Skip to main content
SpringerLink
Log in

A New Dynamic ID-Based Remote User Authentication Scheme with Forward Secrecy

  • Conference paper
Web Technologies and Applications (APWeb 2012)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7234))

Included in the following conference series:

Abstract

Forward secrecy is one of the important properties of remote user authentication schemes to limit the effects of eventual failure of the entire system when the long-term private keys of one or more parties are compromised. Recently, Tsai et al. showed that Wang et al.’s dynamic ID-based remote user authentication scheme fails to achieve user anonymity and is vulnerable to user impersonation attack, and proposed an enhanced version to overcome all the identified flaws. In this paper, however, we will point out that, Tsai et al.’s scheme still suffers from the denial of service attack and cannot provide forward secrecy. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Tsai et al.’s scheme and is more suitable for mobile application scenarios where resource constrained and security concerned.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chang, C.C., Wu, T.C.: Remote password authentication with smart cards. IEE Proceedings-E 138(3), 165–168 (1993)

    Google Scholar 

  2. Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)

    Article  Google Scholar 

  3. Liao, I.E., Lee, C.C., Hwang, M.S.: A password authentication scheme over insecure networks. Journal of Computer and System Sciences 72(4), 727–740 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  4. Chung, H.R., Ku, W.C., Tsaur, M.J.: Weaknesses and improvement of Wang et al.’s remote user password authentication scheme for resource-limited environments. Computer Standards & Interfaces 31(4), 863–868 (2009)

    Article  Google Scholar 

  5. Horng, W.B., Lee, C.P., Peng, J.: A secure remote authentication scheme preserving user anonymity with non-tamper resistant smart cards. WSEAS Transactions on Information Science and Applications 7(5), 619–628 (2010)

    Google Scholar 

  6. Kim, J.Y., Choi, H.K., Copeland, J.A.: Further Improved Remote User Authentication Scheme. IEICE Transactions on Fundamentals 94(6), 1426–1433 (2011)

    Article  Google Scholar 

  7. Wilson, S.B., Johnson, D., Menezes, A.: Key Agreement Protocols and Their Security Analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)

    Google Scholar 

  8. Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 50(2), 629–631 (2004)

    Article  Google Scholar 

  9. Chien, H.Y., Chen, C.H.: A remote authentication scheme preserving user anonymity. In: IEEE AINA 2005, pp. 245–248. IEEE Computer Society, Los Alamitos (2005)

    Google Scholar 

  10. Wang, Y.Y., Kiu, J.Y., Xiao, F.X.: A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 32(4), 583–585 (2009)

    Article  Google Scholar 

  11. Tsai, J.L., Wu, T.C., Tsai, K.Y.: New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems 23(12), 1449–1462 (2010)

    Article  Google Scholar 

  12. Gong, L.: A security risk of depending on synchronized clocks. ACM Operating System Review 26(1), 49–53 (1992)

    Article  Google Scholar 

  13. Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  14. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-Card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51, 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  15. Tsai, C.S., Lee, C.C., Hwang, M.S.: Password Authentication Schemes: Current Status and Key Issues. International Journal of Network Security 3(2), 101–115 (2006)

    Google Scholar 

  16. Schneier, B.: Applied cryptography,protocols, algorithms, and source code in C, 2nd edn. John Wiley and Sons Inc., New York (1996)

    MATH  Google Scholar 

  17. Wong, D.S., Fuentes, H.H., Chan, A.H.: The Performance Measurement of Cryptographic Primitives on Palm Devices. In: Proceedings of ACSAC 2001, pp. 92–101. IEEE Computer Society, Washington, DC (2001)

    Google Scholar 

  18. Mao, M.B.: Modern Cryptography: Theory and Practice. Prentice Hall PTR, New Jersey (2004)

    Google Scholar 

  19. Potlapally, N.R., Ravi, S., Raghunathan, A., et al.: A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing 5(2), 128–143 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Harbin Engineering University, 145 Nantong Street, Harbin City, 150001, China

    Chun-Guang Ma, Ding Wang & Ping Zhao

  2. Automobile Management Institute of PLA, Bengbu City, 233011, China

    Ding Wang

  3. Golisano College of Computing and Information Sciences, Rochester Institute of Technology, 102 Lomb Memorial Dr., Rochester, NY, 14623, USA

    Yu-Heng Wang

Authors
  1. Chun-Guang Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ding Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ping Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yu-Heng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Southern Queensland, Toowoomba, QLD, Australia

    Hua Wang

  2. Peking University, Beijing, China

    Lei Zou  & Dongyan Zhao  & 

  3. Victoria University, Melbourne, Australia

    Guangyan Huang  & Jing He  & 

  4. CSIRO, The Australian E-Health Research Center, Australia

    Chaoyi Pang

  5. NIT, Zhejiang University, 1 Xuefu Road, Ningbo, China

    Hao Lan Zhang

  6. Zhejiang Gongshang University, Hangzhou, China

    Zhuang Yi

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ma, CG., Wang, D., Zhao, P., Wang, YH. (2012). A New Dynamic ID-Based Remote User Authentication Scheme with Forward Secrecy. In: Wang, H., et al. Web Technologies and Applications. APWeb 2012. Lecture Notes in Computer Science, vol 7234. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29426-6_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29426-6_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29425-9

  • Online ISBN: 978-3-642-29426-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation