Skip to main content
SpringerLink
Log in

Security Enhancement of an Improved Remote User Authentication Scheme with Key Agreement

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In 2014, Kumari, Khan and Li proposed smart card based secure and robust remote user authentication scheme with key agreement and claimed that their scheme is suitable, secure and efficient for real life applications. But in this paper, we demonstrate that their proposed mechanism is completely insecure as an adversary can easily obtain not only the security parameters of the protocol but also obtains the common session key of future communication between user and the server. In addition, an adversary gets password of the registered user as well as secret key of the server. Thus collapses the entire system and authors claims are proven to be wrong. Hence, to remedy the identified security flaws and to ensure secure communication through an insecure channel, we propose an upgraded secure and efficient authentication protocol. Furthermore, we verify the security of our authentication protocol informally as well as formally via widely accepted OFMC and CL-AtSe back-ends of AVISPA tool against active and passive attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  2. Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEEE Proceedings of Computer and Digital Techniques, 138(3), 165–168.

    Article  Google Scholar 

  3. Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.

    Article  Google Scholar 

  4. Awasthi, A. K. (2004). Comment on a dynamic ID based remote user authentication scheme. Transaction on Cryptology, 1(2), 15–16.

    MathSciNet  Google Scholar 

  5. Chien, H. Y., & Chen, C. H. (2005). A remote authentication scheme preserving user anonymity. Proceedings of Advanced Information Networking and Applications, 2, 245–248.

    Article  Google Scholar 

  6. He, D., & Wu, S. (2013). Security flaws in smart card based authentication scheme for multi server environment. Wireless Personal Communications, 70(1), 323–329.

  7. Ku, W. C., & Chang, S. T. (2005). Impersonation attack on dynamic ID based remote user authentication scheme using smart cards. IEICE Transactions on Communications, E88–B(5), 2165–2167.

    Article  Google Scholar 

  8. Liu, J., & Zhong, S. (2009). Analysis of Kim–Jeon–Yoo password authentication scheme. Cryptologia, 33(2), 183–187.

    Article  Google Scholar 

  9. Das, M. L., Saxena, A., & Gulati, V. P. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.

    Article  Google Scholar 

  10. Liao, I. E., Lee, C. C., & Hwang, M. H. (2005). Security enhancement for a dynamic ID based remote user authentication scheme. In Proceedings of Conference on Next Generation Web Services Practice, NWeSP 2005 (pp. 437–440).

  11. Yoon, E. J., Yoo, K. Y., & Hwang, M. H. (2006). Improving the dynamic ID based remote mutual authentication scheme. Proceedings of OTM Workshops, 4277, 499–507.

    Google Scholar 

  12. Wang, Y. Y., Liu, J. Y., Xiao, F. X., & Dan, J. (2009). A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications, 32(4), 583–585.

    Article  Google Scholar 

  13. Wen, F., & Li, X. (2012). An improved dynamic ID-based remote user authentication with key agreement scheme. Computers and Electrical Engineering, 38(2), 381–387.

    Article  Google Scholar 

  14. Chang, Y. F., Tai, W. L., & Chang, H. C. (2014). Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. International Journal of Communication System, 27(11), 3430–3440.

    Google Scholar 

  15. Kumari, S., Khan, M. K., & Li, X. (2014). An improved remote user authentication scheme with key agreement. Computers and Electrical Engineering, 40(6), 1997–2012.

    Article  Google Scholar 

  16. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. Advances in Cryptology CRYPTO’99, 1666, 388–397.

    MATH  Google Scholar 

  17. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., et al. (2005). The AVISPA tool for the automated validation of internet security protocols and applications. Computer Aided Verification, 3576, 281–285.

    Article  MATH  Google Scholar 

  18. Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Applied Sciences, Gautam Buddha University, Greater Noida, 201306, India

    Sonam Devgan Kaul & Amit K. Awasthi

Authors
  1. Sonam Devgan Kaul
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amit K. Awasthi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sonam Devgan Kaul.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kaul, S.D., Awasthi, A.K. Security Enhancement of an Improved Remote User Authentication Scheme with Key Agreement. Wireless Pers Commun 89, 621–637 (2016). https://doi.org/10.1007/s11277-016-3297-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3297-6

Keywords

Search

Navigation