A secure remote authentication scheme preserving user anonymity with non-tamper resistant smart cards

Authors:
Wen-Bing Horng;Cheng-Ping Lee;Jian-Wen Peng
Affiliations:
Department of Computer Science and Information Engineering, Tamkang University, Tamsui, Taipei, Taiwan, Republic of China;Department of Computer Science and Information Engineering, Tamkang University, Tamsui, Taipei, Taiwan, Republic of China;Department of Commerce Automation and Management, Chihlee Institute of Technology, Banciao, Taipei, Taiwan, Republic of China
Venue:
WSEAS Transactions on Information Science and Applications
Year:
2010

Citing 22
Cited 2

Examining Smart-Card Security under the Threat of Power Analysis Attacks

IEEE Transactions on Computers
A Remote Authentication Scheme Preserving User Anonymity

AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
Security Enhancement for a Dynamic ID-Based Remote User Authentication Scheme

NWESP '05 Proceedings of the International Conference on Next Generation Web Services Practices
A password authentication scheme over insecure networks

Journal of Computer and System Sciences
An Anonymous Digital Cash and Fair Payment Protocol Utilizing Smart Card in Mobile Environments

GCCW '06 Proceedings of the Fifth International Conference on Grid and Cooperative Computing Workshops
Password-Based Access Control Scheme with Remote User Authentication Using Smart Cards

AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 02
Improved Remote User Authentication Scheme Preserving User Anonymity

CNSR '07 Proceedings of the Fifth Annual Conference on Communication Networks and Services Research
Cryptanalysis and Improvement of an "Improved Remote Authentication Scheme with Smart Card'

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
A new mutual authentication scheme based on nonce and smart cards

Computer Communications
Anonymous and Traceable Authentication Scheme using Smart Cards

ISA '08 Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)
EARS: Efficient Entity Authentication in Remote Systems

ITNG '08 Proceedings of the Fifth International Conference on Information Technology: New Generations
A Simple and Secure Authentication and Key Establishment Protocol

ICETET '08 Proceedings of the 2008 First International Conference on Emerging Trends in Engineering and Technology
Improvement of Wang-Li's Forward-Secure User Authentication Scheme with Smart Cards

ISDA '08 Proceedings of the 2008 Eighth International Conference on Intelligent Systems Design and Applications - Volume 01
Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards

Computer Communications
More secure remote user authentication scheme

Computer Communications
Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments

Computer Standards & Interfaces
Successfully attacking masked AES hardware implementations

CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
On second-order differential power analysis

CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
A simple remote user authentication scheme

Mathematical and Computer Modelling: An International Journal
Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
Further improvement of an efficient password based remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
A dynamic ID-based remote user authentication scheme

IEEE Transactions on Consumer Electronics

Cryptanalysis and improvement of sood et al.'s dynamic ID-Based authentication scheme

ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
A new dynamic ID-Based remote user authentication scheme with forward secrecy

APWeb'12 Proceedings of the 14th international conference on Web Technologies and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anonymity is one of the important properties of remote authentication schemes to preserve user privacy. Besides, it can avoid unauthorized entities from using the user ID and other intercepted information to forge legal login messages. In 2004, Das et al. first proposed a remote user authentication scheme with smart cards using dynamic ID to protect user anonymity. Later, in 2005, Chien and Chen demonstrated that Das et al.'s scheme fails to preserve user anonymity and then presented a new scheme to remedy this problem. In 2007, Hu et al. pointed out that Chien-Chen's scheme cannot preserve user anonymity if the smart card is nontamper resistant; i.e., the secret information stored in the smart card can be revealed. They then proposed an improved scheme to cope with this problem. In this paper, however, we will show that Hu et al.'s scheme still cannot preserve user anonymity under their assumption. In addition, their scheme is also vulnerable to the offline password guessing attack. We then present an improvement to overcome these weaknesses, while preserving all the merits of their scheme.