此页面上的内容需要较新版本的 Adobe Flash Player。

获取 Adobe Flash Player

Security Analysis and Improvement of Authentication Sche me Based on a One-way Hash Function and Diffie-Hellman Key Exchange Using Smart Card

Kang-seok CHAE, Dai-hoon KIM, Jae-duck CHOI,Souh-wan JUNG

 

School of Electronic Engineering, Soongsil University, Seoul 156 -743, Korea

 

Abstract-A new authentication scheme based on a one-way hash  function and Diffie-Hellman key exchange using smart card was proposed by Yoon  et al. in 2005. They claimed that the proposed protocol is against password gues sing attack. In this paper, the author demonstrate that Yoon′s scheme is vulner able to the off-line password guessing attack by using a stolen smart card and  the DoS attack by computational load at the remote system. An improvement of Yoo n′s scheme to resist the above attacks is also proposed.

 

Key words-authentication; guessing attack; Diffie-Hell man; smart card

 

Manuscript Number: 1674-8042(2010)04-0360-04

 

dio: 10.3969/j.issn.1674-8042.2010.04.13

 

References

 

[1]M. S. Hwang, L. H Li, 2000. A new remote user authentication scheme  using smart cards. IEEE Trans. Consum. Electron.,46(1): 28-3 0.

[2]H. M. Sun, 2000. An efficient remote user authentication scheme usin g smart cards. IEEE Trans. Consum. Electron.,46(4): 958-961.

[3]S. T. Wu, B. C. Chieu, 2003. A user friendly remote authentication w ith smart cards. Comput. Secur., 22(6): 547-550.

[4]S. T. Wu, B. C. Chieu, 2004. A note on a user friendly remote authen tication scheme with smart cards. IEICE Trans. Fund., E87-A( 8): 2180-2181.

[5]W. C. Ku, H. M. Chuang, M. J. Tsaur, 2005. Vulnerabilities of Wu-Ch ieu′s improved password authentication scheme using smart cards. IEIC E Trans. Fundamentals, E88-A(11): 3241-3243.

[6]E. J. Yoon, K. Y. Yoo, 2005. New authentication scheme based on a on e-way hash function and diffie-hellman key exchange. CANS 2005, LNCS, p. 147- 160.

[7]D. Z. Sun, J. D. Zhong, Y. Sun, 2005. Weakness and improvement of Wa ng-Li-Tie′s user-friendly remote authentication scheme. Appl. Math . Comput., 170: 1185-1193.

[8]I. E. Liao, C. C. Lee, M. S. Hwang, 2006. A password authentication  scheme over insecure networks. J. Comput. Syst. Sci., 72(4):  727-740.

[9]W. Diffie, M. Hellman, 1976. New directions in cryptography. IEEE Trans. Inf. Theory, 22(6): 644-654.

[10]H. T. Liaw, J. F. Lin, W. C. Wu, 2006. An efficient and complete re mote user authentication scheme using smart cards. Math. Comput. Model ., 44(1-2): 223-228.

[11]T. S. Messerges, E. A. Dabbish, R. H. Sloan, 2002. Examining smart -card security under the threat of power analysis attacks. IEEE Trans . Commun., 51(5): 541-552.
 

[full text view]