• Title/Summary/Keyword: 사용자 인증 스킴

Search Result 63, Processing Time 0.032 seconds

A Study on the User Authentication Scheme with Forward Secrecy (순방향 비밀성을 제공하는 사용자 인증 스킴에 관한 연구)

  • An, Young-Hwa
    • Journal of the Korea Society of Computer and Information
    • /
    • v.16 no.2
    • /
    • pp.183-191
    • /
    • 2011
  • Recently Wang-Li proposed the remote user authentication scheme using smart cards. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we described the Wang-Li and Yoon et al.'s authentication scheme simply, and we prove that the Wang-Li's scheme is vulnerable to a password guessing attack and impersonation attack in case that the attacker steals the user's smart card and extracts the information in the smart card. Accordingly, we propose the improved user authentication scheme based on the hash function and generalized ElGamal signature scheme that can withstand many possible attacks including a password guessing attack, impersonation attack and replay attack, and that can offer the function of forward secrecy. The result of comparative analysis, the our proposed scheme is much more secure and efficient than the Wang-Li and Yoon et al.'s scheme.

Cryptanalysis of a Remote User Authentication scheme using Smart Cards (스마트카드를 이용한 원격 사용자 인증 스킴의 안전성 분석)

  • Shin, Seung-Soo;Han, Kun-Hee;Chun, Je-Ran
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.11
    • /
    • pp.5245-5251
    • /
    • 2011
  • Seo et al. criticizes that Hu-Niu-Yang's certification scheme is not enough to satisfy the security requirements of a smart card-based certification scheme because it has a weakness of password guessing attack as well as gives attackers opportunities to be disguised as legitimate users. However, Seo et al. also has a weakness not satisfying the security requirements. This paper suggests a new scheme that contains the characteristics of certification scheme provided by Seo et al. but compensates weak points. The findings show that the new scheme is more safety and efficient than Seo et al.'s

An Improved User Authentication Scheme Based on Random Nonce (랜덤 Nonce 기반 사용자 인증 스킴의 안전성 개선에 관한 연구)

  • Joo, Young-Do;An, Young-Hwa
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.15 no.3
    • /
    • pp.33-40
    • /
    • 2010
  • Recently Yoon et al. proposed the remote user authentication scheme using smart cards. But their scheme has not satisfied security requirements which should be considered in the user authentication scheme using the password based smart card. In this paper, we prove that Yoon et al.'s scheme is vulnerable to a password guessing attack in case that the attacker steals the user's smart card and extracts the information from the smart card. Accordingly, we propose the improved user authentication scheme based on the hash function and random nonce that can withstand various possible attacks including a password guessing attack. The result of comparative analysis demonstrates that the our proposed scheme is much more secure and efficient than the Yoon et al.'s scheme, with a trivial trade-off to require just a few more exclusive-OR operations.

A Robust and Secure Remote User Authentication Scheme Preserving User Anonymity (사용자 익명성을 보장하는 안전하고 개선된 원격 사용자 인증스킴)

  • Shin, Kwang-Cheul
    • The Journal of Society for e-Business Studies
    • /
    • v.18 no.2
    • /
    • pp.81-93
    • /
    • 2013
  • Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an common communication channel. Currently, smart card based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the mutual authentication. 2009 years, Wang et al.'s proposed a dynamic ID-based remote user authentication schemes using smart cards. They presented that their scheme preserves anonymity of user, has the feature of storing password chosen by the server, and protected from several attacks. However, in this paper, I point out that Wang et al.'s scheme has practical vulnerability. I found that their scheme does not provide anonymity of a user during authentication. In addition, the user does not have the right to choose a password. And his scheme is vulnerable to limited replay attacks. In particular, the parameter y to be delivered to the user is ambiguous. To overcome these security faults, I propose an enhanced authentication scheme, which covers all the identified weakness of Wang et al.'s scheme and an efficient user authentication scheme that preserve perfect anonymity to both the outsider and remote server.

Improvements of a Dynamic ID-Based Remote User Authentication Scheme (동적 ID 기반 원격 사용자 인증 스킴의 보안성 개선)

  • Young-Do, Joo;An, Young-Hwa
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.11 no.6
    • /
    • pp.303-310
    • /
    • 2011
  • Recently, many user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication process. In 2009, Wang et al. proposed a more effective and secure dynamic ID-based remote user authentication scheme to improve the security weakness of Das et al.'s scheme, and asserted that the improved scheme is secure against independent of password in authentication phase and provides mutual authentication between the user and the remote server. However, in this paper, we analyze the security of Wang et al. scheme and demonstrate that Wang et al.'s scheme is vulnerable to the man-in-the-middle attack and the off-line password guessing attack. In addition, we show that Wang et al. scheme also fails to provide mutual authentication. Accordingly, we propose an improved scheme to overcome these security weakness even if the secrete information stored in the smart card is revealed. Our proposed scheme can withstand the user impersonation attack, the server masquerading attack and off-line password guessing attack. Furthermore, this improved scheme provides the mutual authentication and is more effective than Wang et al.'s scheme in term of the computational complexities.

Security Improvements on the Remote User Authentication Scheme Using Smart Cards (스마트카드를 사용한 원격 사용자 인증 스킴의 시큐리티 개선에 관한 연구)

  • Seo, Jeong-Man;An, Young-Hwa
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.3
    • /
    • pp.91-97
    • /
    • 2010
  • Recently Hu-Niu-Yang proposed the user authentication scheme to improve Liu et al's scheme. But the Hu-Niu-Yang's scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hu-Niu-Yang's scheme is vulnerable to the off-line password guessing attack in case that the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved user authentication scheme solving the security vulnerability was introduced, thus preventing the attacks, such as password guessing attack, forgery attack impersonation attack, and replay attack. For preventing those attacks, the our proposed scheme need more hash functions and exclusive-OR operations than Hu-Niu-Yang's scheme.

Cryptanalysis and Enhancement of the An's Remote User Authentication Scheme using the Smart Cards (스마트카드를 이용한 An의 원격 사용자 인증 스킴의 안전성 분석 및 개선)

  • Shin, Seung-Soo;Han, Kun-Hee
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.10
    • /
    • pp.4612-4617
    • /
    • 2011
  • Hsiang-Shin proposed a user authentication scheme which was created by improving Yoon's scheme. Afterwards, An showed the failure to meet security requirements which are considered in user authentication using password-based smart card in Hsiang-Shih-suggested scheme. In other words, it was found that an attacker can steal a user's card, and detect a user's password by temporarily accessing it and extracting the information stored in it. However, An-proposed scheme also showed its vulnerability to password-guessing attack and forgery/impersonation attack, etc. and thus, this paper proposed the improved user authentication scheme. The proposed authentication scheme can thwart the password-guessing attack completely and this paper proposed scheme also includes an efficient mutual authentication method that can make it possible for users and authentication server to certify the other party.

Cryptanalysis and Enhancement of a Remote User Authentication Scheme Using Smart Cards (스마트카드를 이용한 사용자 인증 스킴의 안전성 분석 및 개선)

  • Lee, Young-Sook;Won, Dong-Ho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.1
    • /
    • pp.139-147
    • /
    • 2010
  • A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. In 2005, Liao et al. proposed a remote user authentication scheme using a smart card, in which users can be authenticated anonymously. Recently, Yoon et al. have discovered some security flaws in Liao et al.'s authentication scheme and proposed an improved version of this scheme to fix the security flaws. In this article, we review the improved authentication scheme by Yoon et al. and provide a security analysis on the scheme. Our analysis shows that Yoon et al.'s scheme does not guarantee not only any kind of authentication, either server-to-user authentication or user-to-server authentication but also password security. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, and an off-line dictionary attack on Yoon et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Yoon et al.'s scheme.

Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards (스마트 카드를 이용한 생체인식 기반 사용자 인증 스킴의 안전성 분석 및 개선)

  • An, Young-Hwa
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.2
    • /
    • pp.159-166
    • /
    • 2012
  • Many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2010, Chang et al. proposed an improved biometrics-based user authentication scheme without concurrency system which can withstand forgery attack, off-line password guessing attack, replay attack, etc. In this paper, we analyze the security weaknesses of Chang et al.'s scheme and we have shown that Chang et al.'s scheme is still insecure against man-in-the-middle attack, off-line biometrics guessing attack, and does not provide mutual authentication between the user and the server. And we proposed the improved scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result, the proposed scheme is secure for the user authentication attack, the server masquerading attack, the man-in-the-middle attack, and the off-line biometrics guessing attack, does provide the mutual authentication between the user and the remote server. And, in terms of computational complexities, the proposed scheme is more effective than Chang et al.'s scheme.

Improvements of the Hsiang-Shih's remote user authentication scheme using the smart cards (스마트카드를 이용한 Hsiang-Shih의 원격 사용자 인증 스킴의 개선에 관한 연구)

  • An, Young-Hwa
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.2
    • /
    • pp.119-125
    • /
    • 2010
  • Recently Hsiang-Shih proposed the user authentication scheme to improve Yoon et al's scheme. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hsiang-Shih's scheme is vulnerable to the off-line password guessing attack. In other words, the attacker can get the user's password using the off-line password guessing attack on the scheme when the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved scheme based on the hash function and random number was introduced, thus preventing the attacks, such as password guessing attack, forgery attack and impersonation attack etc. And we suggested the effective mutual authentication scheme that can authenticate each other at the same time between the user and server.