiu, Y.-C.: Improved remote authentication scheme with smart card. Computer Standards & Interfaces 27, 177–180 (2005)

    Article  Google Scholar 

  13. Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1995)

    Article  MATH  Google Scholar 

  14. Messerges, T.-S., Dabbish, E.-A., Sloan, R.-H.: Examining smart card security under the threat of power analysis attacks. IEEE Transaction on Computers 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  15. Sun, H.-M.: An efficient remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics 46(4), 958–961 (2000)

    Article  Google Scholar 

  16. Wu, S.T., Chieu, B.: A user friendly remote authentication scheme with smart cards. Computer & Security 22(6), 547–550 (2003)

    Article  Google Scholar 

  17. Yang, W.-H., Shieh, S.-P.: Password authentication schemes with smart card. Computers & Security 18(8), 727–733 (1999)

    Article  Google Scholar 

  18. Yoon, E.-J., Kim, W.-H., Yoo, K.-Y.: Security enhancement for password authentication schemes with smart cards. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 90–99. Springer, Heidelberg (2005)

    Google Scholar 

  19. Yoon, E.-J., Ryu, E.-K., Yoo, K.-Y.: An improvement of Hwang-Lee-Tang’s simple remote user authentication scheme. Computers & Security 24(1), 50–56 (2005)

    Article  Google Scholar 

  20. Tian, X., Zhu, R.W., Wong, D.: Improved Efficient Remote User Authentication Schemes. International Journal of Network Security 4(2), 149–154 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Cyber Investigation Police, Howon University, Korea

    Youngsook Lee

  2. Department of Computer and Media Information, Kangnam University, Korea

    Hyungkyu Yang

  3. Department of Computer Engineering, Sungkyunkwan University, Korea

    Dongho Won

Authors
  1. Youngsook Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hyungkyu Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, 646 Eupnae-ri, Shinchang-myun, Asan-si, 336-745, Chungcheongnam-do, Korea

    Jin Kwak

  2. School of Information Systems, Singapore Management University, 469 Bukit Timah Road, 259756, Singapore

    Robert H. Deng

  3. Internet and Security Policy Division, Korea Internet and Security Agency, Daedong B/D, Garak-dong 79-3, Songpa-gu, 138-950, Seoul, Korea

    Yoojae Won

  4. School of Computer Science, University of Birmingham, B15 2TT, Birmingham, UK

    Guilin Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lee, Y., Yang, H., Won, D. (2010). Attacking and Improving on Lee and Chiu’s Authentication Scheme Using Smart Cards. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds) Information Security, Practice and Experience. ISPEC 2010. Lecture Notes in Computer Science, vol 6047. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12827-1_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12827-1_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12826-4

  • Online ISBN: 978-3-642-12827-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation