Abstract
Remote user authentication is important to identify whether communicating parties are genuine and trustworthy using the password and the smart card between a login user and a remote server. Recently, we find that Kim et al.’s password-based authentication scheme [1] assume that the attacker cannot extract the secret information of the smart card. However, in reality, the authors in [2,8] show that the secrets stored in the card can be extracted by monitoring its power consumption. Therefore, Kim et al.’s scheme fail to resist smart card security breach. As the main contribution of this paper, a robust remote user authentication scheme against smart card security breach is presented, while keeping the merits of the well-known smart card based authentication schemes.
Chapter PDF
Similar content being viewed by others
References
Kim, S.K., Chung, M.G.: More secure remote user authentication scheme. Computer Communications 32(6), 1018–1021 (2009)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of Advances in Cryptology, pp. 388–397 (1999)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)
Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 33(1), 1–5 (2010)
Li, C.T., Hwang, M.S.: An online biometrics-based secret sharing scheme for multiparty cryptosystem using smart cards. International Journal of Innovative Computing, Information and Control 6(5), 2181–2188 (2010)
Li, C.T., Lee, C.C.: A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling, article (in press, 2011)
Liao, I.E., Lee, C.C., Hwang, M.S.: A password authentication scheme over insecure networks. Journal of Computer and System Sciences 72(4), 727–740 (2006)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Li, CT., Lee, CC., Liu, CJ., Lee, CW. (2011). A Robust Remote User Authentication Scheme against Smart Card Security Breach. In: Li, Y. (eds) Data and Applications Security and Privacy XXV. DBSec 2011. Lecture Notes in Computer Science, vol 6818. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22348-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-22348-8_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22347-1
Online ISBN: 978-3-642-22348-8
eBook Packages: Computer ScienceComputer Science (R0)