Abstract
Remote password authentication has been widely used in network systems and it aims to provide secure remote access control. In 2013, Li proposed a novel password authentication scheme based on elliptic curve cryptography and smart card [17]. However, we found that Li’s authentication scheme has a serious security problem in that all registered users’ sensitive passwords can be easily derived by the privileged-insider of remote server. Therefore, in this paper, we propose a slight modification on Li’s scheme to prevent the shortcomings. Our improved scheme not only inherits the advantages of Li’s password authentication scheme but also remedies the serious security weakness of not being able to withstand insider attack.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
Chang, C.C., Lee, C.Y.: A smart card-based authentication scheme uing user identify cryptography. International Journal of Network Security 15(2), 139–147 (2013)
Das, A.K.: Improving identity-based random key establishment scheme for large-scale hierarchical wireless sensor networks. International Journal of Network Security 14(1), 1–21 (2012)
He, D., Zhao, W., Wu, S.: Security analysis of a dynamic ID-based authentication scheme for multi-server environment using smart cards. International Journal of Network Security 15(5), 350–356 (2013)
Islam, S.H., Biswas, G.P.: Design of improved password authentication and update scheme based on elliptic curve cryptography. Mathematical and Computer Modelling 57(11-12), 2703–2717 (2013)
Kar, J.: ID-based deniable authentication protocol based on Diffie-Hellman problem on elliptic curve. International Journal of Network Security 15(5), 357–364 (2013)
Kim, S.K., Chung, M.G.: More secure remote user authentication scheme. Computer Communications 32(6), 1018–1021 (2009)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Lee, C.C., Chen, C.L., Wu, C.Y., Huang, S.Y.: An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dynamics 69(1-2), 79–87 (2012)
Lee, C.C., Hsu, C.W.: A secure biometric-based remote user authentication with key agreement protocol using extended chaotic maps. Nonlinear Dynamics 71(1-2), 201–211 (2013)
Lee, C.C., Li, C.T., Hsu, C.W.: A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dynamics 73(1-2), 125–132 (2013)
Lee, C.C., Chen, C.T., Li, C.T., Wu, P.H.: A practical RFID authentication mechanism for digital television. Telecommunication Systems (article in press, 2013)
Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 33(1), 1–5 (2010)
Li, C.T., Hwang, M.S.: An online biometrics-based secret sharing scheme for multiparty cryptosystem using smart cards. International Journal of Innovative Computing, Information and Control 6(5), 2181–2188 (2010)
Li, C.T.: Secure smart card based password authentication scheme with user anonymity. Information Technology and Control 40(2), 157–162 (2011)
Li, C.T., Lee, C.C.: A robust remote user authentication scheme using smart card. Information Technology and Control 40(3), 236–245 (2011)
Li, C.T., Lee, C.C.: A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling 55(1-2), 35–44 (2012)
Li, C.T.: A new password authentication and user anonymity scheme Based on elliptic curve cryptography and smart card. IET Information Security 7(1), 3–10 (2013)
Li, C.T., Lee, C.C., Weng, C.Y., Fan, C.I.: An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Transactions on Internet and Information Systems 7(1), 119–131 (2013)
Li, C.T., Weng, C.Y., Lee, C.C.: An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks. Sensors 13(8), 9589–9603 (2013)
Li, C.T., Lee, C.C., Weng, C.Y.: An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dynamics (article in press, 2013)
Liao, I.E., Lee, C.C., Hwang, M.S.: A password authentication scheme over insecure networks. Journal of Computer and System Sciences 72(4), 727–740 (2006)
Naveed, M., Habib, W., Masud, U., Ullah, U., Ahmad, G.: Reliable and low cost RFID based authentication system for large scale deployment. International Journal of Network Security 14(3), 173–179 (2012)
Kumar, M.: A new secure remote user authentication scheme with smart cards. International Journal of Network Security 11(2), 88–93 (2010)
Ramasamy, R., Muniyandi, A.P.: An efficient password authentication scheme for smart card. International Journal of Network Security 14(3), 180–186 (2012)
National Institute of Standards and Technology, US department of commerce, secure hash standard. US Federal Information Processing Standard Publication, 180–182 (2002)
Yang, L., Ma, J.F., Jiang, Q.: Mutual authentication scheme with smart cards and password under trusted computing. International Journal of Network Security 14(3), 156–163 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Lee, CC., Li, CT., Weng, CY., Jheng, JJ., Zhang, XQ., Zhu, YR. (2013). Cryptanalysis and Improvement of an ECC-Based Password Authentication Scheme Using Smart Cards. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds) Cyberspace Safety and Security. CSS 2013. Lecture Notes in Computer Science, vol 8300. Springer, Cham. https://doi.org/10.1007/978-3-319-03584-0_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-03584-0_25
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03583-3
Online ISBN: 978-3-319-03584-0
eBook Packages: Computer ScienceComputer Science (R0)