Cryptanalysis of Yang-Wang-Chang's Password Authentication Scheme with Smart Cards

In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s legendary timestamp-based remote authentication scheme using smart cards. After analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that their scheme is still insecure and vulnerable to four types of forgery attacks. Hence, in this paper, we prove that, their claim that their scheme is intractable is incorrect. Also, we show that even an attack based on Sun et al._s attack could be launched against their scheme which they claimed to resolve with their proposal.Comment: 3 Page

An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards

With the recent proliferation of distributed systems and networking, remote authentication has become a crucial task in many networking applications. Various schemes have been proposed so far for the two-party remote authentication; however, some of them have been proved to be insecure. In this paper, we propose an efficient timestamp-based password authentication scheme using smart cards. We show various types of forgery attacks against a previously proposed timestamp-based password authentication scheme and improve that scheme to ensure robust security for the remote authentication process, keeping all the advantages that were present in that scheme. Our scheme successfully defends the attacks that could be launched against other related previous schemes. We present a detailed cryptanalysis of previously proposed Shen et. al scheme and an analysis of the improved scheme to show its improvements and efficiency.Comment: 6 page

A review and cryptanalysis of similar timestamp-based password authentication schemes using smart cards

The intent of this paper is to review some timestampbased password authentication schemes using smart cards which have similar working principles. Many of the proposed timestampbased password authentication schemes were subsequently found to be insecure. Here, we investigate three schemes with similar working principles, show that they are vulnerable to tricky forgery attacks, and thus they fail to ensure the level of security that is needed for remote login procedure using smart cards. Though there are numerous works available in this field, to the best of our knowledge this is the first time we have found some critical flaws in these schemes that were not detected previously. Along with the proofs of their flaws and inefficiencies, we note down our solution which could surmount all sorts of known attacks and thus reduces the probability of intelligent forgery attacks. We provide a detailed literature review how the schemes have been developed and modified throughout years. We prove that some of the schemes which so far have been thought to be intractable are still flawed, in spite of their later improvements

Cryptanalysis and improvement of chen-hsiang-shih's remote user authentication scheme using smart cards

Recently, Chen-Hsiang-Shih proposed a new dynamic ID-based remote user authentication scheme. The authors claimed that their scheme was more secure than previous works. However, this paper demonstrates that theirscheme is still unsecured against different kinds of attacks. In order to enhance the security of the scheme proposed by Chen-Hsiang-Shih, a new scheme is proposed. The scheme achieves the following security goals: without verification table, each user chooses and changes the password freely, each user keeps the password secret, mutual authentication, the scheme establishes a session key after successful authentication, and the scheme maintains the user's anonymity. Security analysis and comparison demonstrate that the proposed scheme is more secure than Das-Saxena-Gulati's scheme, Wang et al.'s scheme and Chen-Hsiang-Shih.Peer ReviewedPostprint (published version

An efficient password authentication scheme for smart card,”

Abstract Yang-Wang-Chang proposed an improved timestamp associated password authentication scheme based on YangShieh, who had earlier proposed timestamp-based remote authentication scheme using smart cards. In this paper, we propose an efficient password authentication scheme with smart card applying RSA. The proposed scheme withstands most of the attacks with minimum computational cost

Secure Message Recovery and Batch Verification using Digital Signature

This paper about the study of Secure message Recovery and batch verification using Digital Signature Security is increased in batch verification through triple DES algorithm Encryption is used for the Security in which the plaintext is transforming into the cipher text A digital signature scheme involves two phases the signature generation phase which is performed at the sender side and the signature verification phase that is performed by the receiver of that message In computer to computer communication the computer at sender s end usually transforms a plaintext into cipher text using encryption When the message is recovered at the Receiver Side than the original text is converted in to the encrypted text That encrypted text is secure for the authenticated person After recover the message if authentic person wants to get the original text then he she enter the key and take the plaintex

Identification and Authentication: Technology and Implementation Issues

Computer-based information systems in general, and Internet e-commerce and e-business systems in particular, employ many types of resources that need to be protected against access by unauthorized users. Three main components of access control are used in most information systems: identification, authentication, and authorization. In this paper we focus on authentication, which is the most problematic component. The three main approaches to user authentication are: knowledge-based, possession-based, and biometric-based. We review and compare the various authentication mechanisms of these approaches and the technology and implementation issues they involve. Our conclusion is that there is no silver bullet solution to user authentication problems. Authentication practices need improvement. Further research should lead to a better understanding of user behavior and the applied psychology aspects of computer security

An Efficient Generic Framework for Three-Factor Authentication With Provably Secure Instantiation

Remote authentication has been widely studied and adapted in distributed systems. The security of remote authentication mechanisms mostly relies on one of or the combination of three factors: 1) something users know - password; 2) something users have - smart card; and 3) something users are - biometric characteristics. This paper introduces an efficient generic framework for three-factor authentication. The proposed generic framework enhances the security of existing two-factor authentication schemes by upgrading them to three-factor authentication schemes, without exposing user privacy. In addition, we present a case study by upgrading a secure two-factor authentication scheme to a secure three-factor authentication scheme. Furthermore, implementation analysis, formal proof, and privacy discussion are provided to show that the derived scheme is practical, secure, and privacy preserving

개선된 인증과 키 분배 기법

학위논문 (박사)-- 서울대학교 대학원 : 수리과학부, 2014. 2. 김명환.Nowadays, anonymity property of user authentication scheme becomes important. From 2003, Park et al., Juang et al., and other researchers proposed a useful, secure and efficient authenticated-key exchange scheme. However, There schemes did not provide the useful methods against the various efficient attacks. They argued that they provided the identity privacy- mutual authentication-half-forward secrecy. But their suggestions have limited solutions. So we have researched the about 30 papers and suggested an improved authentication and key exchange scheme. Then, we show that the proposed scheme is secure against the various attacks methods (linear attack, inverse, dictionary, MTMD attacks etc).Chapter 1 Introduction ........................................................ 6 1.1 Motivation ...............................................................................6 1.2 Organization ............................................................................8 Chapter 2 Secure Authenticated Key Exchange .................. 11 2.1 AKE Security ........................................................................11 2.2 Protocol Attack Types ...........................................................17 Chapter 3Secure Authenticated Key Exchange ................... 19 3.1 The Authentication Key Protocol..........................................19 3.2 General Security-Analysis Discussion..................................26 Chapter 4Authenticated Key Exchange Protocol................ 40 4.1 The Improved AKE ...............................................................41 4.2 An Improved Anonymous AKE Scheme ..............................62 Chapter 5Conclusion ...................................................... 75 Bibliography .................................................................... 77 Abstract ........................................................................... 87Docto

Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment

Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an ``ideal\u27\u27 scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.\u27s scheme and Li\u27s scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy