한국통신학회논문지 (The Journal of Korean Institute of Communications and Information Sciences)

  • 제37권8C호
  • /
  • Pages.697-702
  • /
  • 2012
  • /
  • 1226-4717(pISSN)
  • /
  • 2287-3880(eISSN)
한국통신학회 (The Korean Institute of Commucations and Information Sciences)
권호 표지
DOI QR코드

DOI QR Code

안전한 원격사용자 인증스킴에 대한 취약성 분석

Cryptanalysis of a Secure Remote User Authentication Scheme

  • ;
  • 이광우 (성균관대학교 정보통신공학부 정보보호연구소) ;
  • 원동호 (성균관대학교 정보통신공학부 정보보호연구소)
  • 투고 : 2012.03.30
  • 심사 : 2012.07.06
  • 발행 : 2012.08.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

2011년, C.-T. Li et al.은 Kim et al. 스킴의 문제점인 오프라인 패스워드 추측 공격과 신분 위장 공격을 해결한 향상된 안전한 사용자 인증 스킴을 제안하였다. C.-T. Li et al.은 그들이 제안하는 방식이 패스워드 추측 공격과 신분 위장 공격 등의 스마트카드 보안 관련 공격들을 막을 수 있다고 주장하였다. 또한 상호 인증과 세션 키 생성을 제공한다는 장점을 가지고 있었다. 하지만, 본 논문에서 분석한 결과, C.-T. Li et al.의 스킴은 패스워드 변경 단계에서의 패스워드 추측 공격이나 스마트카드 위조 공격, 훔친 검증자 공격(stolen verifier attack)에 취약함이 발견되었다. 본 논문에서는 C.-T. Li et al.의 스킴이 패스워드 추측 공격에 대해 안전하지 않으며, 실용적이지 않다는 것을 지적하고자 한다.

In 2011, C.-T. Li et al. proposed a secure user authentication scheme, which is an improvement over Kim et al.'s scheme to resolve several security flaws such as off-line password guessing attack and masquerading attack. C.-T. Li et al. claimed that their scheme prevents smart card security related attacks. Moreover, it provides mutual authentication and session key establishment. However, we found that their scheme is vulnerable to password guessing attack through password change phase, smart card forgery attack and stolen verifier attack. Moreover, C.-T. Li et al.'s scheme is not secure against password guessing attack as they claimed. In this paper, we also point out that their scheme is not practical to use.

키워드

References

  1. H.Y. Chien, J.K. Jan, Y.M. Tseng, An efficient and practical solution to remote authentication: smart card, Computers & Security 21 (4) (2002) 372-375. https://doi.org/10.1016/S0167-4048(02)00415-7
  2. S. Lee, H. Kim, K. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards & Interfaces 27 (2004) 181-183.
  3. E. Yoon, K. Yoo, More efficient and secure remote user authentication scheme using smart cards, in: Proceedings of 11th International Conference on Parallel and Distributed System, vol. 2, 2005, pp. 73-77.
  4. Kim, S.K., Chung, M.G.: More secure remote user authentication scheme. Computer Communications 32(6), 1018-1021 (2009) https://doi.org/10.1016/j.comcom.2008.11.026
  5. W.-B.Horng, C.-P. Lee, J.-W. Peng Cryptanalysis of a More Secure Remote User Authentication Scheme, Computer symposium (ICS), 2010 International 16-18 Dec.2010 284 - 287
  6. C.-T. Li, C.-C. Lee, C.-J. Liu, C.-W. Lee A Robust Remote User Authentication Scheme against Smart Card Security Breach. Data and Applications Security and Privacy XXV, , pp. 231-238, 2011.c_IFIP International Federation for Information Processing 2011
  7. S. K. Sood, A.K. Sarje, K. Singh. An Improvement of Hsiang-Shih's Authentication Scheme Using Smart Cards. International Conference and Workshop on Emerging Trends in Technology (ICWET 2010) - TCET, Mumbai, India 19-25
  8. C.-L. Chen, Y.-F. Lin, N.-C. Wang, Y.-L. Chen. An Improvement on Hsiang and Shih's Remote User Authentication Scheme Using Smart Cards. 2011 12th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 53-57.
  9. M. KUMAR, M.K. GUPTA, S. KUMARI. An Improved Smart Card Based Reote user Authentication Scheme with Session Key Agreement During the Verification Phase. Journal of Applied Computer Science & Mathematics, no. 11 (5) /2011, Suceava 38-46
  10. C.I. Fan, Y.C. Chan, Z.K. Zhang, Robust remote authentication scheme with smart cards, Computers & Security 24 (8) (2005) 619-628. https://doi.org/10.1016/j.cose.2005.03.006
  11. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of Advances in Cryptology, pp. 388-397(1999)
  12. T.S. Messerges, E.A. Dabbish, R.H. Sloan, Examining smart-card security under the threat of power analysis attacks, IEEE Transactions on Computers 51 (5)(2002) 541-552. https://doi.org/10.1109/TC.2002.1004593
  13. Namje Park, Seungjoo Kim, Dongho Won, Secure group communication over combined wired and wireless networks, Lecture Note in Computer Science, Vol.3592, Springer-Verleg, pp.90-99 (2005)
  14. Kwangwoo Lee, Dongho Won, and Seungjoo Kim, A Secure and Efficient E-Will System Based on PKI, Information - An International Interdisciplinary Journal, International Information Institute, Vol. 14, No 7, pp.2187-2206 (2011)
  15. Namje Park, Seungjoo Kim, Dongho Won, Lecture Note in Computer Science,Vol.4217, Springer-Verleg, pp.494-505 (2006)