Security Enhancements of an Improved Timestamp-Based Remote User Authentication Scheme

  • Younghwa An
Part of the Communications in Computer and Information Science book series (CCIS, volume 339)


Password-based authentication schemes have been widely adopted to protect resources from unauthorized access. In 2011, Awasthi et al. proposed an improved timestamp-based remote authentication scheme to remove the drawbacks of Shen et al.’s scheme. In this paper, we show that Awasthi et al.’s scheme is vulnerable to the user impersonation attack, the password guessing attack, the insider attack and does not provide mutual authentication. Also, we propose the enhanced scheme to overcome these security drawbacks, even if the secret information stored in the smart card is revealed. As a result of security analysis, the enhanced scheme is relatively more secure than the related scheme in terms of security.


Authentication Smart Card User Impersonation Attack Password Guessing Attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Yang, W.H., Shieh, S.P.: Password Authentication with Smart Cards. Computers and Security 18(8), 727–733 (1999)CrossRefGoogle Scholar
  2. 2.
    Chan, C.K., Cheng, L.M.: Cryptanalysis of Timestamp-based Password Authentication Scheme. Computers and Security 21(1), 74–76 (2002)CrossRefGoogle Scholar
  3. 3.
    Fan, L., Li, L.H., Zhu, H.W.: An Enhancement of Timestamp-based Password Authentication Scheme. Computers and Security 21(7), 665–667 (2002)CrossRefGoogle Scholar
  4. 4.
    Shen, J.J., Lin, C.W., Hwang, M.S.: Security Enhancement for the Timestamp-based Password Authentication Scheme Using Smart Cards. Computers and Security 22(7), 591–595 (2003)CrossRefGoogle Scholar
  5. 5.
    Das, M.L., Sxena, A., Gulathi, V.P.: A Dynamic ID-based Remote User Authentication Scheme. IEEE Transactions on Consumer Electronics 50(2), 629–631 (2004)CrossRefGoogle Scholar
  6. 6.
    Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Attack on the Shen et al.’s Timestamp-based Password Authentication Scheme Using Smart Cards. IEICE Transactions on Fundamentals E88-A(1), 319–321 (2005)CrossRefGoogle Scholar
  7. 7.
    Bindu, C.S., Reddy, P.C.S., Satyanarayana, B.: Improved Remote User Authentication Scheme Preserving User Anonymity. International Journal of Computer Science and Network Security 8(3), 62–66 (2008)Google Scholar
  8. 8.
    Liu, J.Y., Zhou, A.M., Gao, M.X.: A New Mutual Authentication Scheme based on Nonce and Smart Cards. Computer Communications 31, 2205–2209 (2008)CrossRefGoogle Scholar
  9. 9.
    Awasthi, A.K., Srivastava, K., Mittal, R.C.: An Improved Timestamp-based Remote User Authentication Scheme. Computer and Electrical Engineering 37, 869–874 (2011)CrossRefGoogle Scholar
  10. 10.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-Card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Younghwa An
    • 1
  1. 1.Division of Computer and Media Information EngineeringKangnam Univ.Yongin-siKorea

Personalised recommendations