Advertisement

AUTHHOTP - HOTP Based Authentication Scheme over Home Network Environment

  • Hyun Jung Kim
  • Hyun Sung Kim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6784)

Abstract

With the rapid growth of Internet users and wireless applications, interests on home networks have been enormously increased in recent years. For digital home networks, robust security services including remote user authentication have become essential requirements. In order to reduce implementation complexity and achieve computation efficiency, design issues for efficient and secure password based remote user authentication scheme have been extensively investigated b research community in these decades. Recently, Vaidya et al. proposes a robust one time password authentication scheme using smart card for home network environment. The authors claimed that their scheme delivers important security features and system functionalities, such as mutual authentication, no verification table, no time synchronization, resistance against password guessing attacks, smart card loss attacks, forward secrecy with lost smart card and forged user attacks, as well as computation efficiency. However, we first demonstrate two vulnerabilities on the scheme. Then, we propose an improved scheme to eliminate all identified security flaws in the scheme.

Keywords

Smart Card Authentication Scheme Home Network Replay Attack Forward Secrecy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Weiser, M.: The computer for the twenty-first century. Scientific American, 94–100 (1991)Google Scholar
  2. 2.
    Kim, G.W., Lee, D.G., Han, J.W., Kim, S.C., Kim, S.W.: Security framework for home network: Authentication, authorization, and security policy. In: Washio, T., Zhou, Z.-H., Huang, J.Z., Hu, X., Li, J., Xie, C., He, J., Zou, D., Li, K.-C., Freire, M.M. (eds.) PAKDD 2007. LNCS (LNAI), vol. 4819, pp. 621–628. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Ellision, C.M.: Interoperable home infrastructure home network security. Intel Technology Journal 6, 37–48 (2002)Google Scholar
  4. 4.
    Jeong, J.P., Chung, M.Y., Choo, H.S.: Secure user authentication mechanism in digital home network environments. In: Sha, E., Han, S.-K., Xu, C.-Z., Kim, M.-H., Yang, L.T., Xiao, B. (eds.) EUC 2006. LNCS, vol. 4096, pp. 345–354. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Goyala, V., Kumara, V., Singha, M., Abrahamb, A., Sanyalc, S.: A new protocol to counter online dictionary attacks. Computers & Security 25, 114–120 (2006)CrossRefGoogle Scholar
  6. 6.
    Jiang, Z.J., Kim, S.O., Lee, K.H., Bae, H.C., Kim, S.W.: Security service framework for home network. In: Proceedings of the Fourth Annual ACIS International Conference on Computer and Information Science 2005, pp. 233–238 (2005)Google Scholar
  7. 7.
    Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)CrossRefGoogle Scholar
  8. 8.
    Yeh, T.C., Shen, H.Y., Hwang, J.J.: “A secure one-time password authentication scheme using smart cards. IEICE Transactions on Communications E85-B(11), 2515–2518 (2002)Google Scholar
  9. 9.
    Tsuji, T., Shimizu, A.: One-time password authentication protocol against theft attacks. IEICE Transactions on Communications E87-B(3), 523–529 (2004)Google Scholar
  10. 10.
    Lee, S.W., Kim, H.S., Yoo, K.Y.: Improved efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(2), 565–567 (2004)CrossRefGoogle Scholar
  11. 11.
    Yoon, E.J., Ryu, E.K., Yoo, K.Y.: An improvement of Hwang-Lee-Tang’s simple remote user authentication schemes. Computers & Security 24, 50–56 (2005)CrossRefGoogle Scholar
  12. 12.
    Hsing, H.S., Shin, W.K.: “Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication using smart cards. Computer Communications 32, 649–652 (2009)CrossRefGoogle Scholar
  13. 13.
    Jeong, J., Chung, M.Y., Choo, H.: Integrated OTP-based user authentication scheme using smart cards in home networks. In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences (2008)Google Scholar
  14. 14.
    Kim, S.K., Chung, M.G.: More secure remote user authentication scheme. Computer Communications 32, 1018–1021 (2009)CrossRefGoogle Scholar
  15. 15.
    Yoon, E.J., Yoo, K.Y.: More efficient and secure remote user authentication scheme with smart cards. In: Proceedings of 11th International Conference on Parallel and Distributed System, vol. 2, pp. 73–77 (2005)Google Scholar
  16. 16.
    Vaidya, B., Park, J.H., Yeo, S.S., Rodrigues, J.J.P.C.: Robust one-time password authentication scheme using smart card for home network environment. Computer Communications 34, 326–336 (2011)CrossRefGoogle Scholar
  17. 17.
    Kocher, P., Jaffe, J., Jun, B.B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  18. 18.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computer 51(5), 541–552 (2002)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Hyun Jung Kim
    • 1
  • Hyun Sung Kim
    • 1
  1. 1.School of Computer EngineeringKyungil UniversityKyungsansiKorea

Personalised recommendations