A Secure Password-Based Remote User Authentication Scheme without Smart Cards

There are many remote user authentication schemes proposed in literatures for preventing unauthorized parties from accessing resources in an insecure environment. Due to inherent tamper-resistance, most of them are based on smart card authentication schemes. Unfortunately, the cost of cards and readers make these schemes costly. In the real world, common storage devices, such as universal serial bus (USB) thumb drives, portable HDDs, mobile phones, Laptop or Desktop PCs, are widely used, and they are much cheaper or more convenient for storing user authentication information. However, since these devices do not provide tamper-resistance, it is a challenge to design a secure authentication scheme using these kinds of memory devices. In this paper, we will propose a secure password-based remote user authentication and key agreement scheme without using smart cards. According to our analysis, the proposed scheme guarantees mutual authentication and also resists off-line dictionary, replay, forgery, and impersonation attacks. Compared to related scheme, the proposed scheme’s computation cost is lower and the total message length is shorter. Therefore, our scheme is suitable even for applications in limited power computing environments. DOI: http://dx.doi.org/10.5755/j01.itc.41.1.975

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  Zuowen Tan,et al.  Security Analysis of Two Password Authentication Schemes , 2009, 2009 Eighth International Conference on Mobile Business.

[3]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[4]  Douglas R. Stinson Cryptography: Theory and Practice, Third Edition , 2005 .

[5]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[6]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[7]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[8]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[9]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[10]  Jizhou Sun,et al.  Cryptanalysis of a mutual authentication scheme based on nonce and smart cards , 2009, Comput. Commun..

[11]  Cheng-Chi Lee,et al.  A Robust Remote User Authentication Scheme Using Smart Card , 2011, Inf. Technol. Control..

[12]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[13]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[14]  Chou Chen Yang,et al.  Cryptanalysis of a user friendly remote authentication scheme with smart cards , 2004, Comput. Secur..

[15]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[16]  Jia-Yong Liu,et al.  A new mutual authentication scheme based on nonce and smart cards , 2008, Comput. Commun..

[17]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[18]  Dong Hoon Lee,et al.  A remote user authentication scheme without using smart cards , 2009, Comput. Stand. Interfaces.

[19]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.