Remote user authentication scheme using smart card: a review

User authentication is the process of verifying the legitimacy of a user. Until now, several authentication schemes using smart card proposed in the literature and each proposed scheme has its own merits and demerits. A common attribute among most of the proposed schemes is that the user identity is static in all the transaction sessions, which may reveal some facts about that user and can create threat of identity theft during the communication. In this paper, we have defined all the security requirements and all the goals an ideal remote user authentication scheme should satisfy and achieve. We have presented the results of our survey about remote user authentication schemes for client-server model. All the schemes are vulnerable to various attacks and do not meet the goals. In the future, we look forward to an ideal remote user authentication scheme, which meets all the security requirements and achieves all the goals can be developed. We should confidence that the attacks and goals we offer here can also aid future researchers develop better schemes.

[1]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[2]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[3]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[4]  Xiong Li,et al.  An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement , 2014, Secur. Commun. Networks.

[5]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[6]  G. P. Biswas,et al.  Design of improved password authentication and update scheme based on elliptic curve cryptography , 2013, Math. Comput. Model..

[7]  Lih-Chyau Wuu,et al.  Robust smart‐card‐based remote user password authentication scheme , 2014, Int. J. Commun. Syst..

[8]  葉禾田,et al.  Further Cryptanalysis of password authentication schemes with smart cards , 2003 .

[9]  Cheng-Chi Lee,et al.  A Robust Remote User Authentication Scheme against Smart Card Security Breach , 2011, DBSec.

[10]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[11]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[12]  Wei Liang,et al.  An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture , 2015, Wirel. Pers. Commun..

[13]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[14]  Wei-Kuan Shih,et al.  Security enhancement on an improvement on two remote user authentication schemes using smart cards , 2011, Future Gener. Comput. Syst..

[15]  Chi-Sung Laih,et al.  Password authentication using public-key cryptography , 1989 .

[16]  Akihiro Shimizu,et al.  A dynamic password authentication method using a one-way function , 1991, Systems and Computers in Japan.

[17]  Yu-Chung Chiu,et al.  Improved remote authentication scheme with smart card , 2005, Comput. Stand. Interfaces.

[18]  Hung-Min Sun,et al.  Security of a Remote User Authentication Scheme Using Smart Cards(Internet) , 2004 .

[19]  Wen-Shenq Juang,et al.  Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2008, IEEE Transactions on Industrial Electronics.

[20]  Manoj Kumar,et al.  An Improved Efficient Remote Password Authentication Scheme with Smart Card over Insecure Networks , 2011, Int. J. Netw. Secur..

[21]  Jenq-Shiou Leu,et al.  Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards , 2014, IET Inf. Secur..

[22]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[23]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[24]  Xuelei Li,et al.  An improved dynamic ID-based remote user authentication with key agreement scheme , 2012, Comput. Electr. Eng..

[25]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[26]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[27]  Prosanta Gope,et al.  Lightweight and Energy-Efficient Mutual Authentication and Key Agreement Scheme With User Anonymity for Secure Communication in Global Mobility Networks , 2016, IEEE Systems Journal.

[28]  Xiong Li,et al.  An enhanced smart card based remote user password authentication scheme , 2013, J. Netw. Comput. Appl..

[29]  Mohammad Peyravian,et al.  Secure remote user access over insecure networks , 2006, Comput. Commun..

[30]  Cheng-Chi Lee,et al.  A Robust Remote User Authentication Scheme Using Smart Card , 2011, Inf. Technol. Control..

[31]  Kee-Young Yoo,et al.  An improvement on Yang et al.'s password authentication schemes , 2005, Appl. Math. Comput..

[32]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[33]  SK Hafizul Islam,et al.  Design and analysis of an improved smartcard‐based remote user password authentication scheme , 2016, Int. J. Commun. Syst..

[34]  Zhenfu Cao,et al.  Efficient remote user authentication scheme using smart card , 2005, Comput. Networks.

[35]  Chin-Chen Chang,et al.  Using smart cards to authenticate remote passwords , 1993 .

[36]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[37]  Hu Jin,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012 .

[38]  Manoj Kumar,et al.  Cryptanalysis and security enhancement of Chen et al.’s remote user authentication scheme using smart card , 2012, Central European Journal of Computer Science.

[39]  Ya-Fen Chang,et al.  Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update , 2014, Int. J. Commun. Syst..

[40]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[41]  Lee-Ming Cheng,et al.  Cryptanalysis of a remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[42]  Li Xu,et al.  Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems , 2014, IEEE Transactions on Parallel and Distributed Systems.

[43]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[44]  Lee-Ming Cheng,et al.  Cryptanalysis of a Timestamp-Based Password Authentication Scheme , 2002, Comput. Secur..

[45]  Jizhou Sun,et al.  Improvements of Juang 's Password-Authenticated Key Agreement Scheme Using Smart Cards , 2009, IEEE Transactions on Industrial Electronics.

[46]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[47]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[48]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[49]  Wei-Chi Ku,et al.  Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments , 2009, Comput. Stand. Interfaces.

[50]  Chin-Chen Chang,et al.  Comment on Remote Password Authentication with Smart Cards , 1992 .

[51]  JanJinn-Ke,et al.  An Efficient and Practical Solution to Remote Authentication , 2002 .

[52]  Jiann-Fu Lin,et al.  An efficient and complete remote user authentication scheme using smart cards , 2006, Math. Comput. Model..

[53]  Hung-Min Sun,et al.  An authentication protocol without trusted third party , 1997, IEEE Communications Letters.

[54]  Chin-Chen Chang,et al.  Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards , 2003, Informatica.

[55]  Chunguang Ma,et al.  Breaking a Robust Remote User Authentication Scheme Using Smart Cards , 2012, NPC.

[56]  Fan Wu,et al.  An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity , 2015, Secur. Commun. Networks.

[57]  Chun-Ta Li,et al.  A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card , 2013, IET Inf. Secur..

[58]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[59]  Tzonelih Hwang,et al.  Non-interactive password authentications without password tables , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.

[60]  Ping Wang,et al.  Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards , 2013, ISC.

[61]  R. C. Mittal,et al.  An improved timestamp-based remote user authentication scheme , 2011, Comput. Electr. Eng..

[62]  Matu-Tarow Noda,et al.  Simple and Secure Password Authentication Protocol (SAS) , 2000 .

[63]  Kwok-Wo Wong,et al.  Cryptanalysis of a password authentication scheme over insecure networks , 2008, J. Comput. Syst. Sci..

[64]  Xiong Li,et al.  A new authenticated key agreement scheme based on smart cards providing user anonymity with formal proof , 2015, Secur. Commun. Networks.

[65]  Jianfeng Ma,et al.  Improvement of robust smart‐card‐based password authentication scheme , 2015, Int. J. Commun. Syst..

[66]  Hung-Wen Yang,et al.  Cryptanalysis of security enhancement for the timestamp-based password authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[67]  Wang Shiuh-Jeng,et al.  Refereed paper: Smart card based secure password authentication scheme , 1996 .

[68]  Jianmin Wang,et al.  Efficient remote mutual authentication and key agreement , 2006, Comput. Secur..

[69]  Peng Wu,et al.  Secure password-based remote user authentication scheme with non-tamper resistant smart cards , 2012, IACR Cryptol. ePrint Arch..

[70]  Ding Wang,et al.  Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards , 2012 .

[71]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[72]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[73]  G. P. Biswas,et al.  Comments on ID-Based Client Authentication with Key Agreement Protocol on ECC for Mobile Client-Server Environment , 2011, ACC.

[74]  R. Saravanan,et al.  A secure remote user mutual authentication scheme using smart cards , 2014, J. Inf. Secur. Appl..

[75]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..

[76]  Min Gyo Chung,et al.  More secure remote user authentication scheme , 2009, Comput. Commun..

[77]  Eun-Jun Yoon,et al.  Drawbacks of Liao et al.'s Password Authentication Scheme , 2006, International Conference on Next Generation Web Services Practices.

[78]  R. Saravanan,et al.  A Secure Authentication Scheme with User Anonymity for Roaming Service in Global Mobility Networks , 2015, Wirel. Pers. Commun..

[79]  Min-Shiang Hwang,et al.  Security enhancement for the timestamp-based password authentication scheme using smart cards , 2003, Comput. Secur..

[80]  Min-Shiang Hwang,et al.  A new strong-password authentication scheme using one-way hash functions , 2006 .

[81]  Muhammad Khurram Khan,et al.  Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’ , 2014, Int. J. Commun. Syst..

[82]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[83]  Jenq-Shiou Leu,et al.  Exploiting hash functions to intensify the remote user authentication scheme , 2012, Comput. Secur..

[84]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[85]  Chunhua Su,et al.  Two robust remote user authentication protocols using smart cards , 2010, J. Syst. Softw..

[86]  Wei Liang,et al.  Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update , 2015, Int. J. Commun. Syst..

[87]  R. Saravanan,et al.  Cryptanalysis and an Improvement of New Remote Mutual Authentication Scheme using Smart Cards , 2015 .

[88]  Kee-Young Yoo,et al.  Improvement of Chien et al.'s remote user authentication scheme using smart cards , 2005, Comput. Stand. Interfaces.