An enhanced smart card based remote user password authentication scheme

Li, Xiong; Niu, Jianwei; Khan, Muhammad Khurram; Liao, Junguo

doi:10.1016/j.jnca.2013.02.034

Cited by 240 publications

(155 citation statements)

References 18 publications

Supporting

Mentioning

154

Contrasting

Order By: Relevance

“…However, Shimizu et al [4] showed that the Lamport's scheme [3] suffers from different attacks. After that so many remote user authentication schemes [5][6][7][8][9][10][11][12][13][14][15][16] have been proposed in this regard which are based on only password. But, the researchers have considered biometric feature [2] with the password to enhance the security label.…”

Section: Literature Surveymentioning

confidence: 99%

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Giri

Maitra

2017

ITM Web Conf.

View full text Add to dashboard Cite

Abstract. Due to rapid growth of online applications, it is needed to provide such a facility by which communicators can get the services by applying the applications in a secure way. As communications are done through an insecure channel like Internet, any adversary can trap and modify the communication messages. Only authentication procedure can overcome the aforementioned problem. Many researchers have proposed so many authentication schemes in this literature. But, this paper has shown that many of them are not usable in real world application scenarios because, the existing schemes cannot resist all the possible attacks. Therefore, this paper has proposed a three factor authentication scheme using hash function and fuzzy extractor. This paper has further analyzed the security of the proposed scheme using random oracle model. The analysis shows that the proposed scheme can resist all the possible attacks. Furthermore, comparison between proposed scheme and related existing schemes shows that the proposed scheme has better trade-off among storage, computational and communication costs.

show abstract

Section: Literature Surveymentioning

confidence: 99%

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Giri

Maitra

2017

ITM Web Conf.

View full text Add to dashboard Cite

show abstract

“…After that, the server provides the user with his smart card used in the login and authentication phases. There are many schemes [25][26][27] based on this traditional model that have faced several issues such as failing to preserve user's anonymity, not being able to resist well-known attacks, and not having the ability to use revocation features when the legitimate user loses or has his smart card stolen.…”

Section: Our Proposed Scheme For Design Issuesmentioning

confidence: 99%

Strong Authentication Scheme Based on Hand Geometry and Smart Card Factors

2016

View full text Add to dashboard Cite

Abstract:In 2009, Xu et al. presented a safe, dynamic, id-based on remote user authentication method that has several advantages such as freely chosen passwords and mutual authentication. In this paper, we review the Xu-Zhu-Feng scheme and indicate many shortcomings in their scheme. Impersonation attacks and insider attacks could be effective. To overcome these drawbacks, we propose a secure biometric-based remote authentication scheme using biometric characteristics of hand-geometry, which is aimed at withstanding well-known attacks and achieving good performance. Furthermore, our work contains many crucial merits such as mutual authentication, user anonymity, freely chosen passwords, secure password changes, session key agreements, revocation by using personal biometrics, and does not need extra device or software for hand geometry in the login phase. Additionally, our scheme is highly efficient and withstands existing known attacks like password guessing, server impersonation, insider attacks, denial of service (DOS) attacks, replay attacks, and parallel-session attacks. Compared with the other related schemes, our work is powerful both in communications and computation costs.

show abstract

“…While this scheme was also proved by Kumari and Khan [34] it suffered from insider attack and impersonation attack. Li et al [35], in 2013, reanalyzed Chen et al 's scheme and then indicated that it cannot promise forward secrecy.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Wang¹,

Xu²

2017

Security and Communication Networks

View full text Add to dashboard Cite

Remote user authentication is the first step to guarantee the security of online services. Online services grow rapidly and numerous remote user authentication schemes were proposed with high capability and efficiency. Recently, there are three new improved remote user authentication schemes which claim to be resistant to various attacks. Unfortunately, according to our analysis, these schemes all fail to achieve some critical security goals. This paper demonstrates that they all suffer from offline dictionary attack or fail to achieve forward secrecy and user anonymity. It is worth mentioning that we divide offline dictionary attacks into two categories: (1) the ones using the verification from smart cards and (2) the ones using the verification from the open channel. The second is more complicated and intractable than the first type. Such distinction benefits the exploration of better design principles. We also discuss some practical solutions to the two kinds of attacks, respectively. Furthermore, we proposed a reference model to deal with the first kind of attack and proved its effectiveness by taking one of our cryptanalysis schemes as an example.

show abstract

An enhanced smart card based remote user password authentication scheme

Cited by 240 publications

References 18 publications

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Strong Authentication Scheme Based on Hand Geometry and Smart Card Factors

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Contact Info

Product

Resources

About