Password authentication schemes with smart cards

Yang, Wen-Her; Shieh, Shiuh-Pyng

doi:10.1016/s0167-4048(99)80136-9

Cited by 270 publications

(123 citation statements)

References 16 publications

Supporting

Mentioning

116

Contrasting

Order By: Relevance

“…In 1999, Yang and Shieh [2] proposed two password authentication schemes with smart cards one of which was the timestamp-based password authentication scheme. In 2002, Chan and Cheng [3] showed that [2] is vulnerable to forged login attack and an adversary could be able to impersonate as a legal user to pass the system authentication.…”

Section: Related Workmentioning

confidence: 99%

“…In 2002, Chan and Cheng [3] showed that [2] is vulnerable to forged login attack and an adversary could be able to impersonate as a legal user to pass the system authentication. Fan et.…”

Section: Related Workmentioning

confidence: 99%

“…al. [4] presented a cryptanalysis of [2] and showed another type of attack different than that is in [3] and also proposed an enhanced scheme which could withstand Chan-Cheng attack and their demonstrated attack. But, later [5] showed that, Fan et.…”

Section: Related Workmentioning

confidence: 99%

“…al. [1] came up with one enhanced scheme based on [2] which they claimed to be efficient enough to protect the authentication process from forged login or forged server attacks. Unfortunately, later [7], [8] and [9] showed that the improved scheme proposed by Shen et.…”

Section: Related Workmentioning

confidence: 99%

“…al. scheme [1] which is basically based on the basic timestamp-based scheme proposed by Yang and Shieh [2]. In this paper, we propose an improved timestamp-based mutual authentication scheme which is adapted from Shen et.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards

Pathan

Hong

2007

The 9th International Conference on Advanced Communication Technology

View full text Add to dashboard Cite

⎯ With the recent proliferation of distributed systems and networking, remote authentication has become a crucial task in many networking applications. Various schemes have been proposed so far for the two-party remote authentication; however, some of them have been proved to be insecure. In this paper, we propose an efficient timestamp-based password authentication scheme using smart cards. We show various types of forgery attacks against a previously proposed timestamp-based password authentication scheme and improve that scheme to ensure robust security for the remote authentication process, keeping all the advantages that were present in that scheme. Our scheme successfully defends the attacks that could be launched against other related previous schemes. We present a detailed cryptanalysis of previously proposed Shen et. al's scheme and an analysis of the improved scheme to show its improvements and efficiency.

show abstract

Section: Related Workmentioning

confidence: 99%

“…In 2002, Chan and Cheng [3] showed that [2] is vulnerable to forged login attack and an adversary could be able to impersonate as a legal user to pass the system authentication. Fan et.…”

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards

Pathan

Hong

2007

The 9th International Conference on Advanced Communication Technology

View full text Add to dashboard Cite

show abstract

A robust and efficient dynamic identity‐based multi‐server authentication scheme using smart cards

Chang

Cheng

Hsueh

2014

Int J Communication

View full text Add to dashboard Cite

In single-server architecture, one service is maintained by one server. If a user wants to employ multiple services from different servers, he/she needs to register with these servers and to memorize numerous pairs of identities and passwords corresponding to each server. In order to improve user convenience, many authentication schemes have been provided for multi-server environment with the property of single registration. In 2013, Li et al. provided an efficient multi-server authentication scheme, which they contended that it could resist several attacks. Nevertheless, we find that their scheme is sensitive to the forgery attack and has a design flaw. This paper presents a more secure dynamic identity-based multi-server authentication scheme in order to solve the problem in the scheme by Li et al. Analyses show that the proposed scheme can preclude several attacks and support the revocation of anonymity to handle the malicious behavior of a legal user. Furthermore, our proposed scheme has a lower computation and communication costs, which make it is more suitable for practical applications. many pairs of identities and passwords corresponding to each server. It is very inconvenient for users. Therefore, several multi-server authentication schemes have been designed [11][12][13][14][15][16][17][18][19][20][21][22][23][24]. In a multi-server system, users only need to register with the registration center one time; then, they can access all of the services from different servers in this system. Since 2001, Li et al. [11], Lin et al.[12], Juang [13], and Chang and Lee [14] have designed different multi-server authentication mechanisms based on neural networks, discrete logarithms, or symmetric cryptosystems. However, due to high computation cost, these schemes are inefficient. Moreover, in these schemes, users' identities are static and publicly transmitted in plaintext form, which allows an attacker to potentially track a specific user. Accordingly, user privacy and location need to be protected. To achieve user anonymity, Liao and Wang [15] provided a dynamic identitybased authentication scheme for multi-server architecture. Unfortunately, Hsiang and Shih [16] found that their scheme has some security flaws and fails to provide proper mutual authentication between users and servers; consequently, they provided an improvement to enhance security. However, Yeh et al. [18] found that their method is insecure against the replay attack, the server spoofing attack, behavior denial problem, and session key disclosure; Lee et al. [19] found that their method suffers from the masquerade attack, and lack of mutual authentication; whereas Sood et al. [17] found that their method is vulnerable to the stolen smart card attack, and the impersonation attack, and has an incorrect password change procedure. In order to remedy these weaknesses, Lee et al. and Sood et al. presented improvements. In 2012, Chuang and Tseng [21] thought that most of previous schemes [15,16] cannot prevent the impersonation attack and the server sp...

show abstract

Cryptanalysis and improvement of 2 mutual authentication schemes for Session Initiation Protocol

Qiu

Guo

et al. 2018

Int J Communication

View full text Add to dashboard Cite

Summary Recently, Chaudhry et al and Kumari et al proposed an advanced mutual authentication protocol for Session Initiation Protocol on the basis of the protocol of Lu et al. The authors claimed that their schemes can be resistant to various attacks. Unfortunately, we observe some important flaws in their respective schemes. We point out that their schemes are prone to off‐line password guessing and privileged insider attacks. To remedy their protocols's drawbacks, in this paper, we present a new improved authentication scheme keeping apart the threats encountered in the design of the schemes of Chaudhry et al and Kumari et al. Furthermore, the security analysis illustrates that our proposed scheme not only removes these drawbacks in their schemes but also can resist all known attacks and provide session key security. We give a heuristic security analysis and also provide the security analysis of the proposed scheme with the help of widespread Burrows‐Abadi‐Needham Logic. Finally, our scheme is compared with the previously proposed schemes on security and performance.

show abstract

Password authentication schemes with smart cards

Cited by 270 publications

References 16 publications

An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards

An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards

A robust and efficient dynamic identity‐based multi‐server authentication scheme using smart cards

Cryptanalysis and improvement of 2 mutual authentication schemes for Session Initiation Protocol

Contact Info

Product

Resources

About