Cryptanalysis and Improvement of a Two-Factor User Authentication Scheme Providing Mutual Authentication and Key Agreement over Insecure Channels

<p>Wu-Chieu proposed an enhanced remote user authentication scheme to improve the security of a user-friendly remote user authentication scheme with smart cards. However, we demonstrate that their scheme is vulnerable and susceptible to the attacks and can easily be cryptanalyzed. Their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, their scheme is slower in detecting the wrong input-password, and users cannot change their passwords. This paper proposes an efficient and secure remote authentication scheme to solve the problems found in Wu-Chieu’s scheme. In addition, the computational costs and efficiency of the proposed scheme is better than other related published schemes.</p>

Download Full-text

Weaknesses of a Dynamic ID-Based Remote User Authentication Scheme with Session Key Agreement for Multi-server Environment

Lecture Notes in Electrical Engineering - Information Technology Convergence, Secure and Trust Computing, and Data Management ◽

10.1007/978-94-007-5083-8_29 ◽

2012 ◽

pp. 233-240 ◽

Cited By ~ 2

Author(s):

Mijin Kim ◽

Namje Park ◽

Dongho Won

Keyword(s):

Key Agreement ◽

User Authentication ◽

Authentication Scheme ◽

Session Key ◽

Remote User Authentication ◽

Session Key Agreement ◽

Dynamic Id ◽

User Authentication Scheme ◽

Multi Server ◽

Remote User

Download Full-text

Remote User Authentication Scheme with Key Agreement Providing Forward Secrecy

Journal of Security Engineering ◽

10.14257/jse.2015.02.01 ◽

2015 ◽

Vol 12 (1) ◽

pp. 1-12

Author(s):

Hyunsung Kim

Keyword(s):

Key Agreement ◽

User Authentication ◽

Authentication Scheme ◽

Forward Secrecy ◽

Remote User Authentication ◽

User Authentication Scheme ◽

Remote User

Download Full-text

Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

Journal of Biomedicine and Biotechnology ◽

10.1155/2012/519723 ◽

2012 ◽

Vol 2012 ◽

pp. 1-6 ◽

Cited By ~ 40

Author(s):

Younghwa An

Keyword(s):

User Authentication ◽

Mutual Authentication ◽

Security Analysis ◽

Smart Cards ◽

Authentication Scheme ◽

Impersonation Attack ◽

Insider Attack ◽

Remote User Authentication ◽

User Authentication Scheme ◽

Remote User

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das’s authentication scheme, and we have shown that Das’s authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das’s authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

Download Full-text