Improvement of a security enhanced one-time two-factor authentication and key agreement scheme

Abstract In 2010, Holbl et al. showed that Shieh et al.’s mutual authentication and key agreement scheme is vulnerable to the smart card lost attack, not achieving perfect forward secrecy, and proposed a security enhanced scheme to eliminate these weaknesses. In this paper, we show that Holbl et al.’s security enhancement is still vulnerable to the smart card lost attacks. In addition, their scheme cannot resist impersonation attacks and parallel session attacks. Seeing that the existing mutual authentication schemes using smart cards are almost vulnerable to the smart card lost attacks, we further propose a new one-time two-factor mutual authentication and key agreement scheme to eliminate these weaknesses.

[1]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[2]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[3]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[4]  Wei-Chi Ku,et al.  Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments , 2009, Comput. Stand. Interfaces.

[5]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[6]  Wei-Kuan Shih,et al.  Security enhancement on an improvement on two remote user authentication schemes using smart cards , 2011, Future Gener. Comput. Syst..

[7]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[8]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[9]  Amit K. Awasthi,et al.  A remote user authentication scheme using smart cards with forward secrecy , 2003, IEEE Trans. Consumer Electron..

[10]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[11]  Marko Hölbl,et al.  Attacks and Improvement of an Efficient Remote Mutual Authentication and Key Agreement Scheme , 2010, Cryptologia.

[12]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[13]  Chunhua Su,et al.  Two robust remote user authentication protocols using smart cards , 2010, J. Syst. Softw..

[14]  Eun-Jun Yoon,et al.  More Efficient and Secure Remote User Authentication Scheme using Smart Cards , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[15]  Narn-Yih Lee,et al.  Improvement of One-Time Password Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[16]  Akihiro Shimizu,et al.  One-Time Password Authentication Protocol against Theft Attacks , 2004 .

[17]  Peter Nose Security weaknesses of authenticated key agreement protocols , 2011, Inf. Process. Lett..

[18]  Jing-Jang Hwang,et al.  A Secure One-Time Password Authentication Scheme Using Smart Cards , 2002 .

[19]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[20]  Marc Witteman,et al.  Advances in Smartcard Security , 2002 .

[21]  Jianmin Wang,et al.  Efficient remote mutual authentication and key agreement , 2006, Comput. Secur..

[22]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[23]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[24]  Kee-Young Yoo,et al.  Improvement of Chien et al.'s remote user authentication scheme using smart cards , 2005, Comput. Stand. Interfaces.

[25]  H. C. Tsai,et al.  Stolen-Verifier Attack on an Efficient Smartcard-Based One-Time Password Authentication Scheme , 2004 .

[26]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.