Weakness of a Password Based Remote User Authentication Scheme

Authors

  • Manoj Kumar  Department of Mathematics, Rashtriya Kishan (P.G.) College Shamli, Utter Pradesh- India

Keywords:

Smart Cards, Authentication, Identity, Password, Login Research Paper, Network Security Cryptanalysis

Abstract

W. C. Ku and S. M. Chen proposed an efficient remote user authentication scheme using smart cards to solve the security problems of Chien-Jan–Tseng’s scheme. Again, Hsu and E. J. Y et al. pointed out the security weakness of the Ku and Chen’s scheme Furthermore, E. J. Y et al. modified the password change phase of Ku and Chen’s scheme and they proposed a new efficient remote user authentication scheme using smart cards. This paper analyses that the modified scheme of E. J. Yoon et al. not withstand to parallel session attack against the insider as well the outsider.

References

  1. A. J. Menezes, P. C. vanOorschot and S. A. Vanstone, Handbook of Applied Cryptography, pp. 490 - 524, 1997.
  2. C. C. Chang and K. F. Hwang, "Some forgery attack on a remote user authentication scheme using smart cards," Informatics, vol. 14, no. 3, pp. 189 - 294, 2003.
  3. C. C. Chang and S. J. Hwang, "Using smart cards to authenticate remote passwords," Computers and Mathematics with applications, vol. 26, no. 7, pp. 19-27, 1993.
  4. C. C. Chang and T. C. Wu, "Remote password authentication with smart cards," IEE Proceedings-E, vol. 138, no. 3, pp. 165-168, 1993.
  5. C. C. Lee, L. H. Li and M. S. Hwang, "A remote user authentication scheme using hash functions," ACM Operating Systems Review, vol. 36, no. 4, pp. 23-29, 2002.
  6. C. C. Lee, M. S. Hwang and W. P. Yang, "A flexible remote user authentication scheme using smart cards," ACM Operating Systems Review, vol. 36, no. 3, pp. 46-52, 2002.
  7. C. J. Mitchell and l. Chen, "Comments on the S/KEY user authentication scheme," ACM Operating System Review, vol. 30, no. 4, pp. 12-16, Oct 1996.
  8. C. K. Chan and L. M. Cheng, "Cryptanalysis of a remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 46, no. 4, pp. 992-993, 2000.
  9. C. Mitchell, "Limitation of a challenge- response entity authentication," Electronic Letters, vol. 25, No.17, pp. 1195- 1196, Aug 1989.
  10. C.L Hsu, "Security of Chien et al.’s remote user authentication scheme using smart cards," Computer Standards and Interfaces, vol. 26, no. 3, pp. 167 - 169, 2004.
  11. E. J. Yoon, E. K. Ryu and K. Y. Yoo, Further improvement of an efficient password based remote user authentication scheme using smart cards", IEEE Trans. Consumer Electronic, vol. 50, no. 2, pp. 612-614, May 2004.
  12. H. M. Sun, "An efficient remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 46, no. 4, pp. 958-961, Nov 2000.
  13. H. Y. Chien, J.K. Jan and Y. M. Tseng, "An efficient and practical solution to remote authentication: smart card," Computer & Security, vol. 21, no. 4, pp. 372-375, 2002.
  14. J. J. Shen, C. W. Lin and M. S. Hwang, "A modified remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 49, no. 2, pp. 414-416, May 2003.
  15. K. C. Leung, L. M. Cheng, A. S. Fong and C. K. Chen, "Cryptanalysis of a remote user authentication scheme using smart cards", IEEE Trans. Consumer Electronic, vol. 49, no. 3, pp. 1243-1245, Nov 2003.
  16. L. H. Li, I. C. Lin and M. S. Hwang, "A remote password authentication scheme for multi-server architecture using neural networks," IEEE Trans. Neural Networks, vol. 12, no. 6, pp. 1498-1504, 2001.
  17. L. Lamport, "Password authentication with insecure communication," communication of the ACM, vol. 24, no. 11, pp. 770-772, 1981.
  18. M. Kumar, "New remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 50, no. 2, pp. 597-600, May 2004.
  19. M. Kumar, "Some remarks on a remote user authentication scheme using smart cards with forward secrecy." IEEE Trans. Consumer Electronic, vol. 50, no. 2, pp. 615-618, May 2004.
  20. M. S. Hwang and L. H. Li, "A new remote user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 46, no. 1, pp. 28-30, Feb 2000.
  21. M. Udi, "A simple scheme to make passwords based on the one-way function much harder to crack," Computer and Security, vol. 15, no. 2, pp. 171 - 176, 1996.
  22. P. Kocher, J. Jaffe and B. Jun, "Differential power analysis," Proc. Advances in Cryptography (CRYPTO’99), pp. 388-397, 1999.
  23. R. E. Lennon, S. M. Matyas and C. H. Mayer, "Cryptographic authentication of time-variant quantities." IEEE Trans. on Commun.,COM -29, no. 6 , pp. 773 - 777, 1981.
  24. S. J. Wang, "Yet another login authentication using N-dimensional construction based on circle property," IEEE Trans. Consumer Electronic, vol. 49, No. 2, pp. 337-341, May 2003.
  25. S. M. Yen and K.H. Liao, "Shared authentication token secure against replay and weak key attack," Information Processing Letters, pp. 78-80, 1997.
  26. T. C. Wu, "Remote login authentication scheme based on a geometric approach," Computer Communication, vol. 18, no. 12, pp. 959 - 963, 1995.
  27. T. ElGamal, "A public key cryptosystem and a signature scheme based on discrete logarithms," IEEE Trans. on Information Theory, vol. 31, No. 4, pp. 469-472, July 1985.
  28. T. Hwang and W.C. Ku, "Reparable key distribution protocols for internet environments," IEEE Trans. Commun. , vol. 43, No. 5, pp. 1947-1950, May 1995.
  29. T. S. Messerges, E. A. Dabbish and R. H. Sloan, " Examining smart card security under the threat of power analysis attacks," IEEE Trans. on Computers, vol. 51, no. 5, pp. 541 -552, May 2002.
  30. W. C. Ku, C. M. Chen and H. L. Lee, " Cryptanalysis of a variant of Peyravian- Zunic’s password authentication scheme," IEICE Trans. Commun, vol. E86- B, no. 5, pp. 1682 -1684, May 2002.
  31. W. C. Ku and S. M. Chen, " Weaknesses and improvements of an efficient password based user authentication scheme using smart cards," IEEE Trans. Consumer Electronic, vol. 50, no. 1, pp. 204 -207, Feb 2004.
  32. Y. L. Tang, M. S. Hwang and C. C. Lee, "A simple remote user authentication scheme," Mathematical and Computer Modeling, vol. 36, pp. 103 - 107, 2002.
  33. Xu J, Zhu WT, Feng DG. An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 31 (4) (2009) 723-728.
  34. Li X, et al. Cryptanalysis and improvement of a biometric-based remote authentication scheme using smart cards. Journal of Network and Computer Applications, 34:73-79, 2011. Lee CC, Chang RX, Chen LA. Improvement of Li-Hwang's biometric-based authentication scheme using smart cards. Wseas Transaction on Communications, ISSN: 1109-2742, Issue 7, Volume 10, July 2011.
  35. Das AK. Cryptanalysis and further improvement of a biometric-based remote user authentication scheme using smart cards. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.2, March 2011.
  36. Pandey US, Raina VR. Biometric and ID based user authentication mechanism using smart cards for multi-server environment. Proceedings of the 5thNational Conference, INDIACom-2011, Computing for National Development, March 10-11, 2011.
  37. Ya-Fen Chang , Wei-Liang Tai , Hung-Chin Chang, Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update, International Journal of Communication Systems, v.27 n.11, p.3430-3440, November 2014.
  38. S. Kumari and M. K. Khan, "Cryptanalysis and improvement of a robust smart-card-based remote user password authentication scheme," International Journal of Communication Systems, vol. 27, no. 12, pp. 3939-3955, 2014.
  39. B. L. Chen, W. C. Kuo, and L. C. Wuu, "Robust smart-card-based remote user password authentication scheme," International Journal of Communication Systems, vol. 27, no. 2, pp. 377-389, 2014.
  40. C. C. Lee, C. H. Liu, and M. S. Hwang, "Guessing attacks on strong-password authentication protocol.," International Journal of Network Security, vol. 15, no. 1, pp. 64-67, 2013.

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2017-08-31

Issue

Volume 2, Issue 4, July-August-2017

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Manoj Kumar, " Weakness of a Password Based Remote User Authentication Scheme, IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 2, Issue 4, pp.489-494, July-August-2017.