skip to main content
10.1145/1741906.1741910acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicwetConference Proceedingsconference-collections
research-article

An improvement of Hsiang-Shih's authentication scheme using smart cards

Published: 26 February 2010 Publication History

Abstract

In 2004, Yoon et al. proposed a simple remote user authentication scheme which is an improvement on Ku and Chen's remote user authentication scheme. In 2009, Hsiang and Shih found that Yoon et al.'s scheme is vulnerable to masquerading attack, offline password guessing attack and parallel session attack. They proposed a simple remote user authentication scheme that inherits the merits of Yoon et al.'s scheme and removes the vulnerabilities of Yoon et al.'s scheme. However, we found that Hsiang and Shih's scheme is vulnerable to impersonation attack and offline guessing attack. This scheme also delays the checking of legitimacy of the user to authentication phase and fails to preserve the user anonymity. This paper presents a new remote user authentication scheme that resolves the aforementioned problems, while keeping the merits of Hsiang and Shih's scheme.

References

[1]
L. Lamport. Password Authentication with Insecure Communication. Communications of the ACM, vol. 24, no. 11, pages 770--772. November 1981.
[2]
M. S. Hwang and L. H. Li, "A New Remote User Authentication Scheme using Smart Cards", IEEE Transactions on Consumer Electronics, vol. 46, no. 1, pp. 28--30, February 2000.
[3]
H. M. Sun, "An Efficient Remote User Authentication Scheme using Smart Cards", IEEE Transactions on Consumer Electronics, vol. 46, no. 4, pp. 958--961, November 2000.
[4]
H. Y. Chien, J. K. Jan and Y. M. Tseng, "An Efficient and Practical Solution to Remote Authentication: Smart Card", Computers & Security, vol. 21, no. 4, pp. 372--375, August 2002.
[5]
W. C. Ku and S. M. Chen, "Weaknesses and Improvements of an Efficient Password based Remote User Authentication Scheme using Smart Cards", IEEE Transactions on Consumer Electronics, vol. 50, no. 1, pp. 204--207, February 2004.
[6]
E. J. Yoon, E. K. Ryu and K. Y. Yoo, "Further Improvement of an Efficient Password Based Remote User Authentication Scheme using Smart Cards", IEEE Transactions on Consumer Electronics, vol. 50, no. 2, pp. 612--614, August 2004.
[7]
H. C. Hsiang and W. K. Shih, "Weaknesses and Improvements of the Yoon-Ryu-Yoo Remote User Authentication Scheme using Smart Cards", Computer Communications, vol. 32, no. 4, pp. 649--652, March, 2009.
[8]
P. Kocher, J. Jaffe and B. Jun, "Differential Power Analysis", Proc. CRYPTO 99, Springer-Verlag, pp. 388--397, August 1999.
[9]
T. S. Messerges, E. A. Dabbish and R. H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers, vol. 51, no. 5, pp. 541--552, May 2002.

Cited By

View all
  • (2022)Survey on Accent Correction and Region PredictionProceedings of the 6th International Conference on Advance Computing and Intelligent Engineering10.1007/978-981-19-2225-1_33(371-381)Online publication date: 22-Sep-2022
  • (2018)Advanced dynamic identity-based authentication protocol using smart cardInternational Journal of Information and Computer Security10.1504/IJICS.2016.0753078:1(11-33)Online publication date: 16-Dec-2018

Index Terms

  1. An improvement of Hsiang-Shih's authentication scheme using smart cards

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      ICWET '10: Proceedings of the International Conference and Workshop on Emerging Trends in Technology
      February 2010
      1070 pages
      ISBN:9781605588124
      DOI:10.1145/1741906
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      • UNITECH: Unitech Engineers, India
      • AICTE: All India Council for Technical Education

      In-Cooperation

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 26 February 2010

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. authentication protocol
      2. cryptography
      3. dynamic identity
      4. hash function
      5. network security
      6. password
      7. smart card

      Qualifiers

      • Research-article

      Conference

      ICWET '10
      Sponsor:
      • UNITECH
      • AICTE

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)0
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 23 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2022)Survey on Accent Correction and Region PredictionProceedings of the 6th International Conference on Advance Computing and Intelligent Engineering10.1007/978-981-19-2225-1_33(371-381)Online publication date: 22-Sep-2022
      • (2018)Advanced dynamic identity-based authentication protocol using smart cardInternational Journal of Information and Computer Security10.1504/IJICS.2016.0753078:1(11-33)Online publication date: 16-Dec-2018

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media