Abstract
In 2014, Kumari, Khan and Li proposed smart card based secure and robust remote user authentication scheme with key agreement and claimed that their scheme is suitable, secure and efficient for real life applications. But in this paper, we demonstrate that their proposed mechanism is completely insecure as an adversary can easily obtain not only the security parameters of the protocol but also obtains the common session key of future communication between user and the server. In addition, an adversary gets password of the registered user as well as secret key of the server. Thus collapses the entire system and authors claims are proven to be wrong. Hence, to remedy the identified security flaws and to ensure secure communication through an insecure channel, we propose an upgraded secure and efficient authentication protocol. Furthermore, we verify the security of our authentication protocol informally as well as formally via widely accepted OFMC and CL-AtSe back-ends of AVISPA tool against active and passive attacks.
Similar content being viewed by others
References
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEEE Proceedings of Computer and Digital Techniques, 138(3), 165–168.
Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.
Awasthi, A. K. (2004). Comment on a dynamic ID based remote user authentication scheme. Transaction on Cryptology, 1(2), 15–16.
Chien, H. Y., & Chen, C. H. (2005). A remote authentication scheme preserving user anonymity. Proceedings of Advanced Information Networking and Applications, 2, 245–248.
He, D., & Wu, S. (2013). Security flaws in smart card based authentication scheme for multi server environment. Wireless Personal Communications, 70(1), 323–329.
Ku, W. C., & Chang, S. T. (2005). Impersonation attack on dynamic ID based remote user authentication scheme using smart cards. IEICE Transactions on Communications, E88–B(5), 2165–2167.
Liu, J., & Zhong, S. (2009). Analysis of Kim–Jeon–Yoo password authentication scheme. Cryptologia, 33(2), 183–187.
Das, M. L., Saxena, A., & Gulati, V. P. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.
Liao, I. E., Lee, C. C., & Hwang, M. H. (2005). Security enhancement for a dynamic ID based remote user authentication scheme. In Proceedings of Conference on Next Generation Web Services Practice, NWeSP 2005 (pp. 437–440).
Yoon, E. J., Yoo, K. Y., & Hwang, M. H. (2006). Improving the dynamic ID based remote mutual authentication scheme. Proceedings of OTM Workshops, 4277, 499–507.
Wang, Y. Y., Liu, J. Y., Xiao, F. X., & Dan, J. (2009). A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications, 32(4), 583–585.
Wen, F., & Li, X. (2012). An improved dynamic ID-based remote user authentication with key agreement scheme. Computers and Electrical Engineering, 38(2), 381–387.
Chang, Y. F., Tai, W. L., & Chang, H. C. (2014). Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. International Journal of Communication System, 27(11), 3430–3440.
Kumari, S., Khan, M. K., & Li, X. (2014). An improved remote user authentication scheme with key agreement. Computers and Electrical Engineering, 40(6), 1997–2012.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. Advances in Cryptology CRYPTO’99, 1666, 388–397.
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., et al. (2005). The AVISPA tool for the automated validation of internet security protocols and applications. Computer Aided Verification, 3576, 281–285.
Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kaul, S.D., Awasthi, A.K. Security Enhancement of an Improved Remote User Authentication Scheme with Key Agreement. Wireless Pers Commun 89, 621–637 (2016). https://doi.org/10.1007/s11277-016-3297-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3297-6