A security enhanced mutual authentication scheme based on nonce and smart cards

There are many mutual authentication schemes proposed in the literature for preventing unauthorized parties from accessing resources in an insecure environment. However, most of them based on smart cards have assumed a tamper resistant condition for the smart card. To solve the problem, Huang, Liu, and Chen (2013) proposed a mutual authentication scheme based on nonce and smart cards and claimed that the adversary was not able to attack and access the system even if he could extract the data stored in the smart card. Unfortunately, in this paper, we will demonstrate that Huang et al.’s scheme is vulnerable to the offline password guessing attack and the privileged insider attack. We also propose an improved scheme to overcome the weaknesses.

[1]  Jenq-Shiou Leu,et al.  Design and implementation of a mobile home surveillance system , 2010 .

[2]  Jia-Yong Liu,et al.  A new mutual authentication scheme based on nonce and smart cards , 2008, Comput. Commun..

[3]  Min-Shiang Hwang,et al.  Security enhancement for the timestamp-based password authentication scheme using smart cards , 2003, Comput. Secur..

[4]  Li Xiao-feng Remote password authentication scheme based on smart card , 2005 .

[5]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[6]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[7]  Jie Zhou,et al.  Key Tree and Chinese Remainder Theorem Based Group Key Distribution Scheme , 2009, ICA3PP.

[8]  Lee-Ming Cheng,et al.  Cryptanalysis of a Timestamp-Based Password Authentication Scheme , 2002, Comput. Secur..

[9]  Hui-Feng Huang,et al.  Designing a New Mutual Authentication Scheme Based on Nonce and Smart Cards , 2010, International Symposium on Parallel and Distributed Processing with Applications.

[10]  Lei Fan,et al.  An enhancement of timestamp-based password authentication scheme , 2002, Comput. Secur..

[11]  Jianhua Li,et al.  Security improvement on a timestamp-based password authentication scheme , 2004, IEEE Trans. Consumer Electron..

[12]  Eun-Jun Yoon,et al.  Attacks on the Shen et al.'s Timestamp-Based Password Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Jizhou Sun,et al.  Cryptanalysis of a mutual authentication scheme based on nonce and smart cards , 2009, Comput. Commun..

[14]  Jie Zhou,et al.  Key tree and Chinese remainder theorem based group key distrubution scheme , 2009 .

[15]  Jianhua Chen,et al.  Note on 'Design of improved password authentication and update scheme based on elliptic curve cryptography' , 2012, Math. Comput. Model..

[16]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[17]  G. P. Biswas,et al.  Design of improved password authentication and update scheme based on elliptic curve cryptography , 2013, Math. Comput. Model..

[18]  Kefei Chen,et al.  Cryptanalysis of a timestamp-based password authentication scheme , 2004, IACR Cryptol. ePrint Arch..