YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Qi Xie,Ji-Lin Wang,Deren Chen,Xiuyuan Yu

DOI: https://doi.org/10.1109/csse.2008.1043

2008-01-01

Abstract:Recently, Das et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. Liao et al. pointed out some weaknesses of Das et al.psilas scheme, and presented an improved scheme. However, an impersonate attack on Liao et al.psilas scheme is proposed, it proves that their scheme is also insecure. To overcome the weakness, the new scheme is presented. The advantage of the proposed scheme is that there are no secret numbers in the smart card, and can withstand all sorts of attacks.

Zhao Mingwei,Ji Xiaoyu,Jiang Rongan

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.05.085

2009-01-01

Abstract:Compared with traditional static password system,the identity authentication system with dynamic password is more secure.Based on ElGamal's private key cryptosystem and challenge-response mechanism,this paper presents a new identity authentication scheme with dynamic password which integrates the smart card and the fingerprint features.The bidirectional authentication between the clients and the server is also achieved.This scheme is effective in preventing reply attack and masquerade attack.

De-song Wang,Jian-ping Li,Yuan Tang,Fu-long Xu,Yue-hao Yan

DOI: https://doi.org/10.1142/9789812799524_0026

2008-01-01

Abstract:In the recent several years, Lee et al. and Lin-Lai proposed fingerprint-based remote user authentication schemes using smart cards. But their schemes are vulnerable and susceptible to the attack and have practical pitfalls. Their schemes perform only unilateral authentication (only client authentication). In order to overcome the flaw, Khan and Zhang present a strong remote user authentication scheme by using fingerprint-biometric and smart cards. The proposed scheme is an extended and generalized form of ElGamal's signature scheme whose security is based on discrete logarithm problem, which is not yet forged. In addition, computational costs and efficiency of the proposed scheme are better than other related schemes. But as the time lapses, fingerprint of some people will be changed, such as being burned or being wounded. Once such case happened, the user won't be authentication. So we propose the authentication scheme of remote users by using multimodal biometric (fingerprint and face features) and smart cards. Proposed scheme not only overcome drawbacks and problems of previous schemes, but also provide a stronger and more secure authentication of remote users over insecure network.

Xiong Li,Jianwei Niu,Yazhi Liu,Junguo Liao,Wei Liang

DOI: https://doi.org/10.1504/ijahuc.2014.066423

2014-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Smart card-based password authentication scheme is one of the most simple and efficient method to identify the legitimacy of a user via an insecure channel. To protect the user from tracking by the attacker, many dynamic ID-based user authentication schemes have been proposed. Recently, Chen et al. proposed an efficient and secure dynamic ID-based authentication scheme using smart cards. However, we find that Chen et al.'s scheme cannot really protect user's anonymity and forward secrecy. Besides, their scheme is inefficient in the authentication phase and cannot resist stolen smart card attack. In this paper, we propose a robust dynamic ID-based user authentication scheme using smart cards to cover the above weaknesses, the proposed scheme can really protect the user's anonymity and is more secure comparing with other related schemes.

Ali A. Yassin,Hai Jin,Ayad Ibrahim,Deqing Zou

DOI: https://doi.org/10.1007/978-3-642-33469-6_42

2012-01-01

Abstract:Smart card-based authentication is considered as one of the most excessively used and applied solutions for remote user authentication. In this paper, we display Wang et al.'s scheme and indicate many shortcomings in their scheme. Password guessing, masquerade, Denial-Of-Service (DOS) and insider attacks could be effective. To outfight the drawbacks, we propose a strong, more secure and practical scheme, which is aimed to withstand well-known attacks. In addition, our proposed scheme provides many pivotal merits: more functions for security and effectiveness, mutual authentication, key agreement, freely chosen password, secure password change, and user anonymity. Moreover, our proposed scheme is shown to be secure against replay attack, password guessing attack, DOS attack, insider attack, and impersonate attack. Furthermore, the security analysis of our work gains it to appear in applications with high-security requirements.

DENG Feijin,FAN Lei,SHI Jianjun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.24.062

2005-01-01

Abstract:The dynamic password authentication mechanism is an important development direction of authentication.But in many dynamic password authentication schemes,user’s authentication data are transferred masking with the verifiers stored in the server.Once the verifier is stolen,the attacker can forge authentication data.Therefore,those schemes are vulnerable to theft attacks.Recently a new scheme named 2GR is proposed and showes that it can resist stolen-verifier attack.But the 2GR can’t provide protection against denial of service attack,and doesn’t provide mutual authentication.This paper proposes a revised scheme using smart cards,which eliminates such problems.

Ding Wang,Chunguang Ma,Qi-Ming Zhang,Sendong Zhao

DOI: https://doi.org/10.4304/jnw.8.1.148-155

2013-01-01

Journal of Networks

Abstract:It is a challenge for password authentication protocols using non-tamper resistant smart cards to achieve user anonymity, forward secrecy, immunity to various attacks and high performance at the same time. In 2011, Li and Lee showed that both Hsiang-Shih’s password-based remote user authentication schemes are vulnerable to various attacks if the smart card is non-tamper resistant. Consequently, an improved scheme was developed to preclude the identified weaknesses and claimed that it is secure against smart card loss attacks. In this paper, however, we will show that Li-Lee’s scheme still cannot withstand offline password guessing attack under the non-tamper resistance assumption of the smart card. In addition, their scheme is also vulnerable to denial of service attack and fails to provide user anonymity and forward secrecy. As our main contribution, a robust scheme is presented to cope with the aforementioned defects, while keeping the merits of different password authentication schemes using smart cards. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several hard security threats that are difficult to be tackled at the same time in previous scholarship.

Ahmed Yaser Fahad Alsahlani,Songfeng Lu

2016-01-01

Abstract:Authentication using smart card is a mechanism to verify the legitimacy of the user over insecure communication. Recently, Chen et al. figured out some weaknesses in previously published schemes, they proposed a robust smart card based remote user password authentication scheme. They claimed that, their scheme is efficient and can ensure the session key forward secrecy. We analyzed their scheme, we found that, it cannot detect incorrect password within login phase. Furthermore, the user required to communicate with the server to change or update his/her password. Besides, it cannot securely forward the secrecy. In this paper, we propose a scheme to overcome the aforesaid weaknesses and produce an enhanced authentication scheme based remote user password using smart card. We use a TRPT (Temporary Registration Password Technique) within registration phase to secure user's password. Our proposed scheme can resist various malicious attacks, achieve mutual authentication, user can choose and change his/her password freely without need to communicates with the server, securely forward secrecy, and the login password never been exposed or transferred over channel. We show that, our proposed scheme achieved the goal, and it is more legible to practical use compared to the other related schemes.

SHA Yaqing,SUN Hongwei,GU Ming

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.14.049

2006-01-01

Abstract:This paper proposes a new authentication scheme based on smart cards and fingerprint recognition,which solves the insecure problem of the present one using identities and passwords for electronic filing of tax returns systems.This scheme combines fingerprint recognition with the enhanced remote user authentication scheme using smart cards proposed by Awasthi,and uses fingerprint information to justify the owners of smart cards and generate random numbers,keys and passwords,which has the characteristics of dynamic keys,dynamic passwords and two-way authentication,and improves the security of electronic filing of tax returns systems.

XiaoYi Duan,Qishan Zhang,Jianwei Liu

2007-01-01

Abstract:Smart cards are secure, compact and intelligent data carriers, which can offers strong authentication and guaranteed non-repudiation. With the traditional authentication solution, the static password is rarely altered and maintained in the verifier table on the server. This is bringing forth the important attacks of replay attacks, guessing attacks, modication attacks, and stolen-verier attacks. However, the dynamic ID-based authentication solution can solve the problem. I-En Liao et al proposed a dynamic ID-based user authentication scheme using smart cards. The scheme has a lot of advantages, such as avoiding a variety of attacks, mutual authentication and no verifier table, but it can't resist to stolen attack. A improved scheme was presented to remedy their weaknesses. Compare with Liao-Lee-Hwang's scheme, the improved scheme not only avoid stolen attacks but also reduce the computational costs.

Chen Yang,Wenping Ma,Benxiong Huang,Xinmei Wang

DOI: https://doi.org/10.1109/AINAW.2007.279

2007-01-01

Abstract:In this paper, a bilinear mapping based password-based access control scheme with remote user authentication scheme using smart cards is presented. The proposed scheme enables one user to choose his password freely in the registration phase and easily change it as needed. We take the novel technique of binding one user's private key to his identity, which enables the AS (authentication server) to be unnecessary to maintain a password table to verify the login request and thus enhances the practicality and reliability of the system. Additionally, based on the difficulty of Elliptic Curve Discrete Logarithm (ECDL) problem, the proposed scheme can efficiently withstand replaying attacks, forgery attacks, Masquerade attacks, guessing and stolen verifier attacks and insider attacks.

Hongwei Sun,Kwokyan Lam,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/ICCCAS.2007.6251608

2008-01-01

Abstract:Remote user authentication is important to protect web-based services offered over the Internet. The use of smart cards was proposed to avoid the storage of password table in the server. Further protection of user information in the smart cards can be done by imposing a fingerprint verification mechanism. The Lee, Ryu and Yoo (LRY) scheme which provides both smart card based authentication and fingerprint verification is found to be vulnerable to various attacks. This paper proposed an improvement to the LRY scheme which is able to withstand the attacks of the LRY scheme.

Hossen Asiful Mustafa,Hasan Muhammad Kafi

DOI: https://doi.org/10.48550/arXiv.1711.01198

2017-11-03

Abstract:Password security can no longer provide enough security in the area of remote user authentication. Considering this security drawback, researchers are trying to find solution with multifactor remote user authentication system. Recently, three factor remote user authentication using biometric and smart card has drawn a considerable attention of the researchers. However, most of the current proposed schemes have security flaws. They are vulnerable to attacks like user impersonation attack, server masquerading attack, password guessing attack, insider attack, denial of service attack, forgery attack, etc. Also, most of them are unable to provide mutual authentication, session key agreement and password, or smart card recovery system. Considering these drawbacks, we propose a secure three factor user authentication scheme using biometric and smart card. Through security analysis, we show that our proposed scheme can overcome drawbacks of existing systems and ensure high security in remote user authentication.

Cryptography and Security

Jingxuan Zhai,Tianjie Cao,Xiuqing Chen,Shi Huang

DOI: https://doi.org/10.14257/ijsia.2015.9.1.37

2015-01-01

International Journal of Security and Its Applications

Abstract:Dynamic ID-based authentication schemes based on password and smart card are widely used to provide two-factor authentication and user anonymity. However, these schemes have one or the other possible security weaknesses. In this paper, we analyze the schemes of Li et al. and Wang et al. published in recent years. After the analysis, we demonstrates that Li et al. 's schemes are vulnerable to off-line password guessing attack if the user's identity is compromised, Li et al.'s scheme cannot withstand the impersonation attack and linkability attack, Wang et al.'s schemes cannot resist off-line password guessing attack if the attacker steals a smart card, Wang et al. 's schemes fail to provide forward security. Our result shows that none of the existing dynamic ID based authentication schemes can achieve all the desirable security goals.

Yang Zhou,Chang Gong,Pingping Xu,Wei Wang

DOI: https://doi.org/10.16526/j.cnki.11-4762/tp.2017.06.032

2017-01-01

Abstract:For the issues that the defects of existing remote security authentication scheme based on smart card,this paper proposed a remote mutual authentication scheme with smart card based on hash function.In the registration phase,the user sets his identity and password,at the same time,the system generates a random number and submit it with the identity,password,to obtain a security parameter.In the login and mutual authentication phase,the smart card and the server implement bidirectional authentication through Hash operation according to the identity,password and system security parameters entered by the user.so as to avoid the illegal log in.In the phase of password modification,the user can change the password freely after confirming the validity of the user.Through the analysis of security performance,the scheme provides forward secrecy and user anonymity,and can resist denial of service attack,forgery attack,replay attack,Smart card loss attacks,password guessing attacks and server spoofing attacks.Compared with the existing schemes,the scheme provides high security while maintaining a low computational complexity.

TANG Hongbin,LIU Xinsoug

DOI: https://doi.org/10.3778/j.issn.1002-8331.2012.19.016

2012-01-01

Computer Engineering and Applications Journal

Abstract:A smart card based remote user authentication scheme is more secure than a password-based authentication scheme.In 2011,Chen et al.proposed an improvement on Hsiang et al.'s remote user authentication scheme,and claimed their scheme was more secure than Hsiang et al.'s scheme.However,their scheme is still vulnerable to insider attack,lost smart card attack,replay attack,and impersonation attack.To overcome the dictionary attack against lost smart card,a user authentication scheme based on smart card and elliptic curve discrete logarithm problem is proposed.This scheme is proved to be secure agaisnt various attacks and needs only one elliptic curve scale multiplication in the login and authentication phases.

Yuanyuan Zhang,Jianhua Chen,Baojun Huang,Cong Peng

DOI: https://doi.org/10.5755/j01.itc.43.4.6579

IF: 0.813

2014-01-01

Information Technology And Control

Abstract:Recently, Li proposed a new password authentication and user anonymity scheme based on elliptic curve cryptography. In this paper, we will show that Li's scheme is vulnerable to the impersonation attack and the denial of service attack. Moreover, we also point out that there is an error in his scheme. To overcome the weaknesses of Li's scheme, we proposed an efficient password authentication scheme based on elliptic curve cryptography. The proposed scheme improves the security and efficiency of the authentication process.

Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.6138/jit.2012.13.3.04

2012-01-01

Abstract:As an important mechanism to guarantee secure communication, the authentication scheme has attracted wide attention. Recently, Xu et al. proposed a new authentication scheme and show their scheme is provably secure in the random oracle model under the computational Diffie-Hellman assumption. Unfortunately, in this paper, we will demonstrate that Xu et al.'s scheme is vulnerable to the impersonation attack and the privileged insider attack. We also propose an improved scheme to eliminate the security vulnerability.

Jiayong Liu

2010-01-01

Abstract:For the requirements of the network security,the authentication scheme with smart card attracts more and more attention.The security of the dynamic id-based remote user authentication scheme proposed by Wang Yan-yan et al.is analyzed,the security flaw of this scheme,including feasibility of off-line password guessing attack,is pointed out.And then an improved scheme is proposed,which could avoid replay attack,off-line password guessing attack,masquerading server/user attack.The security analysis indicates that this new scheme is of higher security while keeping merits of the original scheme.