Improvement of Chien et al.'s remote user authentication scheme using smart cards

Lee, Sung-Woon; Kim, Hyunsung; Yoo, Kee-Young

doi:10.1016/j.csi.2004.02.002

Cited by 89 publications

(40 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, both the computation cost of the user and that of the service provider server are 5 T H + 4 T X and 6 T H + 3 T X respectively. The proposed protocol requires more computation than that of Kim and Chung's scheme but it is highly secure as compared to the related schemes (Chien et al, 2002;Lee et al, 2004aLee et al, , 2004bYoon and Yoo, 2005;Kim and Chung, 2009;Hsiang and Shih, 2009;Xu et al, 2009). The proposed protocol is free from masquerading user attack, masquerading server attack, offline dictionary attack and parallel session attack, while the latest scheme proposed by Kim and Chung (2009) suffers from these attacks.…”

Section: Cost and Functionality Analysismentioning

confidence: 91%

“…Hsu (2004) demonstrated that Chien et al's scheme is susceptible to parallel session attack so that the intruder without knowing the user's password can masquerade as the legitimate user by creating a valid login message from the eavesdropped communication between the authentication server and the user. Lee et al (2004aLee et al ( , 2004b improved Chien et al's scheme by eliminating the parallel session attack. Yoon and Yoo (2005) found that Lee et al's schemes are susceptible to masquerading server attack and proposed an improvement on Lee et al's schemes.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An improved and secure smart card-based authentication scheme

Sood¹

2011

IJMIS

View full text Add to dashboard Cite

Kim and Chung (2009) found that Yoon and Yoo's scheme (2005) easily reveals a user's password and is susceptible to masquerading user attack, masquerading server attack and stolen verifier attack. Therefore, Kim and Chung proposed a new remote user authentication scheme. They claimed that the proposed scheme resolves all aforementioned security flaws, while keeping the merits of Yoon and Yoo's scheme. However, we found that Kim and Chung's scheme is susceptible to masquerading user attack, masquerading server attack, offline dictionary attack using stolen smart card and parallel session attack. This paper improves Kim and Chung's scheme that resolves the aforementioned security flaws, while keeping the merits of Kim and Chung's scheme. The security of the proposed protocol depends upon two security parameters which makes difficult for an attacker to launch attacks on the proposed scheme. Therefore, the attacker can not get any meaningful authentication information from eavesdropping.

show abstract

Section: Cost and Functionality Analysismentioning

confidence: 91%

Section: Introductionmentioning

confidence: 99%

An improved and secure smart card-based authentication scheme

Sood¹

2011

IJMIS

View full text Add to dashboard Cite

show abstract

“…In Chien et al's scheme, users are allowed to choose the password without registering with the server. In 2004, Lee et al [2] . gave a cryptanalysis to Chien C.-T. Li et al [6] .…”

Section: ⅰ Introductionmentioning

confidence: 99%

“…In the past couple of decades, there have been many researches [1][2][3][4][5][6][7][8][9][10][11][12] about remote user authentication over insecure network.…”

Section: ⅰ Introductionmentioning

confidence: 99%

Cryptanalysis of a Secure Remote User Authentication Scheme

Jin¹,

Lee²,

Won³

2012

The Journal of Korea Information and Communications Society

View full text Add to dashboard Cite

In 2011, C.-T. Li et al. proposed a secure user authentication scheme, which is an improvement over Kim et al.'s scheme to resolve several security flaws such as off-line password guessing attack and masquerading attack. C.-T. Li et al. claimed that their scheme prevents smart card security related attacks. Moreover, it provides mutual authentication and session key establishment. However, we found that their scheme is vulnerable to password guessing attack through password change phase, smart card forgery attack and stolen verifier attack. Moreover, C.-T. Li et al.'s scheme is not secure against password guessing attack as they claimed. In this paper, we also point out that their scheme is not practical to use.

show abstract

“…For instance, there is no way to avoid an adversary from applying his impersonation attack to the victim user if both the user's password and smart card were lost/stolen. Therefore, several schemes [16][17][18][19] ensure the security of the system when either his password or his smart card is lost/stolen, but not both of them at the same time. On the opposite side, there is a sturdy secret key that combines smart cards and biometrics with passwords (called Multi-Factor Authentication (MFA)) that enjoy high entropy.…”

Section: Introductionmentioning

confidence: 99%

Strong Authentication Scheme Based on Hand Geometry and Smart Card Factors

2016

View full text Add to dashboard Cite

Abstract:In 2009, Xu et al. presented a safe, dynamic, id-based on remote user authentication method that has several advantages such as freely chosen passwords and mutual authentication. In this paper, we review the Xu-Zhu-Feng scheme and indicate many shortcomings in their scheme. Impersonation attacks and insider attacks could be effective. To overcome these drawbacks, we propose a secure biometric-based remote authentication scheme using biometric characteristics of hand-geometry, which is aimed at withstanding well-known attacks and achieving good performance. Furthermore, our work contains many crucial merits such as mutual authentication, user anonymity, freely chosen passwords, secure password changes, session key agreements, revocation by using personal biometrics, and does not need extra device or software for hand geometry in the login phase. Additionally, our scheme is highly efficient and withstands existing known attacks like password guessing, server impersonation, insider attacks, denial of service (DOS) attacks, replay attacks, and parallel-session attacks. Compared with the other related schemes, our work is powerful both in communications and computation costs.

show abstract

Improvement of Chien et al.'s remote user authentication scheme using smart cards

Cited by 89 publications

References 6 publications

An improved and secure smart card-based authentication scheme

An improved and secure smart card-based authentication scheme

Cryptanalysis of a Secure Remote User Authentication Scheme

Strong Authentication Scheme Based on Hand Geometry and Smart Card Factors

Contact Info

Product

Resources

About