Cryptanalysis and security enhancement of Chen et al.’s remote user authentication scheme using smart card

Recently (2011) Chen et al. found that Wang et al.’s scheme (2007) is vulnerable to impersonation attacks and parallel session attacks; and then proposed a security enhancement of Wang et al.’s scheme. Chen et al. claimed to inherit the merits and eradicate the flaws of the original scheme through their improved scheme. Unfortunately, we found that Chen et al.’s scheme inherits some flaws of the original scheme, like the known-key attack, smart card loss attack and its serious consequences. In addition, Chen et al.’s scheme is not easily reparable and is unable to provide forward secrecy. Thus Chen et al.’s scheme still has scope for security enhancement. Finally, we propose an improved scheme with better security strength. Moreover, we analyze the performance of our scheme and prove that ours is suitable for applications with high security requirements.

[1]  Wei-Chi Ku,et al.  Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[2]  JanJinn-Ke,et al.  An Efficient and Practical Solution to Remote Authentication , 2002 .

[3]  Yu-Yi Chen,et al.  "Paramita wisdom" password authentication scheme without verification tables , 1998, J. Syst. Softw..

[4]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[5]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[6]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[7]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[8]  Chris J. Mitchell,et al.  Comments on the S/KEY user authentication scheme , 1996, OPSR.

[9]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[10]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[11]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[12]  Wei-Kuan Shih,et al.  Security enhancement on an improvement on two remote user authentication schemes using smart cards , 2011, Future Gener. Comput. Syst..

[13]  Yu-Chung Chiu,et al.  Improved remote authentication scheme with smart card , 2005, Comput. Stand. Interfaces.

[14]  Yu Xiu-yuan A new remote user authentication scheme of using smart card , 2008 .

[15]  Wei-Chi Ku,et al.  Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards , 2005 .

[16]  Ashutosh Saxena,et al.  An improved bilinear pairing based remote user authentication scheme , 2009, Comput. Stand. Interfaces.

[17]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[18]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[19]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[20]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[21]  Min Gyo Chung,et al.  More secure remote user authentication scheme , 2009, Comput. Commun..

[22]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[23]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[24]  Chin-Chen Chang,et al.  Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards , 2003, Informatica.

[25]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[26]  Gwoboa Horng Password Authentication Without Using a Password Table , 1995, Inf. Process. Lett..

[27]  Chi-Kwong Chan,et al.  Cryptanalysis of a modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[28]  KhanMuhammad Khurram,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007 .

[29]  Jia-Yong Liu,et al.  A new mutual authentication scheme based on nonce and smart cards , 2008, Comput. Commun..

[30]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[31]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[32]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[33]  Hung-Yu Chien,et al.  A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[34]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[35]  Allen Roginsky,et al.  Hash-based encryption system , 1999, Comput. Secur..

[36]  Li Gong,et al.  A security risk of depending on synchronized clocks , 1992, OPSR.

[37]  Muhammad Khurram Khan,et al.  Fingerprint Biometric-based Self-Authentication and Deniable Authentication Schemes for the Electronic World , 2009 .

[38]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[39]  Lee-Ming Cheng,et al.  Cryptanalysis of a remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[40]  Sung-Ming Yen,et al.  Shared Authentication Token Secure Against Replay and Weak Key Attacks , 1997, Inf. Process. Lett..

[41]  Hirohito Inagaki,et al.  A Password Authentication Method for Contents Communications on the Internet , 1998 .

[42]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[43]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[44]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[45]  Chris J. Mitchell,et al.  Limitations of challenge-response entity authentication , 1989 .

[46]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[47]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.