Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

Smart Card Based Password Authentication Scheme using Fuzzy Extraction Technology

퍼지추출 기술을 활용한 스마트 카드 기반 패스워드 인증 스킴

  • 최윤성 (호원대학교 컴퓨터공학부 사이버보안전공)
  • Received : 2018.11.29
  • Accepted : 2018.12.18
  • Published : 2018.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

Lamport firstly suggested password base authentication scheme and then, similar authentication schemes have been studied. Due to the development of Internet network technology, remote user authentication using smart card has been studied. Li et al. analyzed authentication scheme of Chen et al. and then, Li et al. found out the security weakness of Chen et al.'s scheme such forward secrecy and the wrong password login problem, and proposed an a new smart card based user password authentication scheme. But Liu et al. found out that Li et al.'s scheme still had security problems such an insider attack and man-in-the-middle attack and then Liu et al. proposed an efficient and secure smart card based password authentication scheme. This paper analyzed Liu et al.'s authentication and found out that Liu et al.'s authentication has security weakness such as no perfect forward secrecy, off-line password guessing attack, smart-card loss attack, and no anonymity. And then, this paper proposed security enhanced efficient smart card based password authentication scheme using fuzzy extraction technology.

Keywords

Acknowledgement

Supported by : 한국연구재단

References

  1. Chang, C. C., Lee, C. Y., Chiu, Y. C., "Enhanced authentication scheme with anonymity for roaming service in global mobility networks," Computer Communications, Vol.32, No.4, 2009.
  2. Tzong-Chen, W., & Hung-Sung, S., "Authenticating passwords over an insecure channel," Computers & Security, Vol.15, No.5, 1996, pp. 431-439. https://doi.org/10.1016/0167-4048(96)00004-1
  3. Lamport, L., "Password authentication with insecure communication," Communications of the ACM, Vol.24, No.22, 1981, pp. 770-772. https://doi.org/10.1145/358790.358797
  4. Hwang, M. S., & Li, L. H., "A new remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, Vol.46, No.1, 2000, pp. 28-30. https://doi.org/10.1109/30.826377
  5. Choi, Y., Lee, D., Kim, J., Jung, J., Nam, J., & Won, D., "Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography," Sensors, Vol.14, No.6, 2014, pp. 10081-10106. https://doi.org/10.3390/s140610081
  6. Xu, J., Zhu, W. T., & Feng, D. G., "An improved smart card based password authentication scheme with provable security," Computer Standards & Interfaces, Vol.31, No.4, 2009, pp. 723-728. https://doi.org/10.1016/j.csi.2008.09.006
  7. Sood, S. K., Sarje, A. K., & Singh, K., "An improvement of Wang et al.'s authentication scheme using smart cards," In Communications (NCC), 2010 National Conference, 2010, pp. 1-5,
  8. Chen, B. L., Kuo, W. C., & Wuu, L. C., "Robust smart-card-based remote user password authentication scheme," International Journal of Communication Systems, Vol.27, No.2, 2014, pp. 377-389. https://doi.org/10.1002/dac.2368
  9. Li, X., Niu, J., Khan, M. K., & Liao, J, "An enhanced smart card based remote user password authentication scheme," Journal of Network and Computer Applications, Vol.36, No.5, 2013, pp.1365-1371. https://doi.org/10.1016/j.jnca.2013.02.034
  10. Liu, Y. J., Chang, C. C., & Chang, S. C., "An efficient and secure smart card based password authentication scheme," International Journal of Network Security, 2016.
  11. Messerges, T. S., Dabbish, E. A., & Sloan, R. H., "Examining smart-card security under the threat of power analysis attacks," IEEE transactions on computers, Vol.51, No.5, 2002, pp. 541-552. https://doi.org/10.1109/TC.2002.1004593
  12. Choi, Y., Nam, J., Lee, D., Kim, J., Jung, J., & Won, D, "Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics," The Scientific World Journal, 2014.
  13. Choi, Y., Nam, J., Lee, Y., Jung, S., & Won, D, "Cryptanalysis of advanced biometric-based user authentication scheme for wireless sensor networks," In Computer Science and Its Applications, Springer Berlin Heidelberg, 2015, pp. 1367-1375.
  14. Jung, J., Choi, Y., Lee, D., Kim, J., Mun, J., & Won, D., "Cryptanalysis of Dynamic ID-Based User Authentication Scheme Using Smartcards Without Verifier Tables," In Advances in Computer Science and Ubiquitous Computing, 2015, pp. 45-51.
  15. JT. C.Wu and H. S. Sung, "Authentication passwords over an insecure channel," Computer and Security, Vol.15, No.5, 1996, pp. 431-439. https://doi.org/10.1016/0167-4048(96)00004-1
  16. 박중오, "스마트 디바이스 기반의 보안성 강화를 위한 접근제어 기법 설계," 디지털산업정보학회 논문지, 제14권, 제3호, 2018, pp. 11-20.
  17. 이재영, "스마트카드 기반의 사용자 인증 기법에 관한 연구," 디지털산업정보학회논문지, 제14권, 제2호, 2018년, pp. 27-33. https://doi.org/10.17662/KSDIM.2018.14.2.027
  18. 양환석, "MANET의 멀티캐스트 환경에서 신뢰성 향상을 위한 계층기반 암호 프로토콜 기법 연구," 디지털산업정보학회논문지, 제13권, 제3호, 2017 년, pp. 43-51. https://doi.org/10.17662/KSDIM.2017.13.3.043