DoS-resistant ID-based password authentication scheme using smart cards

In this paper, we provide a defense mechanism to Kim-Lee-Yoo's ID-based password authentication scheme, which is vulnerable to impersonation attacks and resource exhaustion attacks. Mutual authentication and communication privacy are regarded as essential requirements in today's client/server-based architecture; therefore, a lightweight but secure mutual authentication method is introduced in the proposed scheme. Once the mutual authentication is successful, the session key will be established without any further computation. The proposed defense mechanism not only accomplishes the mutual authentication and the session key establishment, but also inherits the security advantages of Kim-Lee-Yoo's scheme, e.g. it is secure against password guessing attacks and message replay attacks.

[1]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[2]  Wei-Chi Ku,et al.  Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards , 2005 .

[3]  Udo Payer,et al.  Combating Wireless LAN MAC-layer Address Spoofing with Fingerprinting Methods , 2009, Int. J. Netw. Secur..

[4]  Yu Xiuyuan A Modified Remote User Authentication Scheme Using Smart Cards , 2008 .

[5]  Hai Jin,et al.  Congestion-Based RoQ DDoS Attacking and Defense Scheme in Mobile Ad Hoc Networks , 2006, Journal of Computer Research and Development.

[6]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[7]  Valer BOCAN Threshold Puzzles : The Evolution of DOS-resistant Authentication , 2004 .

[8]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[9]  Abdulmotaleb El-Saddik,et al.  Detecting and Preventing IP-spoofed Distributed DoS Attacks , 2008, Int. J. Netw. Secur..

[10]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[11]  Wei-Pang Yang,et al.  Enhanced privacy and authentication for the global system for mobile communications , 1999, Wirel. Networks.

[12]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[13]  Yuefei Zhu,et al.  Proof of Forward Security for Password-based Authenticated Key Exchange , 2008, Int. J. Netw. Secur..

[14]  Kamil Saraç,et al.  Defending Network-Based Services Against Denial of Service Attacks , 2006, Proceedings of 15th International Conference on Computer Communications and Networks.

[15]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[16]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[17]  Zhenfu Cao,et al.  Efficient Certificateless Authentication and Key Agreement (CL-AK) for Grid Computing , 2008, Int. J. Netw. Secur..

[18]  Chun-Ta Li,et al.  Cryptanalysis of Threshold Password Authentication Against Guessing Attacks in Ad Hoc Networks , 2009, Int. J. Netw. Secur..

[19]  Wei Ren Pulsing RoQ DDoS Attacking and Defense Scheme in Mobile Ad Hoc Networks , 2007, Int. J. Netw. Secur..

[20]  Michael Scott,et al.  Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints , 2004, OPSR.

[21]  Afrand Agah,et al.  Preventing DoS Attacks in Wireless Sensor Networks: A Repeated Game Theory Approach , 2007, Int. J. Netw. Secur..

[22]  Jianfeng Ma,et al.  An Improvement on a Three-party Password-based Key Exchange Protocol Using Weil Pairing , 2010, Int. J. Netw. Secur..

[23]  Abdulmotaleb El-Saddik,et al.  Requirements for Client Puzzles to Defeat the Denial of Service and the Distributed Denial of Service Attacks , 2006, Int. Arab J. Inf. Technol..

[24]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[25]  Cheng-Chi Lee,et al.  Extension of authentication protocol for GSM , 2003 .

[26]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[27]  Manoj Kumar,et al.  An Enhanced Remote User Authentication Scheme with Smart Card , 2010, Int. J. Netw. Secur..

[28]  Ari Juels,et al.  Client puzzles: A cryptographic defense against connection depletion , 1999 .

[29]  Wen Gao,et al.  Elliptic Curve Cryptography Based Wireless Authentication Protocol , 2007, Int. J. Netw. Secur..

[30]  Rajendra S. Katti,et al.  A Hash-based Strong Password Authentication Protocol with User Anonymity , 2006, Int. J. Netw. Secur..

[31]  Chou Chen Yang,et al.  Cryptanalysis of Two Improved Password Authentication Schemes Using Smart Cards , 2006, Int. J. Netw. Secur..

[32]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[33]  Bin Wang,et al.  A Forward-Secure User Authentication Scheme with Smart Cards , 2006, Int. J. Netw. Secur..

[34]  Yuh-Min Tseng,et al.  A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards , 2008, Informatica.

[35]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[36]  Geoffrey Keating Performance Analysis of AES candidates on the 6805 CPU core , 1999 .

[37]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[38]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[39]  Kee-Young Yoo,et al.  ID-based password authentication scheme using smart cards and fingerprints , 2003, OPSR.

[40]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[41]  Yijun He,et al.  Towards Improving an Algebraic Marking Scheme for Tracing DDoS Attacks , 2009, Int. J. Netw. Secur..

[42]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..