Abstract
User’s password with smart card based authentication protocol is needed to access resources securely from remote server. In 2014, Huang et al. proposed a timestamp-based authentication protocol and they claimed that their scheme is secure against all possible attacks. In this paper, we have pointed out that Huang et al.’s scheme is insecure against off-line password guessing attack, insider attack and forgery attack. Beside these, inefficient password update phase can lead to denial of service. To remove these security loopholes, we have proposed an efficient RSA-cryptosystem based remote user authentication scheme using smart card. Security (formal and informal) analysis shows that the proposed scheme provides better security tradeoff than Huang et al.’s scheme. Further, we have simulated our proposed scheme for the formal security verification using Automated Validation of Internet Security Protocols and Applications tool to confirm that the proposed scheme is secure against passive and active attacks. Performance analysis shows that the proposed scheme provides lower computational and communication cost than Huang et al.’s scheme as well as other related competitive existing schemes.
Similar content being viewed by others
References
Yang, W.-H., & Shieh, S.-P. (1999). Password authentication schemes with smart cards. Computers & Security, 18(8), 727–733.
Hwang, M.-S., & Li, L.-H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.
Chan, C.-K., & Cheng, L. M. (2000). Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(4), 992–993.
Fan, L., Li, J.-H., & Zhu, H.-W. (2002). An enhancement of timestamp-based password authentication scheme. Computers & Security, 21(7), 665–667.
Chan, C.-K., & Cheng, L. M. (2001). Cryptanalysis of a timestamp-based password authentication scheme. Computers & Security, 21(1), 74–76.
Shen, J.-J., Lin, C.-W., & Hwang, M.-S. (2003). A modified remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 49(2), 414–416.
Yang, C.-C., Wang, R.-C., & Chang, T.-Y. (2005). An improvement of the Yang–Shieh password authentication schemes. Applied Mathematics and Computation, 162(3), 1391–1396.
Liu, J.-Y., Zhou, A.-M., & Gao, M.-X. (2008). A new mutual authentication scheme based on nonce and smart cards. Computer Communications, 31(10), 2205–2209.
Sun, D.-Z., Huai, J.-P., Sun, J.-Z., & Li, J.-X. (2009). Cryptanalysis of a mutual authentication scheme based on nonce and smart cards. Computer Communications, 32(6), 1015–1017.
Awasthi, A. K., Srivastava, K., & Mittal, R. C. (2011). An improved timestamp-based remote user authentication scheme. Computers & Electrical Engineering, 37(6), 869–874.
Huang, H.-F., Chang, H.-W., & Po-Kai, Y. (2014). Enhancement of timestamp-based user authentication scheme with smart card. International Journal of Network Security, 16(6), 463–467.
Amin, R., & Biswas, G. P. (2015). Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wireless Personal Communications, 84, 439–462.
Maitra, T., & Giri, D. (2014). An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. Journal of Medical Systems, 38(12), 142.
Islam, S. H. (2014). A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack. Wireless Personal Communications, 79(3), 1975–1991.
Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192.
Wei, J., Liu, W., & Xuexian, H. (2014). Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 77(3), 2255–2269.
Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Elgamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4), 469–472.
Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.
Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology CRYPTO 99, volume 1666 of Lecture Notes in Computer Science (pp. 388–397).
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.
Giri, D., Maitra, T., Amin, R., & Srivastava, P. D. (2014). An efficient and robust RSA-based remote user authentication for telecare medical information systems. Journal of Medical Systems, 39(1), 145.
Das, A. K., & Bruhadeshwar, B. (2013). An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. Journal of Medical Systems, 37(5), 1–17.
Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security, 13(4), 1–16.
Forouzan, B. A., & Mukhopadhyay, D. (2010). Cryptography and network security 2/E (2nd ed.). New Delhi: Tata-McGraw Hill.
Amin, R., & Biswas, G. P. (2015). A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. Journal of Medical Systems, 39(3), 33.
Potlapally, N. R., Ravi, S., Raghunathan, A., & Jha, N. K. (2006). A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing, 5(2), 128–143.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Amin, R., Maitra, T., Giri, D. et al. Cryptanalysis and Improvement of an RSA Based Remote User Authentication Scheme Using Smart Card. Wireless Pers Commun 96, 4629–4659 (2017). https://doi.org/10.1007/s11277-017-4408-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-4408-8