skip to main content
10.1145/1754288.1754303acmotherconferencesArticle/Chapter ViewAbstractPublication PagescomputeConference Proceedingsconference-collections
research-article

An improvement of Xu et al.'s authentication scheme using smart cards

Published: 22 January 2010 Publication History

Abstract

In 2009, Xu et al. found that Lee et al.'s [3] scheme is vulnerable to offline password guessing attack. Xu et al. also demonstrated that Lee and Chiu's [4] scheme is vulnerable to forgery attack. Furthermore, Lee and Chiu's scheme does not achieve mutual authentication and thus can not resist malicious server attack. Therefore, Xu et al. proposed an improved scheme that inherits the merits of Lee et al.'s and Lee and Chiu's schemes and resists different possible attacks. However, we found that Xu et al.'s scheme is vulnerable to forgery attack. This paper presents an improved scheme to resolve the aforementioned problem, while keeping the merits of Xu et al.'s scheme.

References

[1]
C. L. Hsu, "Security of Chien et al.'s Remote User Authentication Scheme using Smart Cards," Computer Standards & Interfacéés, vol. 26, no. 3, pp. 167--169, July 2004.
[2]
H. Y. Chien, J. K. Jan and Y. M. Tseng, "An Efficient and Practical Solution to Remote Authentication: Smart Card," Computers & Security, vol. 21, no. 4, pp. 372--375, August 2002.
[3]
S. W. Lee, H. S. Kim and K. Y. Yoo, "Improvement of Chien et al.'s Remote User Authentication Scheme using Smart Cards," Computer Standards & Interfaces, vol. 27, no. 2, pp. 181--183, January 2005.
[4]
N. Y. Lee and Y. C. Chiu, "Improved Remote Authentication Scheme with Smart Card," Computer Standards & Interfaces, vol. 27, no. 2, pp. 177--180, January 2005.
[5]
S. T. Wu and B. C. Chieu, "A User Friendly Remote Authentication Scheme with Smart Cards," Computer & Security, vol. 22, no. 6, pp. 547--550, September 2003.
[6]
I. E. Liao, C. C. Lee and M. S. Hwang, "A Password Authentication Scheme over Insecure Networks," Journal of Computer and System Sciences, vol. 72, no. 4, pp. 727--740, June 2006.
[7]
G. Yang, D. S. Wong, H. Wang and X. Deng, "Two-factor Mutual Authentication based on Smart Cards and Passwords," Journal of Computer and System Sciences, vol. 74, no. 7, pp. 1160--1172, November 2008.
[8]
J. Xu, W. T. Zhu and D. G. Feng, "An Improved Smart Card based Password Authentication Scheme with Provable Security," Computer Standards & Interfaces, vol. 31, no. 4, pp. 723--728, June 2009.
[9]
P. Kocher, J. Jaffe and B. Jun, "Differential Power Analysis," Proc. CRYPTO 99, Springer-Verlag, pp. 388--397, August 1999.
[10]
T. S. Messerges, E. A. Dabbish and R. H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541--552, May 2002.

Cited By

View all
  • (2024)A Higher Performance Data Backup Scheme Based on Multi-Factor AuthenticationEntropy10.3390/e2608066726:8(667)Online publication date: 5-Aug-2024
  • (2022)Survey on Accent Correction and Region PredictionProceedings of the 6th International Conference on Advance Computing and Intelligent Engineering10.1007/978-981-19-2225-1_33(371-381)Online publication date: 22-Sep-2022
  • (2021)A New Remote Fuzzy User Password Authentication Scheme Using Sub-tree for Cloud ComputingInternational Journal of Circuits, Systems and Signal Processing10.46300/9106.2021.15.1115(92-105)Online publication date: 11-Feb-2021
  • Show More Cited By

Recommendations

Reviews

Zheng Gong

Password authentication based on smart cards is widely accepted in electronic transactions. Xu et al.'s cryptanalysis scheme [1] improves upon the schemes of Lee et al. [2] and Lee and Chiu [3], which are actually insecure for offline guessing attacks. Sood, Sarje, and Singh propose in this paper an improved scheme to resolve the problem of guessing attacks, while keeping the merits of Xu et al.'s scheme. The proposed scheme is based on the Diffie-Hellman computation. The security analysis shows the proposed scheme is secure against various types of attacks, such as malicious user attacks, offline dictionary attacks, and denial-of-services (DOS) attacks. The computational costs of the proposed scheme are also competitive. The paper is a good reference for researchers and engineers who work in the field. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
COMPUTE '10: Proceedings of the Third Annual ACM Bangalore Conference
January 2010
171 pages
ISBN:9781450300018
DOI:10.1145/1754288
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • ACM Bangalore chapter

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 January 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. authentication protocol
  2. cryptography
  3. hash function
  4. network security
  5. password
  6. smart card

Qualifiers

  • Research-article

Conference

Compute '10
Sponsor:
Compute '10: ACM Bangalore Chapter Annual Conference
January 22 - 23, 2010
Bangalore, India

Acceptance Rates

Overall Acceptance Rate 114 of 622 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)0
Reflects downloads up to 23 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)A Higher Performance Data Backup Scheme Based on Multi-Factor AuthenticationEntropy10.3390/e2608066726:8(667)Online publication date: 5-Aug-2024
  • (2022)Survey on Accent Correction and Region PredictionProceedings of the 6th International Conference on Advance Computing and Intelligent Engineering10.1007/978-981-19-2225-1_33(371-381)Online publication date: 22-Sep-2022
  • (2021)A New Remote Fuzzy User Password Authentication Scheme Using Sub-tree for Cloud ComputingInternational Journal of Circuits, Systems and Signal Processing10.46300/9106.2021.15.1115(92-105)Online publication date: 11-Feb-2021
  • (2021)Conformal Chebyshev chaotic map-based remote user password authentication protocol using smart cardComplex & Intelligent Systems10.1007/s40747-021-00555-y8:2(973-987)Online publication date: 29-Oct-2021
  • (2021)A robust smart card and remote user password-based authentication protocol using extended chaotic maps under smart cities environmentSoft Computing10.1007/s00500-021-05929-5Online publication date: 30-Jun-2021
  • (2020)Revised anonymous authentication protocol for adaptive client‐server infrastructureInternational Journal of Communication Systems10.1002/dac.425333:4Online publication date: 9-Jan-2020
  • (2019)Using a Systematic Framework to Critically Analyze Proposed Smart Card Based Two Factor Authentication SchemesJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2019.01.015Online publication date: Feb-2019
  • (2019)Advanced lightweight multi-factor remote user authentication scheme for cloud-IoT applicationsJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-019-01225-1Online publication date: 12-Feb-2019
  • (2019)Secure Remote User Mutual Authentication Scheme with Key Agreement for Cloud EnvironmentMobile Networks and Applications10.1007/s11036-018-1061-824:3(1046-1062)Online publication date: 1-Jun-2019
  • (2018)An ID-based authentication scheme to achieve the security of smart cardInternational Journal of Security and Networks10.1504/IJSN.2018.09064113:1(42-50)Online publication date: 1-Jan-2018
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media