Journal of Applied Science and Engineering

Published by Tamkang University Press

1.30

Impact Factor

2.10

CiteScore

Computer Science and Information Engineering

Jian-Wen Peng1, Wen-Bing Horng This email address is being protected from spambots. You need JavaScript enabled to view it.2, Ying-Ching Chiu2 and Chao-Sheng Liu2

1Department of Commerce Technology and Management, Chihlee Institute of Technology, Taipei, Taiwan 220, R.O.C.
2Department of Computer Science and Information Engineering, Tamkang University, Tamsui, Taiwan 251, R.O.C.

 

Received: February 18, 2013
Accepted: June 28, 2013
Publication Date: September 1, 2013

Download Citation: ||https://doi.org/10.6180/jase.2013.16.3.07  


ABSTRACT

Remote user authentication is an essential part in electronic commerce to identify legitimate users over the Internet. However, how to protect user privacy in the authentication has become an important issue recently. Therefore, many secure authentication schemes with smart cards have been proposed. In this paper, we will analyze the security weaknesses of two recently proposed authentication schemes for preserving user privacy. First, Chang et al. (2011) proposed a robust and efficient remote user authentication scheme to provide user anonymity. However, this scheme fails to protect user privacy in terms of anonymity and traceability. In addition, it is vulnerable to the server counterfeit attack and it does not provide perfect forward secrecy for session keys. Furthermore, if the smart card is lost, it will suffer from the offline password guessing attack as well as the user impersonation attack. Second, Wen and Li (2012) recently presented an improved dynamic ID-based authentication scheme with key agreement. However, this scheme is vulnerable to traceability. In addition, it does not support perfect forward secrecy for session keys. Furthermore, the insecure offline password change phase and online secret renewal phase will result in the denial of service attack.


Keywords: Authentication, Cryptanalysis, Perfect Forward Secrecy, Session Key, Smart Card


REFERENCES

  1. [1] Lamport, L., “Password Authentication with Insecure Communication,” Communications of the ACM, Vol. 24, No. 11, pp. 770772 (1981). doi: 10.1145/358790. 358797
  2. [2] Hwang, M. S. and Li, L. H., “A New Remote User Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 2830 (2000). doi: 10.1109/30.826377
  3. [3] Hwang, M. S., Lee, C. C. and Tang, Y. L., “A Simple Remote User Authentication Scheme,” Mathematical and Computer Modelling, Vol. 36, No. 12, pp. 103 107 (2002). doi: 10.1016/S0895-7177(02)00106-1
  4. [4] Chien, H. Y., Jan, J. K. and Tseng, Y. M., “An Efficient and Practical Solution to Remote Authentication: Smart Card,” Computers & Security, Vol. 21, No. 4, pp. 372375 (2002). doi: 10.1016/S0167-4048(02)00415-7
  5. [5] Fan, C. I., Chan, Y. C. and Zhang, Z. K., “Robust Remote Authentication Scheme with Smart Cards,” Computers & Security, Vol. 24, No. 8, pp. 619628 (2005). doi: 10.1016/j.cose.2005.03.006
  6. [6] Shieh, W. G. and Wang, J. M., “Efficient Remote Mutual Authentication and Key Agreement,” Computers & Security, Vol. 25, No. 1, pp. 7277 (2006). doi: 10.1016/j.cose.2005.09.008
  7. [7] Liao, I. E., Lee, C. C. and Hwang, M. S., “A Password Authentication Scheme over Insecure Networks,” Journal of Computer and System Sciences, Vol. 72, No. 4, pp. 727740 (2006). doi: 10.1016/j.jcss.2005. 10.001
  8. [8] Shieh, W. G. and Horng, W. B., “Efficient and Complete Remote Authentication Scheme with Smart Cards,” Proc. IEEE International Conference on Intelligence and Security Informatics, Taipei, Taiwan, June 1720, pp. 122127 (2008). doi: 10.1109/ISI.2008.4565041
  9. [9] Chung, H. R., Ku, W. C. and Tsaur, M. J., “Weaknesses and Improvement of Wang et al.’s Remote User Password Authentication Scheme for Resource-Limited Environments,” Computer Standards & Interfaces, Vol. 31, No. 4, pp. 863868 (2009). doi: 10.1016/j.csi. 2008.09.020
  10. [10] Hsiang, H. C. and Shih, W. K., “Weaknesses and Improvements of the Yoon-Ryu-Yoo Remote User Authentication Scheme Using Smart Cards,” Computer Communications, Vol. 32, No. 4, pp. 649652 (2009). doi: 10.1016/j.comcom.2008.11.019
  11. [11] Shieh, W. G. and Horng, W. B., “A Security and Efficiency Improvement of Chung et al.’s Remote Authentication Scheme for Resource-Limited Environments,” Journal of Converge Information Technology, Vol. 8, No. 2, pp. 795803 (2013). doi: 10.4156/jcit.vol8. issue2.95
  12. [12] Das, M. L., Saxena, A. and Gulati, V. P., “A Dynamic ID-Based Remote User Authentication Scheme,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629631 (2004). doi: 10.1109/TCE.2004.1309441
  13. [13] Awasthi, A. K. and Lal, S., “Security Analysis of a Dynamic ID-Based Remote User Authentication Scheme,” http://eprint.iacr.org/2004/238.pdf (2004).
  14. [14] Ku, W. C. and Chang, S. T., “Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards,” IEICE Transactions on Communications, Vol. E88-B, No. 5, pp. 21652167 (2005). doi: 10.1093/ietcom/e88-b.5.2165
  15. [15] Shieh, W. G. and Chi, Y. H., “A Mutual Authentication Scheme Protecting User’s Anonymity Using Smart Card,” WSEAS Transactions on Information Science and Applications, Vol. 3, No. 6, pp. 10721077 (2006).
  16. [16] Wang, Y. Y., Liu, J. Y., Xiao, F. X. and Dan, J., “A More Efficient and Secure Dynamic ID-Based Remote User Authentication Scheme,” Computer Communications, Vol. 32, No. 4, pp. 583585 (2009). doi: 10.1016/j.comcom.2008.11.008
  17. [17] Yeh, K. H., Su, C., Lo, N. W., Li, Y. and Hung, Y. X., “Two Robust Remote User Authentication Protocols Using Smart Cards,” Journal of System and Software, Vol. 83, No. 12, pp. 25562565 (2010). doi: 10.1016/ j.jss.2010.07.062
  18. [18] Khan, M. K., Kim, S. K. and Alghathbar, K., “Cryptanalysis and Security Enhancement of a ‘More Efficient & Secure Dynamic ID-Based Remote User Authentication Scheme’,” Computer Communications, Vol. 34, No. 3, pp. 305309 (2011). doi: 10.1016/ j.comcom.2010.02.011
  19. [19] Chang, C. C., Le, H. D., Lee, C. Y. and Chang, C. H., “A Robust and Efficient Smart Card Oriented Remote User Authentication Protocol,” Proc. of 7th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Dalian, China, Oct. 1416, pp. 252255 (2011). doi: 10.1109/IIHMSP. 2011.51
  20. [20] Wen, F. and Li, X., “An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme,” Computers and Electrical Engineering, Vol. 38, No. 2, pp. 381387 (2012). doi: 10.1016/j. compeleceng.2011.11.010
  21. [21] Chien, H. Y. and Chen, C. H., “A Remote Authentication Scheme Preserving User Anonymity,” Proc. of IEEE 19th International Conference on Advanced Information Networking and Applications, Taipei, Taiwan, March 2830, pp. 245248 (2005). doi: 10. 1109/AINA.2005.54

Latest Articles

N*-Iteration Approach for Approximation of Fixed Points in Uniformly Convex Banach Space
N*-Iteration Approach for Approximation of Fixed Points in Uniformly Convex Banach SpaceVolume 28, Issue 8 (In Press)

Read more: ...

Predicting Optimum Moisture Content by the individual and hybrid approach of machine learning
Predicting Optimum Moisture Content by the individual and hybrid approach of machine learningVolume 28, Issue 8 (In Press)

Read more: ...

SparseBatch: Communication-efficient Federated Learning with Partially Homomorphic Encryption
SparseBatch: Communication-efficient Federated Learning with Partially Homomorphic EncryptionVolume 28, Issue 8 (In Press)

Read more: ...

A novel motion key frame extraction and video stream classification based on reinforcement learning and feature fusion
A novel motion key frame extraction and video stream classification based on reinforcement learning and feature fusionVolume 28, Issue 8 (In Press)

Read more: ...

Using Artificial Intelligence Techniques for Reconstructing GRACE Data Over Nile River
Using Artificial Intelligence Techniques for Reconstructing GRACE Data Over Nile RiverVolume 28, Issue 8 (In Press)

Read more: ...

An Effective and Efficient Renewable Energy Generation Forecasting via Meteorological Assistance
An Effective and Efficient Renewable Energy Generation Forecasting via Meteorological AssistanceVolume 28, Issue 7 (In Press)

Read more: ...

Homotopy Analysis Method for Solving Fuzzy Variable – Order Fractional Partial Differential Equations with Proportional Delay
Homotopy Analysis Method for Solving Fuzzy Variable – Order Fractional Partial Differential Equations with Proportional DelayVolume 28, Issue 7 (In Press)

Read more: ...

Preparation and Performance Optimization of Bacterial Slag-Based Activated Carbon Considering Hardness and Electrical Properties
Preparation and Performance Optimization of Bacterial Slag-Based Activated Carbon Considering Hardness and Electrical PropertiesVolume 28, Issue 7 (In Press)

Read more: ...

A DI-SRM Model for Production Bottleneck Prediction in Flexible Production Line
A DI-SRM Model for Production Bottleneck Prediction in Flexible Production LineVolume 28, Issue 7 (In Press)

Read more: ...

    



 

2.1
2023CiteScore
 
 
69th percentile
Powered by  Scopus

SCImago Journal & Country Rank

You may also like these articles below...

Most Popular Articles

Research Categories

Enter your name and email below to receive latest published articles in Journal of Applied Science and Engineering.