An enhanced authentication scheme based remote user password using smart card

AHMED YASER FAHAD AL_SAHLANI, Songfeng Lu

Abstract


Authentication using smart card is a mechanism to verify the legitimacy of the user over insecure communication. Recently, Chen et al. figured out some weaknesses in previously published schemes, they proposed a robust smart card based remote user password authentication scheme. They claimed that, their scheme is efficient and can ensure the session key forward secrecy. We analyzed their scheme, we found that, it cannot detect incorrect password within login phase. Furthermore, the user required to communicate with the server to change or update his/her password. Besides, it cannot securely forward the secrecy. In this paper, we propose a scheme to overcome the aforesaid weaknesses and produce an enhanced authentication scheme based remote user password using smart card. We use a TRPT (Temporary Registration Password Technique) within registration phase to secure user's password. Our proposed scheme can resist various malicious attacks, achieve mutual authentication,  user can choose and change his/her password freely without need to communicates with the server, securely forward secrecy, and the login password never been exposed or transferred over channel. We show that, our proposed scheme achieved the goal, and it is more legible to practical use compared to the other related schemes.


References


L. Lamport. Password authentication with insecure communication. Communications of the ACM, 1981, 24(11): 770-772.

H.M. Sun. An efficient remote use authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, 2000, 46, 958-961.

W.C. Ku, S.M. Chen, Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, 2004, 50, 204-207.

C.K. Chan, L.M. Cheng. Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 2000, 46(4): 992-993.

H.Y. Chien, J.Y. Jan, Y.M. Tseng. An efficient and practical solution to remote authentication: smart card. Computers & Security, 2002, 21(4): 372-375.

C.L. Hsu. Security of Chien et al.'s remote user authentication scheme using smart cards. Computer Standards & Interfaces, 2004, 26(3): 167-169.

M.S. Hwang, L.H. Li, A new remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, 2000, 46(1): 28-30.

K.U. Wei-Chi, S.T. Chang. Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards. IEICE Transactions on Communications, 2005, 88(5): 2165-2167.

S,-J. Wang, and Jin-Fu Chang, “Smart card based secure password authentication scheme,” Computers & Security,Vol. 15, No. 3, pp. 231-237, 1996.

Chun-I Fan Robust remote authentication scheme with smart cards. Computers & Security, 2005, Vol. 24, Issue 8, 619-628.

J. Xu, W.T. Zhu, D.G. Feng. An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces, 2009, 31(4): 723-728.

S.K. Sood, A.K. Sarje, K. Singh. An improvement of Xu et al.'s authentication scheme using smart cards. in: Proceedings of The Third Annual ACM Bangalore Conference, Bangalore, Karnataka, India, 2010;15.

R. Song. Advanced smart card based password authentication protocol. Computer Standards & Interfaces 2010; 32(5): 321-325.

B.L. Chen, W.C. Kuo, L.C. Wuu. Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems, 2014, 27(2): 377-389.

Li X, Niu J, Khurram Khan M, Liao J. An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 2013;36(5):1365e71.


پاراگلایدر Full Text: PDF

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

ISSN : 2251-1563