Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Cryptanalysis and Enhancement of the An's Remote User Authentication Scheme using the Smart Cards

스마트카드를 이용한 An의 원격 사용자 인증 스킴의 안전성 분석 및 개선

  • Shin, Seung-Soo (Dept. of Information Security, College of Information & Communication, Tongmyong University) ;
  • Han, Kun-Hee (Division of Information & Communication Engineering, Baekseok University)
  • 신승수 (동명대학교 정보보호학과) ;
  • 한군희 (백석대학교 정보통신학부)
  • Received : 2011.09.05
  • Accepted : 2011.10.06
  • Published : 2011.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Hsiang-Shin proposed a user authentication scheme which was created by improving Yoon's scheme. Afterwards, An showed the failure to meet security requirements which are considered in user authentication using password-based smart card in Hsiang-Shih-suggested scheme. In other words, it was found that an attacker can steal a user's card, and detect a user's password by temporarily accessing it and extracting the information stored in it. However, An-proposed scheme also showed its vulnerability to password-guessing attack and forgery/impersonation attack, etc. and thus, this paper proposed the improved user authentication scheme. The proposed authentication scheme can thwart the password-guessing attack completely and this paper proposed scheme also includes an efficient mutual authentication method that can make it possible for users and authentication server to certify the other party.

Hsiang-Shih는 Yoon등의 스킴을 개선한 사용자 인증 스킴을 제안하였다. 그 후 An은 Hsiang-Shih이 제안한 스킴이 패스워드를 기반으로 하는 스마트카드를 이용한 사용자 인증 스킴에서 고려하는 보안 요구사항을 만족하지 못함을 보였다. 즉, Hsiang-Shih이 제안한 스킴에서 공격자가 사용자의 스마트카드를 훔치거나 일시적으로 접근하여 그 안에 저장된 정보를 추출하여 사용자의 패스워드를 알아낼 수 있음을 보였다. 그러나 An이 제안한 스킴도 패스워드 추측공격, 위조/위장 공격 등에 취약함을 보이고 개선된 사용자 인증 스킴을 제안하였다. 제안한 인증 스킴은 패스워드 추측공격이 불가능하고 사용자와 인증 서버가 상대방을 인증할 수 있는 효율적인 상호 인증방식을 제시하였다.

Keywords

References

  1. L. Lamport, "Password Authentication with Insecure Communication", Communications of the ACM, Vol.24, No.11, pp. 770-772, 1981. https://doi.org/10.1145/358790.358797
  2. H.Y. Chien, J .K. Jan, Y. M. Tseng, "An efficient and practical solution to remote authentication using smart card," Computers & Security, 21(4), pp. 372-375, 2002. https://doi.org/10.1016/S0167-4048(02)00415-7
  3. S. M. Chen, W. C. Ku, "Weakness and improvements of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, 50(1), pp. 204-207, 2004. https://doi.org/10.1109/TCE.2004.1277863
  4. E. J. Yoon, E. K. Ryu, K. Y. Yoo, "Further improvements of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, 50(2), pp. 612-614, 2004. https://doi.org/10.1109/TCE.2004.1309437
  5. X. Duan, J. W. Liu, Q. Zhang, " Security improvements on Chien et al's remote user authentication scheme using smart cards," IEEE International conference on Computational Intelligence and Security (CIS 2006), 2, pp. 1133-1135, 2006.
  6. H. C. Hsiang, W. K. Shih, "Weakness and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards," Computer Communications 32,pp. 649-652, 2009. https://doi.org/10.1016/j.comcom.2008.11.019
  7. An, "Improvements of the Hsiang-Shih's remote user authentication scheme using smart cards," Journal of the Korea Society of Computer and Information, Vol. 15, No.2, pp. 119-125, 2010. https://doi.org/10.9708/jksci.2010.15.2.119
  8. P. Kocher, J. Jaffe, B. Jun, "Differential power analysis," Proceedings of Advances in Cryptology (CRYPTO 99), pp. 388-398, 1999.
  9. T.S, Messerges, E.A, Dabbish, R.H. Sloan, "Examining smart-cards security under the threat of power analysis attacks," IEEE Transactions on Computers, 51(5), pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593