Cryptanalysis and Improvement of an 'Efficient Remote Mutual Authentication and Key Agreement'

A smart card based scheme is practical and widely used in remote mutual authentication. In 2006, Shieh-Wang pointed out the weakness of Juangpsilas remote mutual authentication scheme using smart card and further proposed a novel one to improve Juangpsilas. The advantages in Shieh-Wangpsilas scheme include effective mutual authentication, freely chosen password, no verification tables, low computational cost, session key agreement and no synchronized clocks. However, in 2007, Yoon-Yoo showed that Shieh-Wangpsilas scheme does not provide perfect forward secrecy, and is vulnerable to a privileged insiderpsilas attack. Furthermore, the current paper demonstrates that Shieh-Wangpsilas scheme is also vulnerable to the parallel session attack and lack of wrong password detection and then presents a more efficient and secure scheme to resolve all the above problems including those that Yoon-Yoo has pointed out with less computational cost increase.

[1]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[2]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[3]  Eun-Jun Yoon,et al.  Two Security Problems of Efficient Remote Mutual Authentication and Key Agreement , 2007, Future Generation Communication and Networking (FGCN 2007).

[4]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[5]  G. Lisimaque,et al.  Smart cards provide very high security and flexibility in subscribers management , 1990 .

[6]  Li Gong,et al.  A security risk of depending on synchronized clocks , 1992, OPSR.

[7]  Xiaomin Wang,et al.  Security Improvement on the Timestamp-based Password Authentication Scheme Using Smart Cards , 2006, 2006 IEEE International Conference on Engineering of Intelligent Systems.

[8]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[9]  Jianmin Wang,et al.  Efficient remote mutual authentication and key agreement , 2006, Comput. Secur..

[10]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[11]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[12]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..