A Secure Password-Authenticated Key Agreement Using Smart Cards

Smart card based password for authentication has become a common trend. Although smart card brings conveniences, it also increases the risk in the case of lost cards. In other words, when the smart card is possessed by an attacker, the attacker will possibly attempt to analyze the secret information within the smart card to deduce the authentication mechanism of the server and then forge user credentials or break the entire authentication system. In this paper, we analyze the lost smart card attack from Juang, et al.’s scheme [9] that proposes password authenticated key agreement and propose an improved robust and efficient user authentication and key agreement scheme using smart cards. In order to bolster the security of the entire system, we mitigated some of its weaknesses.

[1]  Bum-Jae You,et al.  A framework for Internet-based interaction of humans, robots, and responsive environments using agent technology , 2005, IEEE Transactions on Industrial Electronics.

[2]  Khalid Saeed,et al.  A Speech-and-Speaker Identification System: Feature Extraction, Description, and Classification of Speech-Signal Image , 2007, IEEE Transactions on Industrial Electronics.

[3]  Halim Fathoni,et al.  DEPARTMENT OF COMPUTER SCIENCE AND INFORMATION ENGINEERING , 2008 .

[4]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[5]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[6]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[7]  Wen-Shenq Juang,et al.  Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2008, IEEE Transactions on Industrial Electronics.

[8]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[9]  Alfred Menezes,et al.  Elliptic Curves and Cryptography , 1999 .

[10]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[11]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[12]  Foreword and Editorial International Journal of Hybrid Information Technology , 2022 .

[13]  Alfred Menezes,et al.  The State of Elliptic Curve Cryptography , 2000, Des. Codes Cryptogr..

[14]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..