Advertisement

On the Secure Design of Hash-Based Authenticator in the Smartcard Authentication System

  • Jin Wook ByunEmail author
Article

Abstract

Most practical authentication systems employ an hash-based authenticator for mutual authentication. Usually a hash-based authenticator consists of a cryptographic-secure hash function that takes input of a shared key and common exchanged values between participants. Recently, in IEEE transaction on industrial informatics, Tsai et al. have presented a novel anonymous hash-based authentication system with provable security. Very recently, however, it has been demonstrated that Tsai et al.’s protocol has not been secure in view of provable security due to an inappropriate design of input for hash-based authenticator. Its countermeasure has been briefly sketched but it hasn’t presented a definite protocol with provable security. In this paper, first of all, we redesign Tsai et al.’s authentication protocol to be secure against session key security and present a new anonymous and authentication protocol with provable security guaranteeing both for session key security and anonymity. It is more simple and efficient than the previous results.

Keywords

Authentication Wireless security Redesign of protocol Password-based authentication 

List of Symbols

\({{\mathcal {I}}}{{\mathcal {D}}}\)

A set of identifiers in the system

\(\hbox {ID}_i\)

An identifier of user i

\(h,h_1,h_2\)

Cryptographic hash functions

sk

An agreed session key

\(\oplus\)

Exclusive OR operation

\(|{\mathcal {D}}|\)

The size of password

||

Message concatenation

\(\textsf {BPR}\)

The security model suggested by Bellare, Pointcheval and Rogaway

\(\textsf {TLW}\)

The authentication protocol suggested by Tsai, Lo, and Wu

\(\textsf {MRT}\)

The minimum running time

Notes

Acknowledgements

This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education (NRF-2017R1D1A1B03032424).

References

  1. 1.
    Bellare, M., Pointcheval, D., & Rogaway, P. (2000). Authentincated key exchange secure against dictionaray attacks. In Proceedings of Eurocrypt, LNCS (pp. 139–155).Google Scholar
  2. 2.
    Byun, J. W. (2016). A brief consideration on the security of hash-based authenticator. Journal of the Korea Institute of Information Security and Cryptology, 26(3), 609–612.CrossRefGoogle Scholar
  3. 3.
    Byun, J. W. (2015). Privacy preserving smartcard-based authentication system with provable security. Security and Communication Networks, 8(17), 3028–3044.CrossRefGoogle Scholar
  4. 4.
    Horng, W. -B., Lee, C. -P., & Peng, J. -W. (2010). Security weakness of song’s advanced smart card based password authentication protocol. In Proceedings of the 2010 IEEE International Conference on Progress in Informatics and Computing (pp. 477–480).Google Scholar
  5. 5.
    Juang, W. S., Chen, S. T., & Liau, H. T. (2008). Robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 55(6), 2552–2556.CrossRefGoogle Scholar
  6. 6.
    Lee, N. Y., & Chiu, Y. C. (2005). Improve remote authentication of Chien et al’.s remote user authentication scheem using smart cards. Computer Standards and Interfaces, 27(2), 177–180.CrossRefGoogle Scholar
  7. 7.
    Lee, S. W., Kim, H. S., & Yoo, K. Y. (2005). Improvement of Chien et al’.s remote user authentication scheme using smart cards. Computer Standards and Interfaces, 27(2), 181–183.CrossRefGoogle Scholar
  8. 8.
    Li, X., Qiu, W., Zheng, D., Chen, K., & Li, J. (2010). Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 57(2), 793–800.CrossRefGoogle Scholar
  9. 9.
    Shoup, V. (2004). Sequences of games: a tool for taming complexity in security proofs. In IACR eprint 2004/332.Google Scholar
  10. 10.
    Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards and interfaces, 32(5–6), 321–325.CrossRefGoogle Scholar
  11. 11.
    Sun, D. Z., Huai, J. P., Sun, J. Z., Zhang, J. W., & Feng, Z. Y. (2009). Improvements of Juang et al’.s password-authenticated key agreement scheme using smart cards. IEEE Transaction Industrial Electronics, 56(6), 2284–2291.CrossRefGoogle Scholar
  12. 12.
    Tapiador, J. E., Hernandez-Cstro, J. C., Peris-Lopez, P., Clark, J. A. (2010). Cryptanalysis of Song’s advanced smart card based password authentication protcol. Unpublished manuscript, http://www-users.cs.york.ac.uk/jet/papers.html
  13. 13.
    Tsai, J.-L., Lo, N.-W., & Txong-Chen, W. (2012). Novel anonymous authentication scheme using smart cards. IEEE Transaction on Industrial Informatics, 9(4), 2004–2013.CrossRefGoogle Scholar
  14. 14.
    Xu, J., Zhu, W.-T., & Feng, D.-G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Information and CommunicationPyeongtaek UniversityPyeongtaek-siRepublic of Korea

Personalised recommendations