Abstract
Forward secrecy is one of the important properties of remote user authentication schemes to limit the effects of eventual failure of the entire system when the long-term private keys of one or more parties are compromised. Recently, Tsai et al. showed that Wang et al.’s dynamic ID-based remote user authentication scheme fails to achieve user anonymity and is vulnerable to user impersonation attack, and proposed an enhanced version to overcome all the identified flaws. In this paper, however, we will point out that, Tsai et al.’s scheme still suffers from the denial of service attack and cannot provide forward secrecy. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Tsai et al.’s scheme and is more suitable for mobile application scenarios where resource constrained and security concerned.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
Chang, C.C., Wu, T.C.: Remote password authentication with smart cards. IEE Proceedings-E 138(3), 165–168 (1993)
Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 50(1), 204–207 (2004)
Liao, I.E., Lee, C.C., Hwang, M.S.: A password authentication scheme over insecure networks. Journal of Computer and System Sciences 72(4), 727–740 (2006)
Chung, H.R., Ku, W.C., Tsaur, M.J.: Weaknesses and improvement of Wang et al.’s remote user password authentication scheme for resource-limited environments. Computer Standards & Interfaces 31(4), 863–868 (2009)
Horng, W.B., Lee, C.P., Peng, J.: A secure remote authentication scheme preserving user anonymity with non-tamper resistant smart cards. WSEAS Transactions on Information Science and Applications 7(5), 619–628 (2010)
Kim, J.Y., Choi, H.K., Copeland, J.A.: Further Improved Remote User Authentication Scheme. IEICE Transactions on Fundamentals 94(6), 1426–1433 (2011)
Wilson, S.B., Johnson, D., Menezes, A.: Key Agreement Protocols and Their Security Analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)
Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 50(2), 629–631 (2004)
Chien, H.Y., Chen, C.H.: A remote authentication scheme preserving user anonymity. In: IEEE AINA 2005, pp. 245–248. IEEE Computer Society, Los Alamitos (2005)
Wang, Y.Y., Kiu, J.Y., Xiao, F.X.: A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 32(4), 583–585 (2009)
Tsai, J.L., Wu, T.C., Tsai, K.Y.: New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems 23(12), 1449–1462 (2010)
Gong, L.: A security risk of depending on synchronized clocks. ACM Operating System Review 26(1), 49–53 (1992)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-Card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51, 541–552 (2002)
Tsai, C.S., Lee, C.C., Hwang, M.S.: Password Authentication Schemes: Current Status and Key Issues. International Journal of Network Security 3(2), 101–115 (2006)
Schneier, B.: Applied cryptography,protocols, algorithms, and source code in C, 2nd edn. John Wiley and Sons Inc., New York (1996)
Wong, D.S., Fuentes, H.H., Chan, A.H.: The Performance Measurement of Cryptographic Primitives on Palm Devices. In: Proceedings of ACSAC 2001, pp. 92–101. IEEE Computer Society, Washington, DC (2001)
Mao, M.B.: Modern Cryptography: Theory and Practice. Prentice Hall PTR, New Jersey (2004)
Potlapally, N.R., Ravi, S., Raghunathan, A., et al.: A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing 5(2), 128–143 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ma, CG., Wang, D., Zhao, P., Wang, YH. (2012). A New Dynamic ID-Based Remote User Authentication Scheme with Forward Secrecy. In: Wang, H., et al. Web Technologies and Applications. APWeb 2012. Lecture Notes in Computer Science, vol 7234. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29426-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-29426-6_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29425-9
Online ISBN: 978-3-642-29426-6
eBook Packages: Computer ScienceComputer Science (R0)