Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지
DOI QR코드

DOI QR Code

Security Enhancement of Lightweight User Authentication Scheme Using Smartcard

스마트카드를 이용한 안전한 경량급 사용자 인증 스킴의 설계

  • 이영숙 (호원대학교 IT소프트웨어보안학과)
  • Received : 2020.09.01
  • Accepted : 2020.10.29
  • Published : 2020.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

The environment of the Internet provides an efficient communication of the things which are connected. While internet and online service provide us many valuable benefits, online services offered and accessed remotely through internet also exposes us to many different types of security threats. Most security threats were just related to information leakage and the loss of authentication on client-server environment. In 2016, Ahmed et al. proposed an efficient lightweight remote user authentication protocol. However, Kang et al. show that it's scheme still unstable and inefficient. It cannot resist offline identity guessing attack and cannot provide session key confirmation property. Moreover, there is some risk of biometric information's recognition error. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since we only use hash function and XOR operation.

인터넷을 통한 통신환경은 연결 가능한 사물들 간에 효율적인 통신을 제공한다. 이런 환경에서의 정보통신은 우리에게 편리함을 제공하기는 하나 여러 형태의 보안위협이 도사리고 있는 실정이다. 인터넷을 이용하여 원격으로 접속하여 제공받는 서비스에 존재하는 보안위협 중 대부분은 전송되는 정보의 유출과 클라이언트 서버 간 인증에 대한 손실이다. 2016년 Ahmed 등이 스마트카드를 이용한 안전한 경량급 사용자 인증 스킴을 제안하였다. 그러나 Kang등이 제안한 논문에서 그들이 제안 프로토콜은 identity guessing attack에 취약하고 session key confirmation을 달성할 수 없다는 것을 주장하였다. 본 논문은 Ahmed 등이 제안한 논문의 취약점을 개선하여 더욱 안전하고 효율적인 경량급 사용자 인증 스킴을 제안하였다.

Keywords

References

  1. Omar Cheikhrouhou, Anis Koubaa, Manel Boujelben, and Mohamed Abid, "A Lightweight User Authentication Scheme for Wireless Sensor Networks", Ad Hoc Networks, Vol. 9, No. 5, pp. 727-735, 2011. https://doi.org/10.1016/j.adhoc.2010.08.020
  2. Hwang, Min-Shiang, and Li-Hua Li, "A new remote user authentication scheme using smart cards." IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, 2000. https://doi.org/10.1109/30.826377
  3. Al_Sahlani, Ahmed YF, and Songfeng Lu, "Lightweight Communication Overhead Authentication Scheme Using Smart Card." Indonesian Journal of Electrical Engineering and Computer Science Vol. 1, No. 3, pp. 597-606, 2016. https://doi.org/10.11591/ijeecs.v1.i3.pp597-606
  4. D. Kang, J. Jung, H. Yang, Y. Choi, and D Won, "Cryptanalysis of Lightweight User Authentication Scheme Using Smartcard", AHFE 2017, Los Angeles, USA, pp. 78-84, 2017.
  5. Y. Lee, "Security Analysis of a Biometric-Based User Authentication Scheme", The Korea-Society of Digital Industry& Information Management, Vol. 10, No.1, pp. 81-87, 2014.
  6. Y. Choi, Y. Lee, D. Won, "Security Improvement on Biometric Based Authentication Scheme for Wireless Sensor Networks Using Fuzzy Extraction", International Journal of Distributed Sensor Networks Volume 2016, Article ID 8572410, 16 pages http://dx.doi.org/10.1155/2016/8572410, 2016.
  7. Y. Lee, "Security Analysis to an Biometric Authentication Protocol for wireless Sensor Networks", The Korea-Society of Digital Industry& Information Management, Vol. 11, No. 1, pp. 59-67, 2015. https://doi.org/10.17662/ksdim.2015.11.1.059
  8. Lee, Hanwook, et al., "Forward Anonymity-Preserving Secure Remote Authentication Scheme." KSII Transactions on Internet & Information Systems, Vol. 10, No. 3, 2016.
  9. Chien, Hung-Yu, and Che-Hao Chen, "A remote authentication scheme preserving user anonymity", Advanced Information Networking and Applications, AINA 2005 19th International Conference on. Vol. 2. IEEE, 2005.
  10. Y. Lee, J. Nam, J Kwak, and D Won, "Password-Only Authenticated Key Exchange Between Two Agents in the Four-Party Setting", KES-AMSTA, LNAI 4496, pp. 616-625, 2007.
  11. Y. Lee, "Security Enhancement to an Biometric Authentication Protocol for WSN Environment", Journal of Information and Security, Vol. 10, No. 1, pp. 83-88, 2016.