An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards

With the recent proliferation of distributed systems and networking, remote authentication has become a crucial task in many networking applications. Various schemes have been proposed so far for the two-party remote authentication; however, some of them have been proved to be insecure. In this paper, we propose an efficient timestamp-based password authentication scheme using smart cards. We show various types of forgery attacks against a previously proposed timestamp-based password authentication scheme and improve that scheme to ensure robust security for the remote authentication process, keeping all the advantages that were present in that scheme. Our scheme successfully defends the attacks that could be launched against other related previous schemes. We present a detailed cryptanalysis of previously proposed Shen et. al scheme and an analysis of the improved scheme to show its improvements and efficiency.Comment: 6 page

Cryptanalysis of Yang-Wang-Chang's Password Authentication Scheme with Smart Cards

In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s legendary timestamp-based remote authentication scheme using smart cards. After analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that their scheme is still insecure and vulnerable to four types of forgery attacks. Hence, in this paper, we prove that, their claim that their scheme is intractable is incorrect. Also, we show that even an attack based on Sun et al._s attack could be launched against their scheme which they claimed to resolve with their proposal.Comment: 3 Page

Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity

Dynamic ID-based remote user authentication schemes ensure efficient and anonymous mutual authentication between entities. In 2013, Khan et al. proposed an improved dynamic ID-based authentication scheme to overcome the security flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that Khan et al. does not satisfies the claim of the user's privacy and proposed an efficient authentication scheme with user anonymity. The Sun and Cao's scheme achieve improvement over Khan et al.'s scheme in both privacy and performance point of view. Unfortunately, we identify that Sun and Cao's scheme does not resist password guessing attack. Additionally, Sun and Cao's scheme does not achieve forward secrecy

A review and cryptanalysis of similar timestamp-based password authentication schemes using smart cards

The intent of this paper is to review some timestampbased password authentication schemes using smart cards which have similar working principles. Many of the proposed timestampbased password authentication schemes were subsequently found to be insecure. Here, we investigate three schemes with similar working principles, show that they are vulnerable to tricky forgery attacks, and thus they fail to ensure the level of security that is needed for remote login procedure using smart cards. Though there are numerous works available in this field, to the best of our knowledge this is the first time we have found some critical flaws in these schemes that were not detected previously. Along with the proofs of their flaws and inefficiencies, we note down our solution which could surmount all sorts of known attacks and thus reduces the probability of intelligent forgery attacks. We provide a detailed literature review how the schemes have been developed and modified throughout years. We prove that some of the schemes which so far have been thought to be intractable are still flawed, in spite of their later improvements

Cryptanalysis and improvement of chen-hsiang-shih's remote user authentication scheme using smart cards

Recently, Chen-Hsiang-Shih proposed a new dynamic ID-based remote user authentication scheme. The authors claimed that their scheme was more secure than previous works. However, this paper demonstrates that theirscheme is still unsecured against different kinds of attacks. In order to enhance the security of the scheme proposed by Chen-Hsiang-Shih, a new scheme is proposed. The scheme achieves the following security goals: without verification table, each user chooses and changes the password freely, each user keeps the password secret, mutual authentication, the scheme establishes a session key after successful authentication, and the scheme maintains the user's anonymity. Security analysis and comparison demonstrate that the proposed scheme is more secure than Das-Saxena-Gulati's scheme, Wang et al.'s scheme and Chen-Hsiang-Shih.Peer ReviewedPostprint (published version

Improvement of a security enhanced one-time two-factor authentication and key agreement scheme

AbstractIn 2010, Hölbl et al. showed that Shieh et al.’s mutual authentication and key agreement scheme is vulnerable to the smart card lost attack, not achieving perfect forward secrecy, and proposed a security enhanced scheme to eliminate these weaknesses. In this paper, we show that Hölbl et al.’s security enhancement is still vulnerable to the smart card lost attacks. In addition, their scheme cannot resist impersonation attacks and parallel session attacks. Seeing that the existing mutual authentication schemes using smart cards are almost vulnerable to the smart card lost attacks, we further propose a new one-time two-factor mutual authentication and key agreement scheme to eliminate these weaknesses

A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme