DOI QR코드

DOI QR Code

스마트 카드를 사용한 검증자 없는 사용자 인증 및 접근 제어 방법: Chen-Yeh 방법의 개선

A Verifier-free Scheme for User Authentication and Access Control Using Smart Cards: Improvement of Chen-Yeh's Method

  • Kim, Yong (Department of Library and Information Science, Chonbuk National University) ;
  • Chung, Min Gyo (Department of Computer Science, Seoul Women's University)
  • 투고 : 2013.05.21
  • 심사 : 2013.08.01
  • 발행 : 2013.08.31

초록

고도의 보안 시스템에서 사용자 인증과 접근제어는 두 가지 중요한 요소이다. 최근 Chen & Yeh는 이 두 가지 보안 요소를 원활하게 잘 통합한 방법을 제안하였다. 그러나 Chen-Yeh 방법은 원격 서버에 스마트 카드 ID 자료를 유지하기 때문에 SVA(stolen verifier attack: 도난 검증자 공격)에 취약하다는 단점을 가지고 있다. 따라서 본 논문에서는 Chen & Yeh 방법의 이런 단점을 개선하고, 장점은 그대로 유지하는 새로운 사용자 인증 및 접근제어 방법을 제안한다. 보안 분석 결과에 의하면, 기존 방법들에 비하여 제안 방법은 여러 가지 다양한 보안 침해 공격에 강인하면서, 사용자 인증 및 접근제어에 도움이 되는 많은 좋은 특징을 보유하고 있는 것으로 입증되었다.

User authentication and access control are two important components in high security applications. Recently, Chen and Yeh proposed a method to integrate both of them seamlessly. However, Chen-Yeh's scheme is vulnerable to a stolen verifier attack, since it maintains a smart card identifier table in a remote server. Therefore, this paper modifies Chen-Yeh's scheme and propose a new integrated authentication and access control scheme that is resilient to the stolen verifier attack while inheriting all the merits of Chen-Yeh's scheme. Security analysis shows that the proposed scheme withstands well-known security attacks and exhibits many good features.

키워드

참고문헌

  1. L. Lamport, Password authentication with insecure communication, CACM 24 (1981), 770-772. https://doi.org/10.1145/358790.358797
  2. X. Tian, R. Zhu, D. Wong, Improved efficient remote user authentication schemes, International Journal of Network Security 4 (2) (2007), 149-154.
  3. R. R. Ahirwal, Y. K. Jain, An efficient smart card based remote user authentication scheme using hash function, Proceedings of 2012 IEEE Students' Conference on Electrical, Electronics and Computer Science (2012), 1-4.
  4. M. Kumar, An enhanced remote user authentication scheme with smart card, International Journal of Network Security 10 (3) (2010), 175-184.
  5. D. Wang, C. Ma, P, Wu, Secure password-based remote user authentication scheme with non-tamper resistant smart cards, Lecture Notes in Computer Science 7371 (2012), 114-121. https://doi.org/10.1007/978-3-642-31540-4_9
  6. C. L. Hsu, Security of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards and Interfaces 26 (3) (2004), 167-169. https://doi.org/10.1016/S0920-5489(03)00094-1
  7. S. W. Lee, H. S. Kim, K. Y. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards and Interfaces 27 (2005), 181-183. https://doi.org/10.1016/j.csi.2004.02.002
  8. K. C. Leung, L. M. Cheng, A. S. Fong, C. K. Chan, Cryptanalysis of a modified remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 49 (4) (2003), 1243-1245. https://doi.org/10.1109/TCE.2003.1261224
  9. J. J. Shen, C. W. Lin, M. S. Hwang, A modified remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 49 (2) (2003), 414-416. https://doi.org/10.1109/TCE.2003.1209534
  10. B. Wang, Z.-Q. Li, A forward-secure user authentication scheme with smart cards, International Journal of Network Security 3 (2) (2006), 116-119.
  11. B. W. Lampson, Protection, ACM Operating Systems Review 8 (1) (1974), 18-24. https://doi.org/10.1145/775265.775268
  12. R. Sandhu, P. Samarati, Access control: principles and practice, IEEE Communications 32 (2) (1994), 40-48.
  13. N. Y. Lee, Integrating access control with user authentication using smart cards, IEEE Transactions on Consumer Electronics, 46 (4) (2000), 943-948. https://doi.org/10.1109/30.920444
  14. H. Y. Chien, J. K. Jan, An integrated user authentication and access control scheme without public key cryptography, Proceedings of IEEE 37th Annual International Carnahan Conference on Security Technology (2003), 137-143.
  15. Y. Chen, L. Yeh, An efficient authentication and access control scheme using smart cards, Proceedings of 11th International Conference on Parallel and Distributed Systems (2005), 78-82.
  16. J. K. Jan, Y. M. Tseng, Two integrated schemes of user authentication and access control in a distributed computer network, IEE Proceedings of Computers and Digital Techniques 145 (6) (1998), 419-424.
  17. X. Chengqiang, Z. Zhenli, An integrated one-timepassword and access control authentication scheme, IEEE Proceedings of 3rd International Conference on Computer Science and Information Technology (2010), 252-254.
  18. J. Jeong, M. Chung, H. Choo, Integrated OTP-based user authentication and access control scheme in home networks, Lecture Notes in Computer Science 4773 (2007), 123-133.