Research on User Authentication Scheme against the Man-in-the-Middle Attack

  • Xiancun Zhou
  • Yan Xiong
  • Renjin Liu
Part of the Communications in Computer and Information Science book series (CCIS, volume 308)


It is provided that a security analysis on Liaw-Lin-Wu’s remote user authentication scheme. Our analysis shows the scheme is vulnerable to Man-in-the-middle attack. What’s more, there are obvious security vulnerabilities in it. An improved remote user authentication scheme based on Diffie-Hellman key exchange protocol is proposed. Analysis shows the scheme is secure not only to achieve mutual authentication, but also to generate a session key in the same time. It has overcome security deficiencies of Liaw-Lin-Wu’s scheme. It is efficient and practical.


User Authentication Smart Card Man-in-the-middle Attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Diffie, W., Hellman, M.: New Directionsin Cryptography. IEEE Trans. on Inf. Theory 22(6), 644–654 (1976)MathSciNetzbMATHCrossRefGoogle Scholar
  2. 2.
    Lamport, L.: Password Authentication with Insecure Communication. Comm. of the ACM 24, 770–772 (1981)CrossRefGoogle Scholar
  3. 3.
    Sun, H.M.: An Efficient Remote User Authentication Scheme Using Smart Cards. IEEE Trans. on Consumer Electronics 46(4), 958–961 (2000)CrossRefGoogle Scholar
  4. 4.
    Chien, L.H.: Security of Two Remote User Authentication Schemes Using Smart Cards. IEEE Trans. on Consumer Electronics 49(4), 1196–1198 (2003)CrossRefGoogle Scholar
  5. 5.
    Chien, H.Y., Jan, J.K., Tseng, Y.M.: An Efficient and Practical Solution to Remote Authentication: Smart Card. Computers and Security 21(4), 372–375 (2002)CrossRefGoogle Scholar
  6. 6.
    Wu, S.T., Chieu, B.C.: A User Friendly Remote Authentication Scheme with Smart Cards. Computers & Security 22(6), 547–550 (2003)CrossRefGoogle Scholar
  7. 7.
    Wu, S.T., Chieu, B.C.: A Note on A User Friendly Remote Authentication Scheme with Smart Cards. IEICE Trans. Fund. E87-A(8), 2180–2181 (2004)Google Scholar
  8. 8.
    Lee, C.C., Lin, C.H., Chang, C.C.: An Improved Low Computation Cost User Authentication Scheme for Mobile Communication. In: Proc. 19th Advanced Information Networking and Applications (IEEE AINA 2005), vol. 2, pp. 249–252 (2005)Google Scholar
  9. 9.
    Yoon, E.-J., Yoo, K.-Y.: New Authentication Scheme Based on a One-Way Hash Function and Diffie-Hellman Key Exchange. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 147–160. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Liaw, H.T., Lin, J.F., Wu, W.C.: An efficient and complete remote user authentication scheme using smart cards. Math. Comput. Model 44(1-2), 223–228 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  11. 11.
    Chae, K.S.C., Kim, D.H., Choi, J.D.C., Jung, S.W.: Security Analysis and Improvement of Authtication Scheme Based on a One-way Hash Function and Diffie-Hellman Key Exchange Using Smart Card. Journal of Measurement Science and Instrumentation 1(4), 360–363 (2010)Google Scholar
  12. 12.
    Tan, Z.W.: Analysis and Improvement of a User Authentication Improved Protocol. Journal of Networks 5(5), 622–629 (2010)CrossRefGoogle Scholar
  13. 13.
    Liao, C.H., Chen, H.C., Wang, C.T.: An Exquisite Mutual Authentication Scheme with Key Agreement Using Smart Card. Informatica 33, 125–132 (2009)MathSciNetGoogle Scholar
  14. 14.
    Li, C.T., Hwang, M.S.: An Efficient Biometrics-based Remote User Authentication Scheme Using Smart Cards. Journal of Network and Computer Applications 33(1), 1–5 (2010)CrossRefGoogle Scholar
  15. 15.
    He, D.J., Ma, M.D., Zhang, Y., et al.: A Strong User Authentication Scheme with Smart Cards for Wireless Communications. Computer Communications 34(3), 367–374 (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Xiancun Zhou
    • 1
  • Yan Xiong
    • 2
  • Renjin Liu
    • 1
  1. 1.Department of Information and EngineeringWest Anhui UniversityLu’anChina
  2. 2.School of Computer ScienceUniversity of Science and Technology of ChinaHefeiChina

Personalised recommendations