Abstract
Cryptographic scheme is the safeguard for achieving secure communication in networks and distributed systems. Smart card-based password authentication has become a common authentication method to enhance the security of a system. So far, many schemes about smart card-based password authentication have been proposed for preventing various kinds of attacks. In this paper, we first analyze Sun et al.’s scheme and find out that it may be vulnerable to malicious server attack, password guessing attack, user impersonation attack. And then, we propose an enhanced remote password-authenticated key agreement scheme based on smart card to thwart the above security threats. Through the security analysis and performance comparison, our enhanced scheme is proved to be secure and efficient.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24, 770–772 (1981)
Haller, N.M.: The S/KEY one-time password system. In: Proceedings of the Internet Society Symposium on Network and Distributed Systems, pp. 151–157 (1995)
Chen, C.M., Ku, W.C.: Stolen-verifier attack on two new strong-password authentication protocol. IEICE Trans. Commun. 85, 2519–2521 (2002)
Chien, H., Jan, J., Tseng, Y.: An efficient and practical solution to remote authentication: smart card. Comput. Secur. 21(4), 372–375 (2002)
Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Further improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(2), 612–614 (2004)
Hsu, C.L.: Security of Chien et al.’s remote user authentication scheme using smart cards. Comput. Stand Interfaces 26(3), 167–169 (2004)
Lee, S.W., Kim, H.S., Yoo, K.Y.: Improvement of Chien et al.’s remote user authentication scheme using smart cards. Comput. Stand Interfaces 27(2), 181–183 (2005)
Lin, C.W., Tsai, C.S., Hwang, M.S.: A new strong-password authentication scheme using one-way hash functions. J. Comput. Syst. Sci. Int. 45(4), 623–626 (2006)
Choo, K.-K.R., Boyd, C., Hitchcock, Y.: The importance of proofs of security for key establishment protocols: formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang Yeh-Sun protocols. Comput. Commun. 29(15), 2788–2797 (2006)
Juang, W.S., Chen, S.T., Liaw, H.T.: Robust and efficient password authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 55(6), 2551–2556 (2008)
Sun, D., Huai, J., Sun, J., Li, J., Zhang, J., Feng, Z.: Improvements of Juang et al.’s password-authenticated key agreement scheme using smart card. IEEE Trans. Ind. Electron. 56(6), 2284–2291 (2009)
Shen, J., Chang, S., Shen, J., Liu, Q., Sun, X.: A lightweight multi-layer authentication protocol for wireless body area networks. Future Gener. Comput. Syst. 78, 956–963 (2016)
Sun, H.: An efficient remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 46(4), 958–961 (2000)
Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33, 1–5 (2010)
Shen, J., Shen, J., Chen, X., Huang, X., Susilo, W.: An efficient public auditing protocol with novel dynamic structure for cloud data. IEEE Trans. Inf. Forensics Secur. 12(10), 2402–2415 (2017)
Song, R.: Advanced smart card-based password authentication protocol. Comput. Stand. Interfaces 32(5), 321–325 (2010)
Das, A.K.: Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3), 541–552 (2011)
An, Y.H.: Security enhancements of smart card-based remote user password authentication scheme with session key agreement. In: International Conference on Advanced Communication Technology (2015)
Shen, J., Liu, D., Liu, Q., Sun, X., Zhang, Y.: Secure authentication in cloud big data with hierarchical attribute authorization structure. IEEE Trans. Big Data (2017). https://doi.org/10.1109/TBDATA.2017.2705048
Huang, X., Chen, X., Li, J.: Further observations on smart-card-based password-authenticated key agreement in distributed systems. IEEE Trans. Parallel Distribut. Syst. 25(7), 1767–1775 (2014)
Madhusudhan, R., Mittal, R.C.: Dynamic ID-based remote user password authentication scheme using smart cards: a review. J. Netw. Comput. Appl. 35, 1235–1248 (2012)
Xie, Q., Zhao, J., Yu, X.: Chaotic maps-based three-party password-authenticated key agreement scheme. Nonlinear Dyn. 74(4), 1021–1027 (2013)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. Tecnologia Electronica E Informatica, 139–155 (2000)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining SmartCard security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)
Li, X., Niu, J., Khan, M.K.: An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5), 1365–1371 (2013)
Shen, J., Zhou, T., He, D., Zhang, Y., Sun, X., Xiang, Y.: Block design-based key agreement for group data sharing in cloud computing. IEEE Trans. Dependable Secure Comput. (2017). https://doi.org/10.1109/TDSC.2017.2725953
Zhang, L., Tang, S., Cai, Z.: Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int. J. Commun. Syst. 27(11), 2691–2702 (2015)
Jiang, Q., Ma, J., Tian, Y.: Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. Int. J. Commun. Syst. 28(7), 1340–1351 (2015)
Odelu, V., Das, A.K., Goswami, A.: An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card. J. Inf. Secur. Appl. 21(C), 1–19 (2015)
Wang, D., Wang, P.: Two-factor authentication with security beyond conventional bound. IEEE Trans. Dependable Secure Comput. (2016). https://doi.org/10.1109/TDSC.2016.2605087
Wang, D., He, D., Wang, P., Chu, C.H.: Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4), 228–442 (2015)
Jiang, Q., Wei, F., Ma, J., Li, G.: Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83, 2085–2011 (2016)
Chaturvedi, A., Das, A.K., Mishra, D.: Design of a secure smart card-based multi-server authentication scheme. J. Inf. Secur. Appl. 30, 64–80 (2016)
Acknowledgment
This work is supported by the National Science Foundation of China under Grant No. 61672295, No. 61672290 and No. U1405254, the State Key Laboratory of Information Security under Grant No. 2017-MS-10, the 2015 Project of six personnel in Jiangsu Province under Grant No. R2015L06, the CICAEET fund, and the PAPD fund.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Shen, J., Feng, M., Liu, D., Wang, C., Jiang, J., Sun, X. (2017). Enhanced Remote Password-Authenticated Key Agreement Based on Smart Card Supporting Password Changing. In: Liu, J., Samarati, P. (eds) Information Security Practice and Experience. ISPEC 2017. Lecture Notes in Computer Science(), vol 10701. Springer, Cham. https://doi.org/10.1007/978-3-319-72359-4_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-72359-4_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72358-7
Online ISBN: 978-3-319-72359-4
eBook Packages: Computer ScienceComputer Science (R0)