Two Robust Remote User Authentication Protocols Using Smart Cards

Publication Type

Journal Article

Publication Date

2010

Abstract

With the rapid growth of electronic commerce and enormous demand from variants of Internet based applications, strong privacy protection and robust system security have become essential requirements for an authentication scheme or universal access control mechanism. In order to reduce implementation complexity and achieve computation efficiency, design issues for efficient and secure password based remote user authentication scheme have been extensively investigated by research community in these two decades. Recently, two well-designed password based authentication schemes using smart cards are introduced by Hsiang and Shih (2009) and Wang et al. (2009), respectively. Hsiang et al. proposed a static ID based authentication protocol and Wang et al. presented a dynamic ID based authentication scheme. The authors of both schemes claimed that their protocol delivers important security features and system functionalities, such as mutual authentication, data security, no verification table implementation, freedom on password selection, resistance against ID-theft attack, replay attack and insider attack, as well as computation efficiency. However, these two schemes still have much space for security enhancement. In this paper, we first demonstrate a series of vulnerabilities on these two schemes. Then, two enhanced protocols with corresponding remedies are proposed to eliminate all identified security flaws in both schemes.

Keywords

Authentication, Cryptanalysis, Security, Smart card

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

Journal of Systems and Software

Volume

83

Issue

12

First Page

2556

Last Page

2565

ISSN

0164-1212

Identifier

10.1016/j.jss.2010.07.062

Publisher

Elsevier

Additional URL

http://dx.doi.org/10.1016/j.jss.2010.07.062

Link to Full Text

Share

COinS