Two robust remote user authentication protocols using smart cards

https://doi.org/10.1016/j.jss.2010.07.062Get rights and content

Abstract

With the rapid growth of electronic commerce and enormous demand from variants of Internet based applications, strong privacy protection and robust system security have become essential requirements for an authentication scheme or universal access control mechanism. In order to reduce implementation complexity and achieve computation efficiency, design issues for efficient and secure password based remote user authentication scheme have been extensively investigated by research community in these two decades. Recently, two well-designed password based authentication schemes using smart cards are introduced by Hsiang and Shih (2009) and Wang et al. (2009), respectively. Hsiang et al. proposed a static ID based authentication protocol and Wang et al. presented a dynamic ID based authentication scheme. The authors of both schemes claimed that their protocol delivers important security features and system functionalities, such as mutual authentication, data security, no verification table implementation, freedom on password selection, resistance against ID-theft attack, replay attack and insider attack, as well as computation efficiency. However, these two schemes still have much space for security enhancement. In this paper, we first demonstrate a series of vulnerabilities on these two schemes. Then, two enhanced protocols with corresponding remedies are proposed to eliminate all identified security flaws in both schemes.

Introduction

Due to simplicity and convenience for providing an efficient and accurate way to identify valid remote users, password based authentication protocol has become one of the most promising techniques to secure Internet based applications. Since Lamport (1981) proposed the first password based remote authentication scheme to identify the legal user within an insecure communication environment, a series of relevant studies and authentication mechanisms (Argyroudis et al., 2004, Awasthi and Lal, 2003, Awasthi and Lal, 2004, Bellare and Rogaway, 1993, Chien and Chen, 2005, Das et al., 2004, Ding and Horster, 1995, Duan et al., 2006, Gao and Tu, 2008, Gong, 1992, Hsiang and Shih, 2009, Hwang et al., 1990, Hwang et al., 2010, Hwang and Li, 2000, Kocher et al., 1999, Ku and Chang, 2005, Lamport, 1981, Lee et al., 2002a, Lee et al., 2002b, Liao et al., 2005, Lo and Yeh, 2009, Messerges et al., 2002, Misbahuddin et al., 2006, Sun, 2000, Shen et al., 2003, Wang et al., 2009, Xie et al., 2008, Yeh et al., 2010, Yoon et al., 2004, Zhang et al., 2006) have been investigated in these two decades. However, most of previously published schemes cannot achieve computation efficiency and system security at the same time. Fortunately, this dilemma has been mitigated in recent two years. In 2009, Hsiang and Shih (2009) proposed a static ID based remote authentication protocol using smart cards. This scheme supports computation efficiency by utilizing only hash function operations. In addition, the authors claimed that their protocol provides security features such as mutual authentication, freedom on password selection and resistance to masquerade attack, password guessing attacks and parallel session attack. Nevertheless, based on our analysis, Hsiang–Shih's scheme is vulnerable to masquerade attack and password guessing attacks. To eliminate these pitfalls, we develop an enhanced protocol to defend against identified security weaknesses while preserving protocol efficiency at the same order of computational complexity.

As violation concern of user privacy on Internet based applications is promptly raised among individuals, human right organizations and national governments, development of dynamic ID based authentication scheme has become a very popular research topic in recent years. In 2009, Wang et al. (2009) introduced a dynamic ID based authentication protocol using smart cards, in which protocol security, user privacy and scheme efficiency were claimed to be held simultaneously. However, according to our analysis, Wang et al.’s scheme is insecure against replay attack, user impersonation attack, server counterfeit attack, man-in-the-middle attack and password guessing attacks. Therefore, we propose another enhanced protocol to overcome all identified security flaws.

Two corresponding theorems based on formal proof methodology are presented for our two proposed protocols, in which our enhanced protocols are proved to be secure under collision resistance of hash function. By performing cryptanalysis on Hsiang–Shih's scheme and Wang et al.’s protocol and providing security-enhanced countermeasures, we have contributed valuable protocol design experiences and developed new protocol design techniques on smart card based authentication in this paper.

Section snippets

Related work

In the domain of password based authentication scheme, a potential threat of that verifier (or password) tables may be stored in plaintext form at server side. Once the server was compromised, all maintained user passwords will be disclosed. To avoid such problem, Lamport (1981) presented a hash-chain based remote user authentication scheme in which all secret passwords are maintained in an encoded status. However, as the verifier table requires to be stored in the remote server, there exists a

Review of Hsiang–Shih's protocol

In this section, we briefly review Hsiang–Shih's remote authentication protocol (Hsiang and Shih, 2009) which consists of four phases, i.e. registration phase, login phase, verification phase and password change phase. The notations utilized in Sections 3 Cryptanalysis of Hsiang–Shih's protocol, 4 Security-enhanced version of are listed as follows.

  • U: the user

  • ID: the identity of U

  • PW: the password of U

  • S: the remote server

  • Tu, Ts: timestamps.

  • x: the permanent secret key of S

  • h(.): a secure one-way

Countermeasure for identified vulnerabilities on Hsiang–Shih's protocol

Based on our analysis, the password guessing attacks can always make human-memorable password based authentication scheme vulnerable if the following three assumptions are held: (1) the adversary can obtain the loss card of the victim communication party, (2) all sensitive information maintained in this smart card can be successfully extracted by the adversary (Kocher et al., 1999, Messerges et al., 2002), and (3) the public key cryptosystem technology cannot be utilized to eliminate the

Review of Wang et al.’s scheme

Wang et al.’s scheme consists of four phases, i.e. the registration phase, the login phase, the authentication phase and the password change phase. The notations used in Sections 5 Cryptanalysis of Wang et al.’s scheme, 6 Security-enhanced version of Wang et al.’s protocol and corresponding analyses are as follows.

  • U: the user

  • ID: the identity of U

  • PW: the password of U

  • T, T′, T″: current timestamps.

  • S: the remote server

  • x, y: the permanent secret key of S

  • h(.): a secure one-way hash function.

  • ⊕:

Security-enhanced version of Wang et al.’s protocol and corresponding analyses

According to our analysis, two design principles for dynamic ID based authentication mechanism are presented. First, the server's secret value must not be stored in a smart card since it can be extracted (Kocher et al., 1999, Messerges et al., 2002). Once a smart card is obtained or stolen by an adversary, he/she can easily extract the secret values or any sensitive information from this smart card. This may lead into various malicious attacks and even the compromise of the server. Second,

Conclusion

In this paper, we have reported security vulnerabilities on two well-designed remote authentication protocols (Hsiang and Shih, 2009, Wang et al., 2009). Based on our cryptanalysis, Hsiang–Shih's scheme cannot defend against masquerade attack. In addition, once the user's smart card was stolen, it is easier for an adversary to derive the correct user password and invoke user impersonation attack. Regarding to Wang et al.’s scheme, we have demonstrated its security weaknesses on ID-theft attack,

Acknowledgment

The authors gratefully acknowledge the support from TWISC projects sponsored by the National Science Council, Taiwan, under the Grants No. NSC 98-2219-E-011-001. Chunhua and Yingjiu's work is partly supported by A*Star SERC Grant No. 082 101 0022 in Singapore.

Kuo-Hui Yeh received his B.S. degree in Mathematics from the Fu Jen Catholic University, Taipei County, Taiwan, in 2000, and the M.S. and Ph.D. degrees in Information Management from the National Taiwan University of Science and Technology, Taipei, Taiwan, in 2005 and 2010, respectively. His research interests include RFID applications and security, wireless network protocol and security, and fault tolerance.

References (34)

  • M.L. Das et al.

    A dynamic ID-based remote user authentication scheme

    IEEE Transactions on Consumer Electronics

    (2004)
  • Y. Ding et al.

    Undetectable on-line password guessing attacks

    ACM SIGOPS Operating Systems Review

    (1995)
  • X. Duan et al.

    Security improvement on Chien et al.’s remote user authentication scheme using smart cards

  • Z.X. Gao et al.

    An improvement of dynamic ID-based remote user authentication scheme with smart cards

  • L. Gong

    A security risk of depending on synchronized clocks

    ACM Operating System Review

    (1992)
  • T. Hwang et al.

    Non-interactive password authentication without password tables

  • M.S. Hwang et al.

    A new remote user authentication scheme using smart cards

    IEEE Transactions on Consumer Electronics

    (2000)
  • Cited by (64)

    • Security bound enhancement of remote user authentication using smart card

      2017, Journal of Information Security and Applications
      Citation Excerpt :

      In 2008 Wang et al. [10] improvised Das et al.'s scheme and concluded that their improvement does not damage the merits of the existing scheme and is more efficient to be applied. Yeh et al. [37] identified the possibility of impersonation and man in middle attack in Wang et al.'s scheme and they developed an authentication protocol to withstand identified weaknesses. In 2011 Wang et al. [38] cryptanalyzed the Wang et al.'s [10] scheme in 2011.

    • Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity

      2015, Information Sciences
      Citation Excerpt :

      Unfortunately, in 2009 Wang et al. [93] pointed out that Das et al.’s seminal scheme [22] is completely insecure for its independence of using passwords and fails to provide mutual authentication and user anonymity. Accordingly, they suggested an improved version, which was later found incapable of providing user anonymity and prone to impersonation attack by Yeh et al. [108] and Wen–Li [96], respectively. To the designers’ disappointment, both the enhancements of Yeh et al. and Wen–Li have been found vulnerable to the most damaging attack – offline dictionary attack [63].

    • Advanced password based authentication scheme for wireless sensor networks

      2015, Journal of Information Security and Applications
    • Design of Secure Authenticated Key Management Protocol for Cloud Computing Environments

      2021, IEEE Transactions on Dependable and Secure Computing
    View all citing articles on Scopus

    Kuo-Hui Yeh received his B.S. degree in Mathematics from the Fu Jen Catholic University, Taipei County, Taiwan, in 2000, and the M.S. and Ph.D. degrees in Information Management from the National Taiwan University of Science and Technology, Taipei, Taiwan, in 2005 and 2010, respectively. His research interests include RFID applications and security, wireless network protocol and security, and fault tolerance.

    Chunhua Su received the B.S. degree from Beijing Electronic and Science Institute in 2003 and received his M.S. and PhD degrees from Graduate School of Information Science and Electrical Engineering, Kyushu University in 2006 and 2009 respectively. He is currently working as a postdoctoral fellow in Singapore Management University. His current research interests are in RFID security and privacy, secure multi-party computation and provable security.

    N.W. Lo received his B.S. degree in engineering science from the National Cheng-Kung University, Tainan, Taiwan, in 1988, and the M.S. and Ph.D. degrees in computer science and electrical engineering from the State University of New York at Stony Brook, NY, in 1992 and 1998, respectively. He is currently an assistant professor of Department of Information Management at the National Taiwan University of Science and Technology, and a member of the IEEE communications society. His research interests include RFID applications and security, wireless network routing and security, Web technology, and fault tolerance.

    Yingjiu Li is currently an Assistant Professor in the School of Information Systems at Singapore Management University. He received his Ph.D. degree in Information Technology from George Mason University in 2003. His research interests include RFID security, applied cryptography, and data applications security. He has published over 60 technical papers in international conferences and journals. He has served in the program committees for over 40 international conferences and workshops. Yingjiu Li is a senior member of the ACM and a member of the IEEE. The URL for his web page is http://www.mysmu.edu/faculty/yjli/.

    Yi-Xiang Hung received his M.S. degree in Information Management at the National Taiwan University of Science and Technology in 2009. His research interest is network security.

    View full text