Abstract
This paper discusses the security of Lee and Chiu’s remote user authentication scheme making use of smart cards. We first figure out that Lee and Chiu’s scheme does not achieve two-factor security. If an attacker steals some user’s smart card and extracts the information stored in the smart card, he/she can easily find out the user’s password. We show this by mounting an off-line dictionary attack on the scheme. In addition, we showed what really is causing the problem and how to fix it and proposed the scheme which improves on Lee and Chiu’s scheme.
This work was supported by Howon University in 2010.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anti-Phishing Working Group, http://www.antiphishing.org
Bird, R., Gopal, I., Herzberg, A., Janson, P.A., Kutten, S., Molva, R., Yung, M.: Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)
Carlsen, U.: Cryptographic protocol flaws: know your enemy. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop, pp. 192–200 (1994)
Chang, C.-C., Wu, T.-C.: Remote password authentication with smart cards. IEE Proceedings E-Computers and Digital Techniques 138(3), 165–168 (1991)
Chien, H.-Y., Jan, J.-K., Tseng, Y.-M.: An efficient and practical solution to remote authentication: smart card. Computers & Security 21(4), 372–375 (2002)
Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchange. Designs, Codes and Cryptography 2(2), 107–125 (1992)
Hsu, C.-L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Computer Standards and Interfaces 26(3), 167–169 (2004)
Hwang, M.-S., Li, L.-H.: A new remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics 46(1), 28–30 (2000)
Hwang, M.-S., Li, L.-H., Tang, Y.-L.: A simple remote user authentication. Mathematical and Computer Modelling 36, 103–107 (2002)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Ku, W.-C., Chang, S.-T., Chiang, M.-H.: Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Transactions on Commmunications E88-B(8), 3451–3454 (2005)
Lee, N.-Y., Chiu, Y.-C.: Improved remote authentication scheme with smart card. Computer Standards & Interfaces 27, 177–180 (2005)
Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1995)
Messerges, T.-S., Dabbish, E.-A., Sloan, R.-H.: Examining smart card security under the threat of power analysis attacks. IEEE Transaction on Computers 51(5), 541–552 (2002)
Sun, H.-M.: An efficient remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics 46(4), 958–961 (2000)
Wu, S.T., Chieu, B.: A user friendly remote authentication scheme with smart cards. Computer & Security 22(6), 547–550 (2003)
Yang, W.-H., Shieh, S.-P.: Password authentication schemes with smart card. Computers & Security 18(8), 727–733 (1999)
Yoon, E.-J., Kim, W.-H., Yoo, K.-Y.: Security enhancement for password authentication schemes with smart cards. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 90–99. Springer, Heidelberg (2005)
Yoon, E.-J., Ryu, E.-K., Yoo, K.-Y.: An improvement of Hwang-Lee-Tang’s simple remote user authentication scheme. Computers & Security 24(1), 50–56 (2005)
Tian, X., Zhu, R.W., Wong, D.: Improved Efficient Remote User Authentication Schemes. International Journal of Network Security 4(2), 149–154 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, Y., Yang, H., Won, D. (2010). Attacking and Improving on Lee and Chiu’s Authentication Scheme Using Smart Cards. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds) Information Security, Practice and Experience. ISPEC 2010. Lecture Notes in Computer Science, vol 6047. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12827-1_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-12827-1_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12826-4
Online ISBN: 978-3-642-12827-1
eBook Packages: Computer ScienceComputer Science (R0)