Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards

Recently, Chien et al. proposed an efficient remote authentication scheme using smart cards. However, we find that their scheme is vulnerable to a reflection attack and an insider attack. In addition, their scheme lacks reparability. Herein, we first show the weaknesses of Chien et al.'s scheme, and then propose an improved scheme with better security strength.

[1]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[2]  Stephen M. Matyas,et al.  Cryptographic Authentication of Time-Invariant Quantities , 1981, IEEE Trans. Commun..

[3]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[4]  Chris J. Mitchell,et al.  Limitations of challenge-response entity authentication , 1989 .

[5]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[6]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[7]  Tzonelih Hwang,et al.  Reparable key distribution protocols for Internet environments , 1995, IEEE Trans. Commun..

[8]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[9]  Chien-Ming Chen,et al.  Cryptanalysis of a Variant of Peyravian-Zunic's Password Authentication Scheme , 2003 .

[10]  Sung-Ming Yen,et al.  Shared Authentication Token Secure Against Replay and Weak Key Attacks , 1997, Inf. Process. Lett..

[11]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[12]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[13]  Chris J. Mitchell,et al.  Comments on the S/KEY user authentication scheme , 1996, OPSR.

[14]  Alec Yasinsac Dynamic analysis of security protocols , 2001, NSPW '00.

[15]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.