论文信息 - An improvement of Liao et al.'s authentication scheme using smart cards

An improvement of Liao et al.'s authentication scheme using smart cards

In 2004, Das et al. proposed a dynamic identity based remote user authentication scheme. They claimed that their scheme is secure against different attacks. Unfortunately, many researchers demonstrated that Das et al. scheme is vulnerable to various attacks. Furthermore, this scheme does not achieve mutual authentication and thus can not resist malicious server attack. In 2005, Liao et al. improved Das et al.'s scheme and claimed that the improved scheme achieves mutual authentication, withstand password guessing attack and insider attack. In 2006, Yoon and Yoo demonstrated a reflection attack on Liao et al.'s scheme that breaks the mutual authentication. In this paper, we found that Liao et al.'s scheme is also vulnerable to malicious user attack, impersonation attack, stolen smart card attack and offline password guessing attack. Moreover, Liao et al.'s scheme does not maintain the user's anonymity and its password change phase is insecure. This paper presents a secure dynamic identity based authentication scheme using smart cards to resolve the aforementioned problems, while keeping the merits of different dynamic identity based authentication schemes.

Kuldip Singh | Sandeep K. Sood | Anil K. Sarje

[1] Zhang Ji-hong. A new dynamic password authentication scheme , 2007 .

[2] Hung-Yu Chien,et al. A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[3] Paul C. Kocher,et al. Differential Power Analysis , 1999, CRYPTO.

[4] Amit K. Awasthi. Comment on A dynamic ID-based Remote User Authentication Scheme , 2004, ArXiv.

[5] Ashutosh Saxena,et al. A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[6] Cheng-Chi Lee,et al. Security enhancement for a dynamic ID-based remote user authentication scheme , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[7] Leslie Lamport,et al. Password authentication with insecure communication , 1981, CACM.

[8] Wei-Chi Ku,et al. Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[9] Eun-Jun Yoon,et al. Improving the Dynamic ID-Based Remote Mutual Authentication Scheme , 2006, OTM Workshops.

[10] Robert H. Sloan,et al. Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[11] Shuenn-Shyang Wang,et al. An New Dynamic ID-based Remote User Authentication Scheme Using Smart Cards , 2006 .