Secure and Efficient Smart Card Based Remote User Password Authentication Scheme
نویسندگان
چکیده
In distributed systems, the smart card based password authentication, as one of the most convenient and efficient two-factor authentication mechanisms, is widely used to ensure that the protected services are not available to unauthorized users. Recently, Li et al. demonstrated that the smart card based password authentication scheme proposed by Chen et al. cannot provide perfect forward secrecy as they claimed. In addition, the password change phase of the scheme is unfriendly and inefficient. Subsequently, Li et al. presented an enhanced smart card based password authentication scheme to overcome the above flaws existing in Chen et al.’s scheme. Furthermore, Kumari and Khan, and Jiang et al. demonstrated that Chen et al.’s scheme cannot resist off-line password guessing attacks, and also proposed an improved scheme, respectively. In this study, we first illustrate that Li et al.’s scheme, and Kumari and Khan’s scheme both fail to achieve the basic security requirement of the smart card based password authentication, namely, once the private information stored in the smart card has been extracted, the schemes would be vulnerable to off-line password guessing attacks. We also point out that Jiang et al.’s scheme, as well as Kumari and Khan’s scheme cannot provide perfect forward secrecy. Then, we introduce a new smart card based password authentication scheme. By presenting concrete analysis of security and performance, we show that the proposed scheme cannot only resist various well-known attacks, but also is more efficient than other related works, and thus is feasible for practical applications.
منابع مشابه
Cryptanalysis and An Efficient Secure ID-Based Remote User Authentication Scheme Using Smart Card pdfkeywords=Attack, Authentication, Password, Secure ID, Smart Card
Remote User authentication protocol is used for verifying the legitimacy of a remote user over insecure network environments. Recently, many secure ID based remote user authentication scheme using smart card have been proposed in the literature. In 2012, Ratan-Sanjay [1] proposed secure ID based remote user authentication scheme using smart card and claimed that their scheme can avoid all types...
متن کاملAn Improvement of Efficient Dynamic ID-based User Authentication Scheme using Smart Cards without Verifier Tables
Remote user authentication scheme is one of the most convenient authentication schemes to deal with secret data over insecure channel. During the last couple of decades, many researchers have proposed a remote user authentication schemes which are ID-based, password-based, and smart card-based. Above all, smart card-based authentication schemes are becoming day by day more popular. One of the b...
متن کاملA Remote User Authentication Scheme with Anonymity for Mobile Devices
With the rapid growth of information technologies, mobile devices have been utilized in a variety of services such as e‐commerce. When a remote server provides such e‐commerce services to a user, it must verify the legitimacy of the user over an insecure communication channel. Therefore, remote user authentication has been widely deployed to verify the legitimacy of re...
متن کاملA Robust and Efficient Timestamp-based Remote User Authentication Scheme with Smart Card Lost Attack Resistance
Password-based authentication scheme with smart card is an important part of security for accessing remote servers. In 2011, Awasthi et al. proposed an improved timestampbased remote user authentication scheme to eliminate the attacks in Shen et al.’s. However, we find that their scheme is vulnerable to the privileged insider, the lost smart card, the password guessing, the replay, the modifica...
متن کاملAn Improved Remote User Password Authentication Scheme Using Smart Card with Session Key Agreement
Remote user authentication is a mechanism, in which the remote server verifies the legitimacy of a user over an insecure communication. Password authentication based on smart cards is one of the simplest and most efficient authentication methods and is a commonly deployed to authenticate the legitimacy of remote users. Based on cryptographic techniques, several password authentication schemes h...
متن کاملA Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function
In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes propo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 18 شماره
صفحات -
تاریخ انتشار 2016