Servicios Personalizados
Revista
Articulo
Indicadores
- Citado por SciELO
- Accesos
Links relacionados
- Similares en SciELO
Compartir
Journal of applied research and technology
versión On-line ISSN 2448-6736versión impresa ISSN 1665-6423
J. appl. res. technol vol.11 no.5 Ciudad de México oct. 2013
Security Improvement of Two Dynamic ID-based Authentication Schemes by Sood-Sarje-Singh
R. Martínez-Peláez*1, F. Rico-Novella2, J. Forné2, P. Velarde-Alvarado3
1 Institute of Informatics University of Sierra Sur Oaxaca, Miahuatlán de Porfirio Díaz, Mexico. *rpelaez@unsis.edu.mx.
2 Department of Telematics Engineering Universitat Politécnica de Catalunya Barcelona, Spain.
3 Area of Basic Sciences and Engineering Autonomous University of Nayarit Nayarit, Tepic, Mexico.
ABSTRACT
In 2010, Sood-Sarje-Singh proposed two dynamic ID-based remote user authentication schemes. The first scheme is a security improvement of Liao et al.'s scheme and the second scheme is a security improvement of Wang et al.'s scheme. In both cases, the authors claimed that their schemes can resist many attacks. However, we find that both schemes have security flaws. In addition, their schemes require a verification table and time-synchronization, making the schemes unfeasible and unsecured for electronic services. In order to remedy the security flaws of Sood et al.'s schemes, we propose a robust scheme which resists the well-known attacks and achieves all the desirable security goals.
Keywords: cryptanalysis, mutual authentication, network security, smart cards.
RESUMEN
En el año 2010, Sood-Sarje-Singh propusieron dos esquemas de autenticación de usuario remoto. El primer esquema presenta una mejora de seguridad sobre el esquema propuesto por Liao-Lee-Hwang en el año 2005, y el segundo esquema presenta una mejora de seguridad sobre el esquema propuesto por Wang-Liu-Xiao-Dan en el año 2009. En ambos casos, los autores claman que sus esquemas pueden resistir varios ataques. Sin embargo, nosotros hemos encontrado que ambos esquemas tienen deficiencias de seguridad. Además, los esquemas propuestos requieren de una tabla de verificación y sincronización de tiempo, haciendo a los esquemas imprácticos e inseguros para servicios electrónicos. Para remediar las deficiencias de seguridad presentadas en los esquemas propuestos por Sood-Sarje-Singh, nosotros proponemos un esquema robusto de seguridad que resiste los ataques más populares y consigue todas las metas de seguridad deseadas.
DESCARGAR ARTÍCULO EN FORMATO PDF
Acknowledgements
The authors would like to thank the anonymous reviewers for their valuable comments and suggestions. This research was supported by The Mexican Teacher Improvement Program (PROMEP), under the project number PROMEP/103.5/12/4525.
References
[1] Ku W.-C. & Chen S.-M., Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, 2004, pp. 204-207. [ Links ]
[2] Chang C.-C. & Wu T.-C., Remote password authentication with smart cards, IEE Proceedings-E, Vol. 138, No. 3, 1991, pp. 165-168. [ Links ]
[3] Hwang M. S. & Li L. H., A new remote user authentication scheme using smart card, IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, 2000, pp. 28-30. [ Links ]
[4] Evans A.-J., Kantrowitz W. & Weiss E., A user authentication scheme not requiring secrecy in the computer, Communications of the ACM, Vol. 17, No. 8, 1974, pp. 437-442. [ Links ]
[5] Feistel H., Notz W.-A. & Smith J.-L., Some cryptographic techniques for machine to machine data communications, Proccedings of the IEEE, Vol. 63, No. 11, 1975, pp. 1545-1554. [ Links ]
[6] Chang C.-C. & Wu T.-C., A password authentication scheme without verification tables, 8th IASTED International Simposium of Applied Informatics, 1990, pp. 202-204. [ Links ]
[7] Chien H. Y., Jan J. K. & Tseng Y. M., An Efficient and practical solution to remote authentication: smart card, Computers & Security, Vol. 21, No. 4, 2002, pp. 372-375. [ Links ]
[8] Hsu C.-L., Security of two remote user authentication schemes using smart cards, IEEE Transaction on Consumer Electronics, Vol. 49, No. 4, 2003, pp. 1196-1198. [ Links ]
[9] Das M.-L., Saxena A. & Gulati V.-P., A Dynamic ID-based remote user authentication scheme, IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, 2004, pp. 629-631. [ Links ]
[10] Wang Y.-Y., Liu J.-Y., Xiao F. X., & Dan J., A more efficient and secure dynamic ID-based remote user authentication scheme, Computer Communications, Vol. 32, No. 2, 2009, pp. 583-585. [ Links ]
[11] Goriparthi T., Das M.-L. & Saxena A., An improved bilinear pairing based remote user authentication scheme, Computer Standards & Interfaces, Vol. 31, No. 1, 2009, pp. 181-185. [ Links ]
[12] Liao I.-E., Lee C.-C. & Hwang M.-S., Security enhancement for a dynamic ID-based remote user authentication Scheme, International Conference on Next Generation Web Services Practices, 2005, pp. 437-440. [ Links ]
[13] Liou Y.-P., Lin J. & Wang S.-S., A New Dynamic ID-Based Remote User Authentication Scheme using Smart Cards, 16th Information Security Conference, 2006, pp. 198-205. [ Links ]
[14] Sood S.-K., Sarje A.-K. & Singh K., An improvement of Wang et al.'s authentication scheme using smart cards, National Conference on Communications, 2010, pp. 29-31. [ Links ]
[15] Sood S.-K., Sarje A.-K. & Singh K., An Improvement of Liao et al.'s Authentication Scheme using Smart Cards, IEEE 2nd International Advance Computing Conference, 2010, pp. 240-245. [ Links ]
[16] Juang W.-S., Efficient password authenticated key agreement using smart cards, Computers & Security, Vol. 23, No. 2, 2004, pp. 167-173. [ Links ]
[17] Lee S.-W., Kim H.-S. & Yoo K.-Y., Efficient nonce-based remote user authentication scheme using smart cards, Applied Mathematics and Computation, Vol. 167, No. 1, 2005, pp. 355-361. [ Links ]
[18] Liaw H.-T., Lin J.-F. & Wu W.-C., An efficient and complete remote user authentication scheme using smart cards, Mathematical and Computer Modelling, Vol. 44, No. 1-2, 2006, pp. 223-228. [ Links ]
[19] Madhusudhan R. & Mittal R.-C., Dynamic ID-based remote user password authentication schemes using smart cards: A review, Journal of Network and Computer Applications, Vol. 35, No. 4, 2012, pp. 1235-1248. [ Links ]
[20] Li C.-T., Secure smart card based password authentication scheme with user anonymity, Information Technology and Control, Vol. 40, No. 2, 2011, pp. 157-162. [ Links ]
[21] Kocher P., Jaffe J. & Jun B., Differential power analysis, Advances in Cryptology - Crypto'99, vol. LNCS 1666, 1999, pp. 388-397. [ Links ]
[22] Messerges T.-S., Dabbish E.-A. & Sloan R.-H., Examining smart-card security under the threat of power analysis attacks, IEEE Transactions on Computers, Vol. 51, No. 5, 2002, pp. 541-552. [ Links ]
[23] Hsiang H. C. & Shih W. K., Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment, Computer Standards & Interfaces, Vol. 31, No. 6, 2009, pp. 1118-1123. [ Links ]