Abstract
In 2004, Wu-Chieu proposed improvements to their original authentication scheme in order to strengthen it to withstand impersonation attacks. In 2005, Lee-Lin-Chang proposed improvements on Wu-Chieu’s original scheme so that not only could it withstand a forgery attack, but it required less computational costs and it was suitable for mobile communication. The current paper, however, demonstrates that Wu-Chieu’s improved scheme is vulnerable to an off-line password guessing attack and an impersonation attack by the use of a stolen smart card. Also, we demonstrates that Lee-Lin-Chang’s scheme is vulnerable to a forgery attack. Furthermore, we present a new authentication scheme based on a one-way hash function and Diffie-Hellman key exchange in order to isolate such problems and to provide mutual authentication between the user and the remote system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Peyret, P., Lisimaque, G., Chua, T.Y.: Smart Cards Provide Very High Security and Flexibility in Subscribers Management. IEEE Transactions on Consumer Electronics 36(3), 744–752 (1990)
Sternglass, D.: The Future Is in the PC Cards. IEEE Spectrum 29(6), 46–50 (1992)
Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)
Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme Using Smart Cards. IEEE Trans. on Consumer Electronics. 46(1), 28–30 (2000)
Sun, H.M.: An Efficient Remote User Authentication Scheme Using Smart Cards. IEEE Trans. on Consumer Electronics. 46(4), 414–416 (2000)
Wu, S.T., Chieu, B.C.: A User Friendly Remote Authentication Scheme with Smart Cards. Computers & Security 22(6), 547–550 (2003)
Wu, S.T., Chieu, B.C.: A Note on A User Friendly Remote Authentication Scheme with Smart Cards. IEICE Trans. Fund. E87-A(8), 2180–2181 (2004)
Yang, C.C., Wang, R.C.: Cryptanalysis of A User Friendly Remote Authentication Scheme with Smart Cards. Computers & Security 23(5), 425–427 (2004)
Lee, C.C., Lin, C.H., Chang, C.C.: An Improved Low Computation Cost User Authentication Scheme for Mobile Communication. In: Proc. 19th Advanced Information Networking and Applications (IEEE AINA 2005), vol. 2, pp. 249–252 (2005)
Ding, Y., Horster, P.: Undetectable On-line Password Guessing Attacks. ACM Operating Systems Review 29(4), 77–86 (1995)
Needham, R.M., Schroeder, M.D.: Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM 21(12), 993–999 (1978)
Menezes, A.J., Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptograph. CRC Press, New York (1997)
Ryu, E.K., Kim, K.W., Yoo, K.Y.: A Promising Key Agreement Protocol. In: Ibaraki, T., Katoh, N., Ono, H. (eds.) ISAAC 2003. LNCS, vol. 2906, pp. 655–662. Springer, Heidelberg (2003)
Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Trans. Inf. Theory IT-22(6), 644–654 (1976)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yoon, EJ., Yoo, KY. (2005). New Authentication Scheme Based on a One-Way Hash Function and Diffie-Hellman Key Exchange. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds) Cryptology and Network Security. CANS 2005. Lecture Notes in Computer Science, vol 3810. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599371_13
Download citation
DOI: https://doi.org/10.1007/11599371_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30849-2
Online ISBN: 978-3-540-32298-6
eBook Packages: Computer ScienceComputer Science (R0)