Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

Security Improvement to a Remote User Authentication Scheme for Multi-Server Environment

Multi-Server 환경에서의 사용자 인증 스킴의 안전성 향상

  • Received : 2011.08.20
  • Accepted : 2011.10.20
  • Published : 2011.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, Tsai proposed a remote user authentication scheme suited for multi-server environments, in which users can be authenticated using a single password shared with the registration center. Our analysis shows that Tsai et al's scheme does not achieve its fundamental goal of password security. We demonstrate this by mounting an undetectable on-line password guessing attack on Tsai et al.'s scheme.

Keywords

References

  1. Tsai J. -L. Efficient multi-server authentication scheme based on one-way hash function without verification table, Computers & Security 27, 2008, pp.115-121. https://doi.org/10.1016/j.cose.2008.04.001
  2. Y. Chen, C -h. Huang, J. -s. Chou, "A Novel multi-server authentication protocol", http://eprint.iacr.org/2009/176, Cryptology ePrint Archive, 2009.
  3. Chang C. and Kuo J. Y. An efficient multi-server password authenticated keys agreement scheme using smart cards with access control, IEEE Proceeding of the 19th International Conference on Advanced Information Networking and Applications 2, 2005, pp.257-260.
  4. Chang C. and Lee J. S., An efficient and secure multi-server password authentication scheme using smart cards, IEEE Proceeding of the International Conference on Cyberworlds, 2004.
  5. Juang W. S. Efficient multi-server password authenticated key agreement using smart cards, IEEE Transaction on Consumer Electronics 50(1), 2004, pp.251-255. https://doi.org/10.1109/TCE.2004.1277870
  6. Ku W. -C., Chang S. -T., and Chiang M. -H. Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture, IEICE Transactions on Communications E88-B(8), 2005, pp.3451-3454. https://doi.org/10.1093/ietcom/e88-b.8.3451
  7. Li L. -H., Lin I. -C., and Hwang M. -S. A remote password authentication scheme for multi-server architecture using neural networks, IEEE Transaction on Neural Networks 12(6), 2001, pp. 1498-1504. https://doi.org/10.1109/72.963786
  8. Lin I. -C., Hwang M. -S., and Li L. -H. A new remote user authentication scheme for multi-server internet environments, Future Generation Computer System 19, 2003, pp.13-22. https://doi.org/10.1016/S0167-739X(02)00093-6
  9. Sun H. -M. An efficient remote user authentication scheme using smart cards, IEEE Transaction on Consumer Electronics 46(4), 2000 pp.958-961. https://doi.org/10.1109/30.920446
  10. Tsuar W. -J. An enhanced user authentication scheme for multi-server internet services, Applied Mathematics and Computation 170, 2005, pp.258-266. https://doi.org/10.1016/j.amc.2004.11.033
  11. Tsuar W. -J., Wu C. -C., and Lee W. -B. A flexible user authentication for multi-server internet services, Networking-JCN 2001 LNCS 2093, 2001, pp.174-183.
  12. Tsuar W. -J., Wu C. -C., and Lee W. -B. A smart card-based remote scheme for password authentication in multi-server Internet services, Computer Standards & Interfaces 27, 2004, pp.39-51. https://doi.org/10.1016/j.csi.2004.03.004
  13. Chang C. -C. and T. -C. Wu Remote password authentication with smart cards, IEE Proceedings E -Computers and Digital Techniques 138(3), 1991, pp. 165-168.
  14. Chien H. -Y., Jan J. -K., and Tseng Y. -M. An efficient and practical solution to remote authentication: smart card, Computers & Security 21(4), 2002, pp.372-375. https://doi.org/10.1016/S0167-4048(02)00415-7
  15. Hsu C. -L. Security of Chien et al. 's remote user authentication scheme using smart cards, Computer Standards and Interfaces 26(3), 2004, pp. 167-169. https://doi.org/10.1016/S0920-5489(03)00094-1
  16. Hwang M. -S. and Li L. -H. A new remote user authentication scheme using smart cards, IEEE Transaction on Consumer Electronics 46(1), 2000, pp. 28-30. https://doi.org/10.1109/30.826377
  17. P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Advances in Cryptology-CRYPTO99, 1999, pp.388-397.
  18. M. Kim, K. Lee, S. Kim, D. Won, Efficient and Secure Authentication Scheme Preserving User Anonymity, The Korea-Society of Digital Industry& Information Management, 2010, 6(3), pp.69-77.
  19. T. S. Messergers, E. A. Dabbish, R. H. Sloan, Examining smart card security under the threat of power analysis attacks, IEEE Trans. Comput. 51(5), 2002, pp.541-552. https://doi.org/10.1109/TC.2002.1004593
  20. P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Advances in Cryptology(CRYPTO 99), 1999, pp.388-397.