Secure Remote User Authentication Scheme for Password Guessing Attack

패스워드 추측공격에 안전한 원격 사용자 인증 스킴

  • Shin, Seung-Soo (Dept. of Information Security, College of Information & Communication, Tongmyong University) ;
  • Han, Kun-Hee (Division of Information & Communication Engineering, Baekseok University)
  • 신승수 (동명대학교 정보보호학과) ;
  • 한군희 (백석대학교 정보통신학부)
  • Received : 2011.09.05
  • Accepted : 2011.12.13
  • Published : 2011.12.31


This paper shows that a scheme provided by An[7] is not enough to satisfy security requirements for a user certification using a password-based smart card. In order to compensate this weakness, this study provides an improved user scheme with a hash function and ElGamal signature. This new scheme has some advantages protecting password guessing attack, masquerade, and replay attack as well as providing forward secrecy. Compared to An's certification scheme, this scheme suggests that the effect of computational complexity is similar but the efficiency of safety is better.


User Authentication;Smart Cards;Password Guessing Attack;Impersonation Attack


  1. L. Lamport, "Password authentication with insecure communication," Communication of the ACM, 24(11), pp. 770-772, 1981.
  2. C. C Chang, T .C. Wu, "Remote password authentication with smart cards," IEEE Proceedings-E, 138(3), pp. 165-168, 1991.
  3. M. S. Hwang, L .H. Li, "A New remote user authentication schemes using smart card," IEEE Trans. Consum. Electronics, 46(1), Feb. 2000.
  4. J .J. Shen, C. W. Cheng, and M. S Whang, "A modified remote user authentication schemes using smart card," IEEE Trans. Consum. Electron, 46(2), pp. 414-416. 2003.
  5. Zuhua Shao, "Efficient deniable authentication protocol based on generalized ElGamal signature scheme," Computer Standards & Interfaces, Article in press, Dec. 2003.
  6. B. Wang, Z. Q. Li, "A Forward-secure User Authentication scheme with smart cards," International Journal of Network Security, Vol. 3, No. 2, pp. 116-119. 2006.
  7. Young-Hwa. An, "A Study on the user Authentication Scheme with Forward Secrecy", Journal of the Korea Society of Computer and Information, Vol. 16, No. 2, pp. 183-191, 2011.
  8. J. Xu, W. T Zhu, D.G. Feng, "An improved smart card based password authentication scheme with provable security," Computers Standards & Interfaces, 31, pp. 723-728, 2009.
  9. P. Kocher, J. Jaffe, B. Jun, "Differential power analysis," Proceedings of Advances in Cryptology (CRYPTO 99), pp. 388-398, 1999.
  10. T. S, Messerges, E. A, Dabbish, R. H. Sloan, "Examining smart-cards security under the threat of power analysis attacks," IEEE Transactions on Computers, 51(5), pp. 541-552, 2002.