Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

An Efficient and Secure Authentication Scheme Preserving User Anonymity

  • Kim, Mi Jin (School of Information and Communication Engineering, Sungkyunkwan University) ;
  • Lee, Kwang Woo (School of Information and Communication Engineering, Sungkyunkwan University) ;
  • Kim, Seung Joo (School of Information and Communication Engineering, Sungkyunkwan University) ;
  • Won, Dong Ho (School of Information and Communication Engineering, Sungkyunkwan University)
  • Received : 2010.08.19
  • Accepted : 2010.08.30
  • Published : 2010.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Authentication and key establishment are fundamental procedures to establish secure communications over public insecure network. A password-based scheme is common method to provide authentication. In 2008, Khan proposed an efficient password-based authentication scheme using smart cards to solve the problems inherent in Wu-Chieu's authentication scheme. As for security, Khan claimed that his scheme is secure and provides mutual authentication between legal users and a remote server. In this paper, we demonstrate Khan's scheme to be vulnerable to various attacks, i. e., password guessing attack, insider attack, reflection attack and forgery attack. Our study shows that Khan's scheme does not provide mutual authentication and is insecure for practical applications. This paper proposes an improved scheme to overcome these problems and to preserve user anonymity that is an issue in e-commerce applications.

Keywords

References

  1. Lamport, L., "Password Authentication with Insecure Communication," Communications of the ACM, Vol. 24, No. 11, 1981, pp. 770-772. https://doi.org/10.1145/358790.358797
  2. Bellovin, S. M. and Merritt, M., "Encrypted key exchange: password-based protocols secure against dictionary attacks," In: IEEE Symposium on research in security and privacy, IEEE Computer Society, 1992, pp. 72-84.
  3. Bellare, M., Pointcheval, D. and Rogaway, P., "Authenticated key exchange secure against dictionary attacks," Advances in Cryptology- EUROCRYPT00, Lecture Notes in Computer Science, 1807, 2000, pp. 139-155.
  4. Botko, V., Mackenzie, P. and Patel, S., "Provable secure password-authenticated key exchange using Diffe-Hellman," 2000, pp. 156-171.
  5. Yang, G., Wong, D. S., Wong, H. and Deng, X., "Two-factor mutual authentication based on smart cards and passwords," Journal of computer and system sciences, Elsevier, Vol. 74, No. 7, 2008, pp. 1160-1172. https://doi.org/10.1016/j.jcss.2008.04.002
  6. Wu, S. T. and Chieu, B. C., "A note on a user friendly remote user authentication scheme with smart cards," IEICE Transactions Fundamentals, Vol. 87-A, No. 8, 2004, pp. 2180-2181.
  7. Khan, M. K., "An efficient and secure remote mutual authentication scheme with smart cards," International Symposium on Biometrics and Security Technologies(ISBAST 2008), pp. 1-6.
  8. Ku, W. C., Chen, C. M. and Lee, H. L., "Cryptanalysis of a variant of Peyravian-Zunic's password authentication scheme," IEICE trans. on commun., Vol. E86-B, No. 5, 2003, pp. 1682-1684.
  9. Mitchell, C., "Limitations of challenge-response entity authentication," Electronics Letters, Vol. 25, No. 17, 1989, pp. 1195-1196. https://doi.org/10.1049/el:19890801
  10. Yashinsac, A., "Dynamic analysis of security protocols," Proc. 2000 Workshop on New Security Paradigms, 2001, pp. 77-87.
  11. Kocher, P., Jaffe, J. and June, B., "Differential power analysis," Proc. Advances in Cryptology (CRYPTO'99), 1999, pp. 388-397.
  12. Messerges, T. S., Dabbish, E. A. and Sloan, R. H., "Examming smart card security under the threat of power analysis attacks," IEEE Transactions on Computer, Vol. 51, No. 5, 2002, pp. 541-552. https://doi.org/10.1109/TC.2002.1004593
  13. Menezes, A. J., Oorschot, P. C. and Vanston, S. A., "Handbook of applied cryptography," CRC Press, New York, 1997.

Cited by

  1. 스마트카드 기반의 사용자 인증 기법에 관한 연구 vol.14, pp.2, 2018, https://doi.org/10.17662/ksdim.2018.14.2.027