Robust smart‐card‐based remote user password authentication scheme

Chen, Bae-Ling; Kuo, Way; Wuu, Lih‐Chyau

doi:10.1002/dac.2368

Cited by 155 publications

(169 citation statements)

References 15 publications

Supporting

Mentioning

168

Contrasting

Order By: Relevance

“…This work was an improvement over another such scheme by Chen et al [5]. We observe, that the clogging attack performed on the current protocol under consideration can also be performed on both the protocols [2] and [5]. Both the protocols are vulnerable because, the users smart card does not encrypt the message it sends over to the server for login and authentication.…”

Section: Clogging Attack Performed On Other Similar Schemesmentioning

confidence: 83%

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Talluri

Roy

2014

Advanced Computing, Networking and Informatics- Volume 2

View full text Add to dashboard Cite

Abstract. In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Jiang et al., is a password-based authentication scheme 1 which does not use smart cards. We note that this scheme is an improvement over Chen et al.'s scheme shown vulnerable to the off-line dictionary attack by Jiang et al. We perform a cryptanalysis on Jiang at al.'s improved protocol and observe that it is prone to the clogging attack, a kind of denial of service (DoS) attack. We then suggest an improvement on the protocol to prevent the clogging attack. The other protocol we consider for analysis is by Wang et al. This is a smart card based authentication protocol. We again perform the clogging (DoS) attack on this protocol via replay. We observe that all smart card based authentication protocols which precede the one by Wang et al., and require the server to compute the computationally intensive modular exponentiation are prone to the clogging attack. We suggest (another) improvement on the protocol to prevent the clogging attack, which also applies to the protocol by Jiang et. al.

show abstract

Section: Clogging Attack Performed On Other Similar Schemesmentioning

confidence: 83%

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Talluri

Roy

2014

Advanced Computing, Networking and Informatics- Volume 2

View full text Add to dashboard Cite

show abstract

“…If there are hundreds of thousands of people in a wireless network environment, and each person's session key is different, managing the keys is not trivial. Table 2 shows a detailed description of the weaknesses of Li's scheme [18]. Table 2.…”

Section: Weaknesses Of Li's Schemementioning

confidence: 99%

A Novel Mobile Communications Authentication Scheme with Roaming Service and User Anonymity

2016

Self Cite

View full text Add to dashboard Cite

Many novel, effective, and efficient applications and networking services are being developed for the Social Internet of Things. Recently, Li proposed a more secure and efficient authentication scheme with roaming service and user anonymity for mobile communications. The security analysis and discussion of the agreement phase is sufficiently safe; however, an attacker can intercept the identity of a mobile user's home agent in the authentication phase. By using this information, the attacker can mount distributed denial-of-service attacks in the roaming phase through replay attacks targeting the network's foreign agent and mobile user's home agent by using their corresponding session keys. Li's method also has some shortcomings regarding anonymity that we aim to address. To overcome these issues, this study proposes an elliptic curve-based wireless roaming anonymous login method for the authentication phase. The problems faced in the roaming phase are resolved, and this approach provides balanced session key computation between senders and receivers. Burrows-Abadi-Needham logic (BAN-logic) is used to verify the security of the proposed scheme. The proposed scheme affords good security, efficiency, and integrity and maintains anonymity.

show abstract

“…Sandeep et al [32], in the same year, also proved that Xu et al 's scheme is not resistant to impersonation attack and offline dictionary attack and then devised a new enhanced one. Shortly after, however, Chen et al [33] found that both the schemes of Song and Stood et al are not secure: the scheme of Song cannot be resistant to smart card loss attack and offline dictionary attack; the scheme of Stood et al fails to achieve mutual authentication. So Chen et al designed an enhanced remote user authentication scheme.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Wang¹,

Xu²

2017

Security and Communication Networks

View full text Add to dashboard Cite

Remote user authentication is the first step to guarantee the security of online services. Online services grow rapidly and numerous remote user authentication schemes were proposed with high capability and efficiency. Recently, there are three new improved remote user authentication schemes which claim to be resistant to various attacks. Unfortunately, according to our analysis, these schemes all fail to achieve some critical security goals. This paper demonstrates that they all suffer from offline dictionary attack or fail to achieve forward secrecy and user anonymity. It is worth mentioning that we divide offline dictionary attacks into two categories: (1) the ones using the verification from smart cards and (2) the ones using the verification from the open channel. The second is more complicated and intractable than the first type. Such distinction benefits the exploration of better design principles. We also discuss some practical solutions to the two kinds of attacks, respectively. Furthermore, we proposed a reference model to deal with the first kind of attack and proved its effectiveness by taking one of our cryptanalysis schemes as an example.

show abstract

Robust smart‐card‐based remote user password authentication scheme

Cited by 155 publications

References 15 publications

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols

A Novel Mobile Communications Authentication Scheme with Roaming Service and User Anonymity

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Contact Info

Product

Resources

About