Advertisement

Security Vulnerabilities of User Authentication Scheme Using Smart Card

  • Ravi Singh Pippal
  • Jaidhar C.D.
  • Shashikala Tapaswi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7371)

Abstract

With the exponential growth of Internet users, various business transactions take place over an insecure channel. To secure these transactions, authentication is the primary step that needs to be passed. To overcome the problems associated with traditional password based authentication methods, smart card authentication schemes have been widely used. However, most of these schemes are vulnerable to one or the other possible attack. Recently, Yang, Jiang and Yang proposed RSA based smart card authentication scheme. They claimed that their scheme provides security against replay attack, password guessing attack, insider attack and impersonation attack. This paper demonstrates that Yang et al.’s scheme is vulnerable to impersonation attack and fails to provide essential features to satisfy the needs of a user. Further, comparative study of existing schemes is also presented on the basis of various security features provided and vulnerabilities present in these schemes.

Keywords

Authentication Cryptanalysis Impersonation Password Smart card 

References

  1. 1.
    Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24, 770–772 (1981)CrossRefGoogle Scholar
  2. 2.
    Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46, 28–30 (2000)CrossRefGoogle Scholar
  3. 3.
    Chan, C.K., Cheng, L.M.: Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46, 992–993 (2000)CrossRefGoogle Scholar
  4. 4.
    Sun, H.M.: An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46, 958–961 (2000)CrossRefGoogle Scholar
  5. 5.
    Hsu, C.L.: Security of two remote user authentication schemes using smart cards. IEEE Transactions on Consumer Electronics 49, 1196–1198 (2003)CrossRefGoogle Scholar
  6. 6.
    Chien, H.Y., Jan, J.K., Tseng, Y.M.: An efficient and practical solution to remote authentication: smart card. Computers and Security 21, 372–375 (2002)CrossRefGoogle Scholar
  7. 7.
    Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50, 204–207 (2004)CrossRefGoogle Scholar
  8. 8.
    Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50, 612–614 (2004)CrossRefGoogle Scholar
  9. 9.
    Wang, X.M., Zhang, W.F., Zhang, J.S., Khan, M.K.: Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Standards and Interfaces 29, 507–512 (2007)CrossRefGoogle Scholar
  10. 10.
    Yoon, E.J., Lee, E.J., Yoo, K.Y.: Cryptanalysis of Wang et al.’s remote user authentication scheme using smart cards. In: 5th International Conference on Information Technology: New Generations, Las Vegas, USA, pp. 575–580 (2008)Google Scholar
  11. 11.
    Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 50, 629–631 (2004)CrossRefGoogle Scholar
  12. 12.
    Liao, I.E., Lee, C.C., Hwang, M.S.: Security enhancement for a dynamic ID-based remote user authentication scheme. In: International Conference on Next Generation Web Services Practices, Seoul, Korea, pp. 437–440 (2005)Google Scholar
  13. 13.
    Wang, Y.Y., Liu, J.Y., Xiao, F.X., Dan, J.: A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 32, 583–585 (2009)CrossRefGoogle Scholar
  14. 14.
    Ahmed, M.A., Lakshmi, D.R., Sattar, S.A.: Cryptanalysis of a more efficient and secure dynamic id-based remote user authentication scheme. International Journal of Network Security and its Applications 1, 32–37 (2009)Google Scholar
  15. 15.
    Hao, Z., Yu, N.: A security enhanced remote password authentication scheme using smart card. In: 2nd International Symposium on Data, Privacy and E-Commerce, Buffalo, USA, pp. 56–60 (2010)Google Scholar
  16. 16.
    Zhang, H., Li, M.: Security vulnerabilities of an remote password authentication scheme with smart card. In: 2011 International Conference on Consumer Electronics, Communications and Networks, XianNing, China, pp. 698–701 (2011)Google Scholar
  17. 17.
    Song, R.: Advanced smart card based password authentication protocol. Computer Standards and Interfaces 32, 321–325 (2010)CrossRefGoogle Scholar
  18. 18.
    Pippal, R.S., Jaidhar, C.D., Tapaswi, S.: Comments on symmetric key encryption based smart card authentication scheme. In: 2nd International Conference on Computer Technology and Development, Cairo, Egypt, pp. 482–484 (2010)Google Scholar
  19. 19.
    Horng, W.B., Lee, C.P., Peng, J.W.: Security weaknesses of Song’s advanced smart card based password authentication protocol. In: 2010 IEEE International Conference on Progress in Informatics and Computing, Shanghai, China, pp. 477–480 (2010)Google Scholar
  20. 20.
    Yang, C., Jiang, Z., Yang, J.: Novel access control scheme with user authentication using smart cards. In: 3rd International Joint Conference on Computational Science and Optimization, Huangshan, China, pp. 387–389 (2010)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Ravi Singh Pippal
    • 1
  • Jaidhar C.D.
    • 2
  • Shashikala Tapaswi
    • 1
  1. 1.ABV-Indian Institute of Information Technology and ManagementGwaliorIndia
  2. 2.Defence Institute of Advanced TechnologyGirinagarIndia

Personalised recommendations