SciELO - Scientific Electronic Library Online

 
vol.11 número5A Survey on Femtocells: Benefits Deployment Models and Proposed SolutionsCropping Resilient Watermarking Based on Histogram Modification índice de autoresíndice de materiabúsqueda de artículos
Home Pagelista alfabética de revistas  

Servicios Personalizados

Revista

Articulo

Indicadores

Links relacionados

  • No hay artículos similaresSimilares en SciELO

Compartir


Journal of applied research and technology

versión On-line ISSN 2448-6736versión impresa ISSN 1665-6423

J. appl. res. technol vol.11 no.5 Ciudad de México oct. 2013

 

Security Improvement of Two Dynamic ID-based Authentication Schemes by Sood-Sarje-Singh

 

R. Martínez-Peláez*1, F. Rico-Novella2, J. Forné2, P. Velarde-Alvarado3

 

1 Institute of Informatics University of Sierra Sur Oaxaca, Miahuatlán de Porfirio Díaz, Mexico. *rpelaez@unsis.edu.mx.

2 Department of Telematics Engineering Universitat Politécnica de Catalunya Barcelona, Spain.

3 Area of Basic Sciences and Engineering Autonomous University of Nayarit Nayarit, Tepic, Mexico.

 

ABSTRACT

In 2010, Sood-Sarje-Singh proposed two dynamic ID-based remote user authentication schemes. The first scheme is a security improvement of Liao et al.'s scheme and the second scheme is a security improvement of Wang et al.'s scheme. In both cases, the authors claimed that their schemes can resist many attacks. However, we find that both schemes have security flaws. In addition, their schemes require a verification table and time-synchronization, making the schemes unfeasible and unsecured for electronic services. In order to remedy the security flaws of Sood et al.'s schemes, we propose a robust scheme which resists the well-known attacks and achieves all the desirable security goals.

Keywords: cryptanalysis, mutual authentication, network security, smart cards.

 

RESUMEN

En el año 2010, Sood-Sarje-Singh propusieron dos esquemas de autenticación de usuario remoto. El primer esquema presenta una mejora de seguridad sobre el esquema propuesto por Liao-Lee-Hwang en el año 2005, y el segundo esquema presenta una mejora de seguridad sobre el esquema propuesto por Wang-Liu-Xiao-Dan en el año 2009. En ambos casos, los autores claman que sus esquemas pueden resistir varios ataques. Sin embargo, nosotros hemos encontrado que ambos esquemas tienen deficiencias de seguridad. Además, los esquemas propuestos requieren de una tabla de verificación y sincronización de tiempo, haciendo a los esquemas imprácticos e inseguros para servicios electrónicos. Para remediar las deficiencias de seguridad presentadas en los esquemas propuestos por Sood-Sarje-Singh, nosotros proponemos un esquema robusto de seguridad que resiste los ataques más populares y consigue todas las metas de seguridad deseadas.

 

DESCARGAR ARTÍCULO EN FORMATO PDF

 

Acknowledgements

The authors would like to thank the anonymous reviewers for their valuable comments and suggestions. This research was supported by The Mexican Teacher Improvement Program (PROMEP), under the project number PROMEP/103.5/12/4525.

 

References

[1] Ku W.-C. & Chen S.-M., Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, 2004, pp. 204-207.         [ Links ]

[2] Chang C.-C. & Wu T.-C., Remote password authentication with smart cards, IEE Proceedings-E, Vol. 138, No. 3, 1991, pp. 165-168.         [ Links ]

[3] Hwang M. S. & Li L. H., A new remote user authentication scheme using smart card, IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, 2000, pp. 28-30.         [ Links ]

[4] Evans A.-J., Kantrowitz W. & Weiss E., A user authentication scheme not requiring secrecy in the computer, Communications of the ACM, Vol. 17, No. 8, 1974, pp. 437-442.         [ Links ]

[5] Feistel H., Notz W.-A. & Smith J.-L., Some cryptographic techniques for machine to machine data communications, Proccedings of the IEEE, Vol. 63, No. 11, 1975, pp. 1545-1554.         [ Links ]

[6] Chang C.-C. & Wu T.-C., A password authentication scheme without verification tables, 8th IASTED International Simposium of Applied Informatics, 1990, pp. 202-204.         [ Links ]

[7] Chien H. Y., Jan J. K. & Tseng Y. M., An Efficient and practical solution to remote authentication: smart card, Computers & Security, Vol. 21, No. 4, 2002, pp. 372-375.         [ Links ]

[8] Hsu C.-L., Security of two remote user authentication schemes using smart cards, IEEE Transaction on Consumer Electronics, Vol. 49, No. 4, 2003, pp. 1196-1198.         [ Links ]

[9] Das M.-L., Saxena A. & Gulati V.-P., A Dynamic ID-based remote user authentication scheme, IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, 2004, pp. 629-631.         [ Links ]

[10] Wang Y.-Y., Liu J.-Y., Xiao F. X., & Dan J., A more efficient and secure dynamic ID-based remote user authentication scheme, Computer Communications, Vol. 32, No. 2, 2009, pp. 583-585.         [ Links ]

[11] Goriparthi T., Das M.-L. & Saxena A., An improved bilinear pairing based remote user authentication scheme, Computer Standards & Interfaces, Vol. 31, No. 1, 2009, pp. 181-185.         [ Links ]

[12] Liao I.-E., Lee C.-C. & Hwang M.-S., Security enhancement for a dynamic ID-based remote user authentication Scheme, International Conference on Next Generation Web Services Practices, 2005, pp. 437-440.         [ Links ]

[13] Liou Y.-P., Lin J. & Wang S.-S., A New Dynamic ID-Based Remote User Authentication Scheme using Smart Cards, 16th Information Security Conference, 2006, pp. 198-205.         [ Links ]

[14] Sood S.-K., Sarje A.-K. & Singh K., An improvement of Wang et al.'s authentication scheme using smart cards, National Conference on Communications, 2010, pp. 29-31.         [ Links ]

[15] Sood S.-K., Sarje A.-K. & Singh K., An Improvement of Liao et al.'s Authentication Scheme using Smart Cards, IEEE 2nd International Advance Computing Conference, 2010, pp. 240-245.         [ Links ]

[16] Juang W.-S., Efficient password authenticated key agreement using smart cards, Computers & Security, Vol. 23, No. 2, 2004, pp. 167-173.         [ Links ]

[17] Lee S.-W., Kim H.-S. & Yoo K.-Y., Efficient nonce-based remote user authentication scheme using smart cards, Applied Mathematics and Computation, Vol. 167, No. 1, 2005, pp. 355-361.         [ Links ]

[18] Liaw H.-T., Lin J.-F. & Wu W.-C., An efficient and complete remote user authentication scheme using smart cards, Mathematical and Computer Modelling, Vol. 44, No. 1-2, 2006, pp. 223-228.         [ Links ]

[19] Madhusudhan R. & Mittal R.-C., Dynamic ID-based remote user password authentication schemes using smart cards: A review, Journal of Network and Computer Applications, Vol. 35, No. 4, 2012, pp. 1235-1248.         [ Links ]

[20] Li C.-T., Secure smart card based password authentication scheme with user anonymity, Information Technology and Control, Vol. 40, No. 2, 2011, pp. 157-162.         [ Links ]

[21] Kocher P., Jaffe J. & Jun B., Differential power analysis, Advances in Cryptology - Crypto'99, vol. LNCS 1666, 1999, pp. 388-397.         [ Links ]

[22] Messerges T.-S., Dabbish E.-A. & Sloan R.-H., Examining smart-card security under the threat of power analysis attacks, IEEE Transactions on Computers, Vol. 51, No. 5, 2002, pp. 541-552.         [ Links ]

[23] Hsiang H. C. & Shih W. K., Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment, Computer Standards & Interfaces, Vol. 31, No. 6, 2009, pp. 1118-1123.         [ Links ]

Creative Commons License Todo el contenido de esta revista, excepto dónde está identificado, está bajo una Licencia Creative Commons