Two Robust Remote User Authentication Protocols Using Smart Cards

With the rapid growth of electronic commerce and enormous demand from variants of Internet based applications, strong privacy protection and robust system security have become essential requirements for an authentication scheme or universal access control mechanism. In order to reduce implementation...

Full description

Saved in:
Bibliographic Details
Main Authors: YEH, Kuo-Hui, Su, Chunhua, LO, Nai-Wei, LI, Yingjiu, Hung, Yi-Xiang
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2010
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/1323
http://dx.doi.org/10.1016/j.jss.2010.07.062
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-2322
record_format dspace
spelling sg-smu-ink.sis_research-23222011-02-22T01:30:19Z Two Robust Remote User Authentication Protocols Using Smart Cards YEH, Kuo-Hui Su, Chunhua LO, Nai-Wei LI, Yingjiu Hung, Yi-Xiang With the rapid growth of electronic commerce and enormous demand from variants of Internet based applications, strong privacy protection and robust system security have become essential requirements for an authentication scheme or universal access control mechanism. In order to reduce implementation complexity and achieve computation efficiency, design issues for efficient and secure password based remote user authentication scheme have been extensively investigated by research community in these two decades. Recently, two well-designed password based authentication schemes using smart cards are introduced by Hsiang and Shih (2009) and Wang et al. (2009), respectively. Hsiang et al. proposed a static ID based authentication protocol and Wang et al. presented a dynamic ID based authentication scheme. The authors of both schemes claimed that their protocol delivers important security features and system functionalities, such as mutual authentication, data security, no verification table implementation, freedom on password selection, resistance against ID-theft attack, replay attack and insider attack, as well as computation efficiency. However, these two schemes still have much space for security enhancement. In this paper, we first demonstrate a series of vulnerabilities on these two schemes. Then, two enhanced protocols with corresponding remedies are proposed to eliminate all identified security flaws in both schemes. 2010-01-01T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/1323 info:doi/10.1016/j.jss.2010.07.062 http://dx.doi.org/10.1016/j.jss.2010.07.062 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Authentication Cryptanalysis Security Smart card Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Authentication
Cryptanalysis
Security
Smart card
Information Security
spellingShingle Authentication
Cryptanalysis
Security
Smart card
Information Security
YEH, Kuo-Hui
Su, Chunhua
LO, Nai-Wei
LI, Yingjiu
Hung, Yi-Xiang
Two Robust Remote User Authentication Protocols Using Smart Cards
description With the rapid growth of electronic commerce and enormous demand from variants of Internet based applications, strong privacy protection and robust system security have become essential requirements for an authentication scheme or universal access control mechanism. In order to reduce implementation complexity and achieve computation efficiency, design issues for efficient and secure password based remote user authentication scheme have been extensively investigated by research community in these two decades. Recently, two well-designed password based authentication schemes using smart cards are introduced by Hsiang and Shih (2009) and Wang et al. (2009), respectively. Hsiang et al. proposed a static ID based authentication protocol and Wang et al. presented a dynamic ID based authentication scheme. The authors of both schemes claimed that their protocol delivers important security features and system functionalities, such as mutual authentication, data security, no verification table implementation, freedom on password selection, resistance against ID-theft attack, replay attack and insider attack, as well as computation efficiency. However, these two schemes still have much space for security enhancement. In this paper, we first demonstrate a series of vulnerabilities on these two schemes. Then, two enhanced protocols with corresponding remedies are proposed to eliminate all identified security flaws in both schemes.
format text
author YEH, Kuo-Hui
Su, Chunhua
LO, Nai-Wei
LI, Yingjiu
Hung, Yi-Xiang
author_facet YEH, Kuo-Hui
Su, Chunhua
LO, Nai-Wei
LI, Yingjiu
Hung, Yi-Xiang
author_sort YEH, Kuo-Hui
title Two Robust Remote User Authentication Protocols Using Smart Cards
title_short Two Robust Remote User Authentication Protocols Using Smart Cards
title_full Two Robust Remote User Authentication Protocols Using Smart Cards
title_fullStr Two Robust Remote User Authentication Protocols Using Smart Cards
title_full_unstemmed Two Robust Remote User Authentication Protocols Using Smart Cards
title_sort two robust remote user authentication protocols using smart cards
publisher Institutional Knowledge at Singapore Management University
publishDate 2010
url https://ink.library.smu.edu.sg/sis_research/1323
http://dx.doi.org/10.1016/j.jss.2010.07.062
_version_ 1770570966166929408