Security Weaknesses of Song's Advanced Smart Card Based Password Authentication Protocol

[[abstract]]Password based authentication with smart cards has been adopted as a more secure means in insecure networks to validate the legitimacy of users. Traditional authentication schemes are based on the tamper-resistant smart card; that is, the data stored in the smart card cannot be revealed. However, it is a challenging problem for considering non-tamper-resistant smart cards used in user authentication. Very recently, in 2010, Song proposed an efficient authentication scheme with such non-tamper resistant smart cards based on symmetric key cryptosystems as well as modular exponentiations. In this paper, we will show that Song's scheme is vulnerable to the offline password guessing attack and the insider attack. Besides, this scheme does not provide perfect forward secrecy and does not preserve user anonymity.[[conferencetype]]國際[[conferencelocation]]Shanghai, Chin

Provable Secure and Efficient Digital Rights Management Authentication Scheme Using Smart Card Based on Elliptic Curve Cryptography

Since the concept of ubiquitous computing is firstly proposed by Mark Weiser, its connotation has been extending and expanding by many scholars. In pervasive computing application environment, many kinds of small devices containing smart cart are used to communicate with others. In 2013, Yang et al. proposed an enhanced authentication scheme using smart card for digital rights management. They demonstrated that their scheme is secure enough. However, Mishra et al. pointed out that Yang et al.’s scheme suffers from the password guessing attack and the denial of service attack. Moreover, they also demonstrated that Yang et al.’s scheme is not efficient enough when the user inputs an incorrect password. In this paper, we analyze Yang et al.’s scheme again, and find that their scheme is vulnerable to the session key attack. And, there are some mistakes in their scheme. To surmount the weakness of Yang et al.’s scheme, we propose a more efficient and provable secure digital rights management authentication scheme using smart card based on elliptic curve cryptography

Improved on an efficient user authentication scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment

Recently, Farasha et al. proposed an efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. By using BAN-logic and AVISPA tools, they confirm the security properties of the proposed scheme. However, after analyzing, we determine that the scheme could not resist the smart card loss password guessing attack, which is one of the ten basic requirements in a secure identity authentication using smart card, assisted by Liao et al. Therefore, we modify the method to include the desired security functionality, which is significantly important in a user authentication system using smart card

An efficient password authentication scheme for smart card,”

Abstract Yang-Wang-Chang proposed an improved timestamp associated password authentication scheme based on YangShieh, who had earlier proposed timestamp-based remote authentication scheme using smart cards. In this paper, we propose an efficient password authentication scheme with smart card applying RSA. The proposed scheme withstands most of the attacks with minimum computational cost

Password authenticated key agreement protocol for multi-servers architecture

[[abstract]]This paper proposes an efficient password authenticated key agreement protocol for multi-servers architecture. The authenticated key agreement protocol is a good solution to provide authentication and confidentiality. The identity authentication and confidentiality are two important primary security services for the open network environment. The proposed scheme allows user to access multi-server securely by keeping one weak password and a smart card only. The client user and server will authenticate each other in the proposed scheme. They will agree a secret common session key for each request in the ending of the proposed scheme. Furthermore, the proposed scheme is based on straight line of geometry and symmetric cryptosystem. It does not use the overload cryptography operations, it is more efficient than the previous results.[[conferencetype]]國際[[conferencedate]]20050613~20050616[[iscallforpapers]]Y[[conferencelocation]]Taipei, Taiwa

Applying LU Decomposition of Matrices to Design Anonymity Bilateral Remote User Authentication Scheme

We apply LU decomposition of matrices to present an anonymous bilateral authentication scheme. This paper aims at improving security and providing more excellent performances for remote user authentication scheme. The proposed scheme can provide bilateral authentication and session key agreement, can quickly check the validity of the input password, and can really protect the user anonymity. The security of the proposed scheme is based on the discrete logarithm problem (DLP), Diffie-Hellman problem (DHP), and the one-way hash function. It can resist various attacks such as insider attack, impersonation attack, server spoofing attack, and stolen smart card attack. Moreover, the presented scheme is computationally efficient for real-life implementation

Enhanced Biometrics-based Remote User Authentication Scheme Using Smart Cards

Authentication and key exchange are fundamental techniques for enabling secure communication over mobile networks. In order to reduce implementation complexity and achieve computation efficiency, design issues for efficient and secure biometrics-based remote user authentication scheme have been extensively investigated by research community in these years. Recently, two well-designed biometrics-based authentication schemes using smart cards are introduced by Li and Hwang and Li et al., respectively. Li and Hwang proposed an efficient biometrics-based remote user authentication scheme using smart card and Li et al. proposed an improvement. The authors of both schemes claimed that their protocol delivers important security features and system functionalities, such as without synchronized clock, freely changes password, mutual authentication, as well as low computation costs. However, these two schemes still have much space for security enhancement. In this paper, we first demonstrate a series of vulnerabilities on these two schemes. Then, an enhanced scheme with corresponding remedies is proposed to eliminate all identified security flaws in both schemes