An Enhanced Remote User Authentication Scheme with Smart Card

In 2000, Hwang and Li's proposed a new remote user authentication scheme with smart cards. Some researchers pointed out the security weaknesses of Hwang and Li's scheme and they also proposed some modified schemes to avoid these weaknesses. In 2004, Kumar proposed a new remote user authentication scheme and try to solve the security problems of Hwang and Li's scheme. This paper analyzes that Kumar's scheme does not satisfy some essential security requirements. Kumar's scheme does not support mutual authentication, session key generation phase for secure communication. In addition, in Kumar's scheme, the remote user is not free to change his password. This paper present an enhanced remote user authentication scheme with smart card that not only resolves all the security problems of Hwang and Li's scheme, but also adds mutual authentication, session key generation and password change phase to Kumar's scheme and provides forward secrecy to the long term secret key of the remote server. In the proposed scheme, first the server and user authenticate one another and then generate a secret session key for secure communication. In our scheme, the remote user is free to change his/her password without connecting to server.

[1]  Joseph A. Gallian,et al.  Modular arithmetic in the marketplace , 1988 .

[2]  Zhong-hua Shen A new modified remote user authentication scheme using smart cards , 2008 .

[3]  Manik Lal Das Comments on "Improved Efficient Remote User Authentication Schemes" , 2008, Int. J. Netw. Secur..

[4]  Lee-Ming Cheng,et al.  Cryptanalysis of a remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[5]  Cheng-Chi Lee,et al.  Man-in-the-Middle Attack on the Authentication of the User from the Remote Autonomous Object , 2005, Int. J. Netw. Secur..

[6]  Bin Wang,et al.  A Forward-Secure User Authentication Scheme with Smart Cards , 2006, Int. J. Netw. Secur..

[7]  Sung-Ming Yen,et al.  Shared Authentication Token Secure Against Replay and Weak Key Attacks , 1997, Inf. Process. Lett..

[8]  Amit K. Awasthi,et al.  A remote user authentication scheme using smart cards with forward secrecy , 2003, IEEE Trans. Consumer Electron..

[9]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[10]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[11]  Manoj Kumar,et al.  Some remarks on a remote user authentication scheme using smart cards with forward secrecy , 2004, IEEE Transactions on Consumer Electronics.

[12]  Udi Manber,et al.  A simple scheme to make passwords based on one-way functions much harder to crack , 1996, Comput. Secur..

[13]  Chou Chen Yang,et al.  An improvement of the Yang-Shieh password authentication schemes , 2005, Appl. Math. Comput..

[14]  Joseph A. Gallian,et al.  Assigning Driver's License Numbers. , 1991 .

[15]  Guanfei Fang,et al.  Improvement of recently proposed Remote User Authentication Schemes , 2006, IACR Cryptol. ePrint Arch..

[16]  Debasis Giri,et al.  A Cryptographic Key Assignment Scheme for Access Control in Poset Ordered Hierarchies with Enhanced Security , 2008, Int. J. Netw. Secur..

[17]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[18]  Božidar V. Popović,et al.  Mathematical and Computer Modelling , 2011 .

[19]  Stephen M. Matyas,et al.  Cryptographic Authentication of Time-Invariant Quantities , 1981, IEEE Trans. Commun..

[20]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[21]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[22]  Hussein M. Abdel-Wahab,et al.  A simple XOR-based technique for distributing group key in secure multicasting , 2000, Proceedings ISCC 2000. Fifth IEEE Symposium on Computers and Communications.

[23]  Ashutosh Saxena,et al.  A novel remote user authentication scheme using bilinear pairings , 2006, Comput. Secur..

[24]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[25]  Manoj Kumar,et al.  New remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[26]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..

[27]  Chou Chen Yang,et al.  Cryptanalysis of Two Improved Password Authentication Schemes Using Smart Cards , 2006, Int. J. Netw. Secur..

[28]  Jiann-Fu Lin,et al.  An efficient and complete remote user authentication scheme using smart cards , 2006, Math. Comput. Model..

[29]  Cheng-Chi Lee,et al.  A simple remote user authentication scheme , 2002 .

[30]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[31]  Jia-Yong Liu,et al.  A new mutual authentication scheme based on nonce and smart cards , 2008, Comput. Commun..

[32]  Kee-Young Yoo,et al.  Comment on "A remote user authentication scheme using smart cards with forward secrecy , 2004, IEEE Trans. Consumer Electron..

[33]  Chris J. Mitchell,et al.  Comments on the S/KEY user authentication scheme , 1996, OPSR.

[34]  Debasis Giri,et al.  An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings , 2007, IACR Cryptol. ePrint Arch..

[35]  Duncan S. Wong,et al.  Improved Efficient Remote User Authentication Schemes , 2007, Int. J. Netw. Secur..