Weakness of a Password Based Remote User Authentication Scheme

Authors(1) :-Manoj Kumar

W. C. Ku and S. M. Chen proposed an efficient remote user authentication scheme using smart cards to solve the security problems of Chien-JanĖTsengís scheme. Again, Hsu and E. J. Y et al. pointed out the security weakness of the Ku and Chenís scheme Furthermore, E. J. Y et al. modified the password change phase of Ku and Chenís scheme and they proposed a new efficient remote user authentication scheme using smart cards. This paper analyses that the modified scheme of E. J. Yoon et al. not withstand to parallel session attack against the insider as well the outsider.

Authors and Affiliations

Manoj Kumar
Department of Mathematics, Rashtriya Kishan (P.G.) College Shamli, Utter Pradesh- India

Smart Cards, Authentication, Identity, Password, Login Research Paper, Network Security Cryptanalysis

  1. A. J. Menezes, P. C. vanOorschot and S. A. Vanstone, Handbook of Applied Cryptography, pp. 490 - 524, 1997.
  2. C. C. Chang and K. F. Hwang, "Some forgery attack on a remote user authentication scheme using smart cards," Informatics, vol. 14, no. 3, pp. 189 - 294, 2003.
  3. C. C. Chang and S. J. Hwang, "Using smart cards to authenticate remote passwords," Computers and Mathematics with applications, vol. 26, no. 7, pp. 19-27, 1993.
  4. C. C. Chang and T. C. Wu, "Remote password authentication with smart cards," IEE Proceedings-E, vol. 138, no. 3, pp. 165-168, 1993.
  5. C. C. Lee, L. H. Li and M. S. Hwang, "A remote user authentication scheme using hash functions," ACM Operating Systems Review, vol. 36, no. 4, pp. 23-29, 2002.
  6. C. C. Lee, M. S. Hwang and W. P. Yang, "A flexible remote user authentication scheme using smart cards," ACM Operating Systems Review, vol. 36, no. 3, pp. 46-52, 2002.
  7. C. J. Mitchell and l. Chen, "Comments on the S/KEY user authentication scheme," ACM Operating System Review, vol. 30, no. 4, pp. 12-16, Oct 1996.
  8. C. K. Chan and L. M. Cheng, "Cryptanalysis of a remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 46, no. 4, pp. 992-993, 2000.
  9. C. Mitchell, "Limitation of a challenge- response entity authentication," Electronic Letters, vol. 25, No.17, pp. 1195- 1196, Aug 1989.
  10. C.L Hsu, "Security of Chien et al.’s remote user authentication scheme using smart cards," Computer Standards and Interfaces, vol. 26, no. 3, pp. 167 - 169, 2004.
  11. E. J. Yoon, E. K. Ryu and K. Y. Yoo, Further improvement of an efficient password based remote user authentication scheme using smart cards", IEEE Trans. Consumer Electronic, vol. 50, no. 2, pp. 612-614, May 2004.
  12. H. M. Sun, "An efficient remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 46, no. 4, pp. 958-961, Nov 2000.
  13. H. Y. Chien, J.K. Jan and Y. M. Tseng, "An efficient and practical solution to remote authentication: smart card," Computer & Security, vol. 21, no. 4, pp. 372-375, 2002.
  14. J. J. Shen, C. W. Lin and M. S. Hwang, "A modified remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 49, no. 2, pp. 414-416, May 2003.
  15. K. C. Leung, L. M. Cheng, A. S. Fong and C. K. Chen, "Cryptanalysis of a remote user authentication scheme using smart cards", IEEE Trans. Consumer Electronic, vol. 49, no. 3, pp. 1243-1245, Nov 2003.
  16. L. H. Li, I. C. Lin and M. S. Hwang, "A remote password authentication scheme for multi-server architecture using neural networks," IEEE Trans. Neural Networks, vol. 12, no. 6, pp. 1498-1504, 2001.
  17. L. Lamport, "Password authentication with insecure communication," communication of the ACM, vol. 24, no. 11, pp. 770-772, 1981.
  18. M. Kumar, "New remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 50, no. 2, pp. 597-600, May 2004.
  19. M. Kumar, "Some remarks on a remote user authentication scheme using smart cards with forward secrecy." IEEE Trans. Consumer Electronic, vol. 50, no. 2, pp. 615-618, May 2004.
  20. M. S. Hwang and L. H. Li, "A new remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 46, no. 1, pp. 28-30, Feb 2000.
  21. M. Udi, "A simple scheme to make passwords based on the one-way function much harder to crack," Computer and Security, vol. 15, no. 2, pp. 171 - 176, 1996.
  22. P. Kocher, J. Jaffe and B. Jun, "Differential power analysis," Proc. Advances in Cryptography (CRYPTO’99), pp. 388-397, 1999.
  23. R. E. Lennon, S. M. Matyas and C. H. Mayer, "Cryptographic authentication of time-variant quantities." IEEE Trans. on Commun.,COM -29, no. 6 , pp. 773 - 777, 1981.
  24. S. J. Wang, "Yet another login authentication using N-dimensional construction based on circle property," IEEE Trans. Consumer Electronic, vol. 49, No. 2, pp. 337-341, May 2003.
  25. S. M. Yen and K.H. Liao, "Shared authentication token secure against replay and weak key attack," Information Processing Letters, pp. 78-80, 1997.
  26. T. C. Wu, "Remote login authentication scheme based on a geometric approach," Computer Communication, vol. 18, no. 12, pp. 959 - 963, 1995.
  27. T. ElGamal, "A public key cryptosystem and a signature scheme based on discrete logarithms," IEEE Trans. on Information Theory, vol. 31, No. 4, pp. 469-472, July 1985.
  28. T. Hwang and W.C. Ku, "Reparable key distribution protocols for internet environments," IEEE Trans. Commun. , vol. 43, No. 5, pp. 1947-1950, May 1995.
  29. T. S. Messerges, E. A. Dabbish and R. H. Sloan, " Examining smart card security under the threat of power analysis attacks," IEEE Trans. on Computers, vol. 51, no. 5, pp. 541 -552, May 2002.
  30. W. C. Ku, C. M. Chen and H. L. Lee, " Cryptanalysis of a variant of Peyravian- Zunic’s password authentication scheme," IEICE Trans. Commun, vol. E86- B, no. 5, pp. 1682 -1684, May 2002.
  31. W. C. Ku and S. M. Chen, " Weaknesses and improvements of an efficient password based user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 50, no. 1, pp. 204 -207, Feb 2004.
  32. Y. L. Tang, M. S. Hwang and C. C. Lee, "A simple remote user authentication scheme," Mathematical and Computer Modeling, vol. 36, pp. 103 - 107, 2002.
  33. Xu J, Zhu WT, Feng DG. An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 31 (4) (2009) 723-728.
  34. Li X, et al. Cryptanalysis and improvement of a biometric-based remote authentication scheme using smart cards. Journal of Network and Computer Applications, 34:73-79, 2011. Lee CC, Chang RX, Chen LA. Improvement of Li-Hwang's biometric-based authentication scheme using smart cards. Wseas Transaction on Communications, ISSN: 1109-2742, Issue 7, Volume 10, July 2011.
  35. Das AK. Cryptanalysis and further improvement of a biometric-based remote user authentication scheme using smart cards. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.2, March 2011.
  36. Pandey US, Raina VR. Biometric and ID based user authentication mechanism using smart cards for multi-server environment. Proceedings of the 5thNational Conference, INDIACom-2011, Computing for National Development, March 10-11, 2011.
  37. Ya-Fen Chang , Wei-Liang Tai , Hung-Chin Chang, Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update, International Journal of Communication Systems, v.27 n.11, p.3430-3440, November 2014.
  38. S. Kumari and M. K. Khan, "Cryptanalysis and improvement of a robust smart-card-based remote user password authentication scheme," International Journal of Communication Systems, vol. 27, no. 12, pp. 3939-3955, 2014.
  39. B. L. Chen, W. C. Kuo, and L. C. Wuu, "Robust smart-card-based remote user password authentication scheme," International Journal of Communication Systems, vol. 27, no. 2, pp. 377-389, 2014.
  40. C. C. Lee, C. H. Liu, and M. S. Hwang, "Guessing attacks on strong-password authentication protocol.," International Journal of Network Security, vol. 15, no. 1, pp. 64-67, 2013.

Publication Details

Published in : Volume 2 | Issue 4 | July-August 2017
Date of Publication : 2017-08-31
License:  This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 489-494
Manuscript Number : CSEIT1724120
Publisher : Technoscience Academy

ISSN : 2456-3307

Cite This Article :

Manoj Kumar, "Weakness of a Password Based Remote User Authentication Scheme", International Journal of Scientific Research in Computer Science, Engineering and Information Technology (IJSRCSEIT), ISSN : 2456-3307, Volume 2, Issue 4, pp.489-494, July-August-2017.
Journal URL : http://ijsrcseit.com/CSEIT1724120

Article Preview

Follow Us

Contact Us