On the security of two password authenticated key agreement scheme using smart cards

Abstract After a password authenticated key agreement scheme using smart cards was proposed by Juang et al in 2008. Sun et al and Li et al respectively demonstrated some weaknesses in Juang's scheme and proposed improved schemes. However, although the later two schemes overcome the weaknesses in earlier scheme, we find several weaknesses in them. In Sun's scheme, there are two defects, insecurity under card-compromise attack and weaknesses of password-changing operation. And in Li's scheme we find following defects: vulnerability to denial of server (DoS) attack, server-compromise forward insecurity, complex key setup and session key problems. This paper discussed these problems in detail and our analysis will be helpful to avoid similar mistakes in future works.

[1]  Jianhua Li,et al.  Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2010, IEEE Transactions on Industrial Electronics.

[2]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[4]  Wen-Shenq Juang,et al.  Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2008, IEEE Transactions on Industrial Electronics.

[5]  Vladimir Kolesnikov,et al.  Password Mistyping in Two-Factor-Authenticated Key Exchange , 2008, ICALP.

[6]  Chun Chen,et al.  A strong user authentication scheme with smart cards for wireless communications , 2011, Comput. Commun..

[7]  Vitaly Shmatikov,et al.  Information Hiding, Anonymity and Privacy: a Modular Approach , 2004, J. Comput. Secur..

[8]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[9]  Chin-Laung Lei,et al.  Robust authentication and key agreement scheme preserving the privacy of secret key , 2011, Comput. Commun..

[10]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[11]  Jizhou Sun,et al.  Improvements of Juang 's Password-Authenticated Key Agreement Scheme Using Smart Cards , 2009, IEEE Transactions on Industrial Electronics.

[12]  Jong Hyuk Park,et al.  Robust one-time password authentication scheme using smart card for home network environment , 2011, Comput. Commun..