Design and analysis of an improved smartcard‐based remote user password authentication scheme

SUMMARY With the fast development of the Internet and the telecommunication technologies, internet users are carrying out various electronic transactions over internet by means of the authentication protocols. To ensure efficient and robust online transaction, security of authentication protocol turns out to be a great concern nowadays. As a result, smartcard-based password authentication and session key agreement scheme receives significant attention in recent years. In the literature, various authentication schemes have been proposed by the cryptographic research community. Recently, Li et al. analyze some security weaknesses of the authentication scheme of Chen et al. and propose an enhancement based on the discrete logarithm problem and computational Diffie–Hellman problem. This paper further cryptanalyzes the scheme of Li et al. and identifies various security loopholes and then constructs a modified authentication scheme as a remedy. The security and efficiency evaluations demonstrate that our scheme has more security features and low computation costs than the related schemes. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[2]  Yingjiu Li,et al.  Cryptanalysis of Hsiang-Shih's authentication scheme for multi-server architecture , 2011, Int. J. Commun. Syst..

[3]  Ronggong Song,et al.  Analysis of Smart Card-Based Remote User Authentication Schemes , 2007, Security and Management.

[4]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[5]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[6]  Xinsong Liu,et al.  Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme , 2012, Int. J. Commun. Syst..

[7]  Han Jiang,et al.  Cryptanalysis on Identity-based Authenticated Key Agreement Protocols from Pairings , 2010, J. Networks.

[8]  Kuldip Singh,et al.  An improvement of Xu et al.'s authentication scheme using smart cards , 2010, Bangalore Compute Conf..

[9]  Luminita Vasiu,et al.  On The Indistinguishability-Based Security Model of Key Agreement Protocols-Simple Cases , 2005, IACR Cryptol. ePrint Arch..

[10]  Muhammad Khurram Khan,et al.  Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’ , 2014, Int. J. Commun. Syst..

[11]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[12]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[13]  Jianfeng Ma,et al.  Improvement of robust smart‐card‐based password authentication scheme , 2015, Int. J. Commun. Syst..

[14]  Colleen M. Swanson,et al.  Security in Key Agreement: Two-Party Certificateless Schemes , 2008 .

[15]  Jia-Lun Tsai,et al.  New dynamic ID authentication scheme using smart cards , 2010, Int. J. Commun. Syst..

[16]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[17]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[18]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[19]  Chik How Tan,et al.  Certificateless Authenticated Two-Party Key Agreement Protocols , 2006, ASIAN.

[20]  Debiao He,et al.  Anonymous two-factor authentication for consumer roaming service in global mobility networks , 2013, IEEE Transactions on Consumer Electronics.

[21]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[22]  Wei-Chi Ku,et al.  Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments , 2009, Comput. Stand. Interfaces.

[23]  Yuh-Min Tseng,et al.  Towards generalized ID-based user authentication for mobile multi-server environment , 2012, Int. J. Commun. Syst..

[24]  Jianhua Chen,et al.  A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[25]  Xiong Li,et al.  An enhanced smart card based remote user password authentication scheme , 2013, J. Netw. Comput. Appl..

[26]  Chun Chen,et al.  Lightweight and provably secure user authentication with anonymity for the global mobility network , 2011, Int. J. Commun. Syst..

[27]  Lih-Chyau Wuu,et al.  Robust smart‐card‐based remote user password authentication scheme , 2014, Int. J. Commun. Syst..

[28]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[29]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..