An Improved Efficient Remote Password Authentication Scheme with Smart Card over Insecure Networks

In 2006, Liao et al. proposed a scheme over insecure networks. In 2006, Yoon-Yoo, and in 2008, Xiang et al. analyzed Liao et al.'s scheme and both of them pointed out, more or less, same vulnerabilities: like offline password guessing attack, impersonating the server by replay attack, denial of service attack on password changing and insider attack on it. But none of them suggested any solution to the pointed out attacks. This paper proposes an improved scheme with enhanced security, maintaining advantages of the original scheme and free from the attacks pointed out by Yoon-Yoo and Xiang et al..

[1]  Chin-Chen Chang,et al.  Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards , 2003, Informatica.

[2]  Kefei Chen,et al.  Cryptanalysis of a timestamp-based password authentication scheme , 2004, IACR Cryptol. ePrint Arch..

[3]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[4]  Manoj Kumar A New Secure Remote User Authentication Scheme with Smart Cards , 2010, Int. J. Netw. Secur..

[5]  Jianfeng Ma,et al.  An Improvement on a Three-party Password-based Key Exchange Protocol Using Weil Pairing , 2010, Int. J. Netw. Secur..

[6]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[7]  Kuldip Singh,et al.  An improvement of Liao et al.'s authentication scheme using smart cards , 2010, 2010 IEEE 2nd International Advance Computing Conference (IACC).

[8]  Kwok-Wo Wong,et al.  Cryptanalysis of a password authentication scheme over insecure networks , 2008, J. Comput. Syst. Sci..

[9]  Michael Scott,et al.  Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints , 2004, OPSR.

[10]  Yu-Chung Chiu,et al.  Improved remote authentication scheme with smart card , 2005, Comput. Stand. Interfaces.

[11]  Yu Xiu-yuan A new remote user authentication scheme of using smart card , 2008 .

[12]  Eun-Jun Yoon,et al.  Drawbacks of Liao et al.'s Password Authentication Scheme , 2006, International Conference on Next Generation Web Services Practices.

[13]  Nassar Ikram,et al.  Cryptanalysis and improvement on remote user mutual authentication scheme with smart cards , 2009, 2009 11th International Conference on Advanced Communication Technology.

[14]  Ching-Te Wang,et al.  An Exquisite Mutual Authentication Scheme with Key Agreement Using Smart Card , 2009, Informatica.

[15]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[16]  Chin-Laung Lei,et al.  Robust authentication and key agreement scheme preserving the privacy of secret key , 2011, Comput. Commun..

[17]  Li Guang,et al.  Cryptanalysis and Improvement of a Remote User Authentication Scheme , 2009, 2009 Second International Conference on Intelligent Computation Technology and Automation.

[18]  Lee-Ming Cheng,et al.  Cryptanalysis of a Timestamp-Based Password Authentication Scheme , 2002, Comput. Secur..

[19]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[20]  Jia-Yong Liu,et al.  A new mutual authentication scheme based on nonce and smart cards , 2008, Comput. Commun..

[21]  Wei-Chi Ku,et al.  Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments , 2009, Comput. Stand. Interfaces.

[22]  Eun-Jun Yoon,et al.  Efficient remote user authentication scheme based on generalized ElGamal signature scheme , 2004, IEEE Transactions on Consumer Electronics.

[23]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[24]  Chunhua Su,et al.  Two robust remote user authentication protocols using smart cards , 2010, J. Syst. Softw..

[25]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[26]  Chun-Ta Li,et al.  Cryptanalysis of Threshold Password Authentication Against Guessing Attacks in Ad Hoc Networks , 2009, Int. J. Netw. Secur..

[27]  Bin Wang,et al.  Cryptanalysis of an enhanced timestamp-based password authentication scheme , 2003, Comput. Secur..

[28]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[29]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..

[30]  Min Gyo Chung,et al.  More secure remote user authentication scheme , 2009, Comput. Commun..

[31]  Qi Xie,et al.  A Secure and Efficient Mutual Authentication Protocol Using Hash Function , 2009, 2009 WRI International Conference on Communications and Mobile Computing.

[32]  Chun-Ta Li An Enhanced Remote User Authentication Scheme Providing Mutual Authentication and Key Agreement with Smart Cards , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[33]  Hung-Wen Yang,et al.  Cryptanalysis of security enhancement for the timestamp-based password authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[34]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[35]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[36]  Min-Shiang Hwang,et al.  Cryptanalysis of a remote login authentication scheme , 1999, Comput. Commun..

[37]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[38]  Kee-Young Yoo,et al.  Improvement of Chien et al.'s remote user authentication scheme using smart cards , 2005, Comput. Stand. Interfaces.

[39]  Cheng-Chi Lee,et al.  An Improvement of SPLICE/AS in WIDE against Guessing Attack , 2001, Informatica.

[40]  葉禾田,et al.  Further Cryptanalysis of password authentication schemes with smart cards , 2003 .

[41]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[42]  Jianhua Chen,et al.  Weaknesses of a Remote User Password Authentication Scheme Using Smart Card , 2011, Int. J. Netw. Secur..

[43]  Scott B. Guthery,et al.  The Smart Cards: A Developer's Toolkit , 2002 .

[44]  Eun-Jun Yoon,et al.  New Authentication Scheme Based on a One-Way Hash Function and Diffie-Hellman Key Exchange , 2005, CANS.

[45]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .