Skip to main content
SpringerLink
Log in

Cryptanalysis and Improvement of an RSA Based Remote User Authentication Scheme Using Smart Card

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

User’s password with smart card based authentication protocol is needed to access resources securely from remote server. In 2014, Huang et al. proposed a timestamp-based authentication protocol and they claimed that their scheme is secure against all possible attacks. In this paper, we have pointed out that Huang et al.’s scheme is insecure against off-line password guessing attack, insider attack and forgery attack. Beside these, inefficient password update phase can lead to denial of service. To remove these security loopholes, we have proposed an efficient RSA-cryptosystem based remote user authentication scheme using smart card. Security (formal and informal) analysis shows that the proposed scheme provides better security tradeoff than Huang et al.’s scheme. Further, we have simulated our proposed scheme for the formal security verification using Automated Validation of Internet Security Protocols and Applications tool to confirm that the proposed scheme is secure against passive and active attacks. Performance analysis shows that the proposed scheme provides lower computational and communication cost than Huang et al.’s scheme as well as other related competitive existing schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Yang, W.-H., & Shieh, S.-P. (1999). Password authentication schemes with smart cards. Computers & Security, 18(8), 727–733.

    Article  Google Scholar 

  2. Hwang, M.-S., & Li, L.-H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.

    Article  Google Scholar 

  3. Chan, C.-K., & Cheng, L. M. (2000). Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(4), 992–993.

    Article  Google Scholar 

  4. Fan, L., Li, J.-H., & Zhu, H.-W. (2002). An enhancement of timestamp-based password authentication scheme. Computers & Security, 21(7), 665–667.

    Article  Google Scholar 

  5. Chan, C.-K., & Cheng, L. M. (2001). Cryptanalysis of a timestamp-based password authentication scheme. Computers & Security, 21(1), 74–76.

    Article  Google Scholar 

  6. Shen, J.-J., Lin, C.-W., & Hwang, M.-S. (2003). A modified remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 49(2), 414–416.

    Article  Google Scholar 

  7. Yang, C.-C., Wang, R.-C., & Chang, T.-Y. (2005). An improvement of the Yang–Shieh password authentication schemes. Applied Mathematics and Computation, 162(3), 1391–1396.

    Article  MathSciNet  MATH  Google Scholar 

  8. Liu, J.-Y., Zhou, A.-M., & Gao, M.-X. (2008). A new mutual authentication scheme based on nonce and smart cards. Computer Communications, 31(10), 2205–2209.

    Article  Google Scholar 

  9. Sun, D.-Z., Huai, J.-P., Sun, J.-Z., & Li, J.-X. (2009). Cryptanalysis of a mutual authentication scheme based on nonce and smart cards. Computer Communications, 32(6), 1015–1017.

    Article  Google Scholar 

  10. Awasthi, A. K., Srivastava, K., & Mittal, R. C. (2011). An improved timestamp-based remote user authentication scheme. Computers & Electrical Engineering, 37(6), 869–874.

    Article  Google Scholar 

  11. Huang, H.-F., Chang, H.-W., & Po-Kai, Y. (2014). Enhancement of timestamp-based user authentication scheme with smart card. International Journal of Network Security, 16(6), 463–467.

    Google Scholar 

  12. Amin, R., & Biswas, G. P. (2015). Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wireless Personal Communications, 84, 439–462.

    Article  Google Scholar 

  13. Maitra, T., & Giri, D. (2014). An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. Journal of Medical Systems, 38(12), 142.

    Article  Google Scholar 

  14. Islam, S. H. (2014). A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack. Wireless Personal Communications, 79(3), 1975–1991.

    Article  Google Scholar 

  15. Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192.

    Article  Google Scholar 

  16. Wei, J., Liu, W., & Xuexian, H. (2014). Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 77(3), 2255–2269.

    Article  Google Scholar 

  17. Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.

    Article  Google Scholar 

  18. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  19. Elgamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4), 469–472.

    Article  MathSciNet  MATH  Google Scholar 

  20. Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.

    Article  MathSciNet  MATH  Google Scholar 

  21. Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  MATH  Google Scholar 

  22. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology CRYPTO 99, volume 1666 of Lecture Notes in Computer Science (pp. 388–397).

  23. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  24. Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.

    Article  Google Scholar 

  25. Giri, D., Maitra, T., Amin, R., & Srivastava, P. D. (2014). An efficient and robust RSA-based remote user authentication for telecare medical information systems. Journal of Medical Systems, 39(1), 145.

    Article  Google Scholar 

  26. Das, A. K., & Bruhadeshwar, B. (2013). An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. Journal of Medical Systems, 37(5), 1–17.

    Article  Google Scholar 

  27. Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security, 13(4), 1–16.

    Article  Google Scholar 

  28. Forouzan, B. A., & Mukhopadhyay, D. (2010). Cryptography and network security 2/E (2nd ed.). New Delhi: Tata-McGraw Hill.

    Google Scholar 

  29. Amin, R., & Biswas, G. P. (2015). A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. Journal of Medical Systems, 39(3), 33.

    Article  Google Scholar 

  30. Potlapally, N. R., Ravi, S., Raghunathan, A., & Jha, N. K. (2006). A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing, 5(2), 128–143.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Thapar University, Patiala, India

    Ruhul Amin

  2. Department of Computer Science and Engineering, Jadavpur University, Kolkata, 700032, India

    Tanmoy Maitra

  3. Department of Computer Science and Engineering, Haldia Institute of Technology, Haldia, 721657, India

    Debasis Giri

  4. Department of Mathematics, Indian Institute of Technology Kharagpur, Kharagpur, 721302, India

    P. D. Srivastava

Authors
  1. Ruhul Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tanmoy Maitra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Debasis Giri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. P. D. Srivastava
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruhul Amin.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Amin, R., Maitra, T., Giri, D. et al. Cryptanalysis and Improvement of an RSA Based Remote User Authentication Scheme Using Smart Card. Wireless Pers Commun 96, 4629–4659 (2017). https://doi.org/10.1007/s11277-017-4408-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-017-4408-8

Keywords

Search

Navigation