Improvement of robust smart‐card‐based password authentication scheme

Jiang, Qi; Ma, Jianfeng; Li, Guangsong; Li, Xinghua

doi:10.1002/dac.2644

Cited by 114 publications

(120 citation statements)

References 26 publications

Supporting

Mentioning

120

Contrasting

Order By: Relevance

“…We then present a fix to prevent an attacker to perform such an attack on the protocol. We note there has been another recent protocol by the same authors which is smart card based [2]. We observe that protocol also to be insecure against the clogging attack.…”

Section: Our Resultsmentioning

confidence: 64%

“…We however note that they had another version of the protocol which works with smart card in [2]. Once we demonstrate the vulnerability in [1] against the clogging attack, the vulnerability is easily observed to work for [2] as well. Jiang et al's protocol in [1] is an improvement over Chen at al.…”

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 79%

“…We present a clogging attack on the protocol. We observe their smart card based version of the protocol of [2] also to be insecure against this attack. Most of the protocols they cite in their papers [1] and [2] are vulnerable to clogging attack.…”

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 95%

“…We observe their smart card based version of the protocol of [2] also to be insecure against this attack. Most of the protocols they cite in their papers [1] and [2] are vulnerable to clogging attack. We identify the mathematical basis which make the protocols vulnerable to this attack, and suggest a possible fix for them.…”

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 95%

“…Smart card based password authentication (e.g. [2], [3], [7], [8], [9], [10], [11]) is one of the most convenient and effective two-factor authentication mechanisms for remote systems. This technique has been widely deployed for various kinds of authentication applications, such as remote host login, online banking, shopping on the internet, e-commerce and e-health.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Talluri

Roy

2014

Advanced Computing, Networking and Informatics- Volume 2

View full text Add to dashboard Cite

Abstract. In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Jiang et al., is a password-based authentication scheme 1 which does not use smart cards. We note that this scheme is an improvement over Chen et al.'s scheme shown vulnerable to the off-line dictionary attack by Jiang et al. We perform a cryptanalysis on Jiang at al.'s improved protocol and observe that it is prone to the clogging attack, a kind of denial of service (DoS) attack. We then suggest an improvement on the protocol to prevent the clogging attack. The other protocol we consider for analysis is by Wang et al. This is a smart card based authentication protocol. We again perform the clogging (DoS) attack on this protocol via replay. We observe that all smart card based authentication protocols which precede the one by Wang et al., and require the server to compute the computationally intensive modular exponentiation are prone to the clogging attack. We suggest (another) improvement on the protocol to prevent the clogging attack, which also applies to the protocol by Jiang et. al.

show abstract

Section: Our Resultsmentioning

confidence: 64%

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 79%

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 95%

Section: Jiang Et Al's Password Based Protocolmentioning

confidence: 95%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Talluri

Roy

2014

Advanced Computing, Networking and Informatics- Volume 2

View full text Add to dashboard Cite

show abstract

Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al.

Jiang

Tian

2014

Int J Communication

Self Cite

View full text Add to dashboard Cite

As the core signaling protocol for multimedia services, such as voice over internet protocol, the session initiation protocol (SIP) is receiving much attention and its security is becoming increasingly important. It is critical to develop a roust user authentication protocol for SIP. The original authentication protocol is not strong enough to provide acceptable security level, and a number of authentication protocols have been proposed to strengthen the security. Recently, Zhang et al. proposed an efficient and flexible smart-card-based password authenticated key agreement protocol for SIP. They claimed that the protocol enjoys many unique properties and can withstand various attacks. However, we demonstrate that the scheme by Zhang et al. is insecure against the malicious insider impersonation attack. Specifically, a malicious user can impersonate other users registered with the same server. We also proposed an effective fix to remedy the flaw, which remedies the security flaw without sacrificing the efficiency. The lesson learned is that the authenticators must be closely coupled with the identity, and we should prevent the identity from being separated from the authenticators in the future design of two-factor authentication protocols. schemes into four classes, that is, password authenticated key agreement based, hash and symmetric encryption based, public key cryptography based and identity-based schemes. The public key cryptography based schemes can be further classified into Rivest Shamir Adleman and elliptic curve cryptography (ECC) based schemes. In this paper, we mainly review the protocols closely related to our work.In 2005, Yang et al. [6] proposed an authentication protocol based on Diffie-Hellman key exchange. But their protocol was later found to be vulnerable to the offline password guessing attack. Moreover, their scheme is not suitable for end user devices with limited computing capability because of the involvement of expensive modular exponentiations. In 2009, Wu et al. [7] proposed an authentication scheme for SIP based on ECC. Although they claimed that their scheme was provably secure, Yoon et al. [8] demonstrated that the protocol by Wu et al. is insecure against the offline password guessing attack. Yoon et al. also presented an improved authentication protocol for SIP based on ECC. However, the scheme by Yoon et al. is still vulnerable to the offline password guessing attack. Also in 2009, Tsai [9] presented a nonce-based authentication protocol, which only involves one-way hash function. However, Yoon et al. [10] showed that Tsai's protocol [9] suffers from the offline password guessing attack, the stolen verifier attack, and so on. In 2012, Xie [11] showed that the scheme of Yoon et al. [10] is vulnerable to the offline password guessing attack and stolen verifier attack. Xie also proposed a new security-enhanced authentication protocol for SIP using ECC. Arshad et al. [12] also pointed out that Tsai's scheme [9] is insecure against the offline password guessing attack and stolen ve...

show abstract

Design and analysis of an improved smartcard‐based remote user password authentication scheme

Islam

2014

Int J Communication

View full text Add to dashboard Cite

SummaryWith the fast development of the Internet and the telecommunication technologies, internet users are carrying out various electronic transactions over internet by means of the authentication protocols. To ensure efficient and robust online transaction, security of authentication protocol turns out to be a great concern nowadays. As a result, smartcard‐based password authentication and session key agreement scheme receives significant attention in recent years. In the literature, various authentication schemes have been proposed by the cryptographic research community. Recently, Li et al. analyze some security weaknesses of the authentication scheme of Chen et al. and propose an enhancement based on the discrete logarithm problem and computational Diffie–Hellman problem. This paper further cryptanalyzes the scheme of Li et al. and identifies various security loopholes and then constructs a modified authentication scheme as a remedy. The security and efficiency evaluations demonstrate that our scheme has more security features and low computation costs than the related schemes. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Improvement of robust smart‐card‐based password authentication scheme

Cited by 114 publications

References 26 publications

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al.

Design and analysis of an improved smartcard‐based remote user password authentication scheme

Contact Info

Product

Resources

About