Top

Wireless Personal Communications

Published in:

03-06-2017

Cryptanalysis and Improvement of an RSA Based Remote User Authentication Scheme Using Smart Card

Authors: Ruhul Amin, Tanmoy Maitra, Debasis Giri, P. D. Srivastava

Published in: Wireless Personal Communications | Issue 3/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

User’s password with smart card based authentication protocol is needed to access resources securely from remote server. In 2014, Huang et al. proposed a timestamp-based authentication protocol and they claimed that their scheme is secure against all possible attacks. In this paper, we have pointed out that Huang et al.’s scheme is insecure against off-line password guessing attack, insider attack and forgery attack. Beside these, inefficient password update phase can lead to denial of service. To remove these security loopholes, we have proposed an efficient RSA-cryptosystem based remote user authentication scheme using smart card. Security (formal and informal) analysis shows that the proposed scheme provides better security tradeoff than Huang et al.’s scheme. Further, we have simulated our proposed scheme for the formal security verification using Automated Validation of Internet Security Protocols and Applications tool to confirm that the proposed scheme is secure against passive and active attacks. Performance analysis shows that the proposed scheme provides lower computational and communication cost than Huang et al.’s scheme as well as other related competitive existing schemes.

previous article Impact of Channel Heterogeneity on Clustering Formation in Cognitive Ad Hoc Radio Networks

next article Carrier Frequency Recovery for Nyquist and Faster-than-Nyquist Signaling System

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Yang, W.-H., & Shieh, S.-P. (1999). Password authentication schemes with smart cards. Computers & Security, 18(8), 727–733.CrossRef

Hwang, M.-S., & Li, L.-H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.CrossRef

Chan, C.-K., & Cheng, L. M. (2000). Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(4), 992–993.CrossRef

Fan, L., Li, J.-H., & Zhu, H.-W. (2002). An enhancement of timestamp-based password authentication scheme. Computers & Security, 21(7), 665–667.CrossRef

Chan, C.-K., & Cheng, L. M. (2001). Cryptanalysis of a timestamp-based password authentication scheme. Computers & Security, 21(1), 74–76.CrossRef

Shen, J.-J., Lin, C.-W., & Hwang, M.-S. (2003). A modified remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 49(2), 414–416.CrossRef

Yang, C.-C., Wang, R.-C., & Chang, T.-Y. (2005). An improvement of the Yang–Shieh password authentication schemes. Applied Mathematics and Computation, 162(3), 1391–1396.MathSciNetCrossRefMATH

Liu, J.-Y., Zhou, A.-M., & Gao, M.-X. (2008). A new mutual authentication scheme based on nonce and smart cards. Computer Communications, 31(10), 2205–2209.CrossRef

Sun, D.-Z., Huai, J.-P., Sun, J.-Z., & Li, J.-X. (2009). Cryptanalysis of a mutual authentication scheme based on nonce and smart cards. Computer Communications, 32(6), 1015–1017.CrossRef

10.

Awasthi, A. K., Srivastava, K., & Mittal, R. C. (2011). An improved timestamp-based remote user authentication scheme. Computers & Electrical Engineering, 37(6), 869–874.CrossRef

11.

Huang, H.-F., Chang, H.-W., & Po-Kai, Y. (2014). Enhancement of timestamp-based user authentication scheme with smart card. International Journal of Network Security, 16(6), 463–467.

12.

Amin, R., & Biswas, G. P. (2015). Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wireless Personal Communications, 84, 439–462.CrossRef

13.

Maitra, T., & Giri, D. (2014). An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. Journal of Medical Systems, 38(12), 142.CrossRef

14.

Islam, S. H. (2014). A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack. Wireless Personal Communications, 79(3), 1975–1991.CrossRef

15.

Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192.CrossRef

16.

Wei, J., Liu, W., & Xuexian, H. (2014). Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 77(3), 2255–2269.CrossRef

17.

Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.CrossRef

18.

Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.MathSciNetCrossRef

19.

Elgamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4), 469–472.MathSciNetCrossRefMATH

20.

Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.MathSciNetCrossRefMATH

21.

Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.MathSciNetCrossRefMATH

22.

Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology CRYPTO 99, volume 1666 of Lecture Notes in Computer Science (pp. 388–397).

23.

Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetCrossRef

24.

Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.CrossRef

25.

Giri, D., Maitra, T., Amin, R., & Srivastava, P. D. (2014). An efficient and robust RSA-based remote user authentication for telecare medical information systems. Journal of Medical Systems, 39(1), 145.CrossRef

26.

Das, A. K., & Bruhadeshwar, B. (2013). An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. Journal of Medical Systems, 37(5), 1–17.CrossRef

27.

Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security, 13(4), 1–16.CrossRef

28.

Forouzan, B. A., & Mukhopadhyay, D. (2010). Cryptography and network security 2/E (2nd ed.). New Delhi: Tata-McGraw Hill.

29.

Amin, R., & Biswas, G. P. (2015). A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. Journal of Medical Systems, 39(3), 33.CrossRef

30.

Potlapally, N. R., Ravi, S., Raghunathan, A., & Jha, N. K. (2006). A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing, 5(2), 128–143.CrossRef

Title: Cryptanalysis and Improvement of an RSA Based Remote User Authentication Scheme Using Smart Card
Authors: Ruhul Amin
Tanmoy Maitra
Debasis Giri
P. D. Srivastava
Publication date: 03-06-2017
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 3/2017
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-017-4408-8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2017

Study of Radiated Emission from Wireless Positioning System and the Strategies to Minimize the Radiations

Correlation Reduction Precoding for Joint Decoding in Overloaded MIMO-OFDM System on Rician Channel

QoS Improved Energy Efficient Cooperative Relaying in Heterogeneous Networks Using Heterogeneous Relays

Parallel Relay Network with Orthogonal Components: Capacity and Power Allocation

A Proposed Scheme for Dynamic Threshold Versus Noise Uncertainty in Cognitive Radio Networks (DTNU)

On Securing Bi- and Tri-partite Session Key Agreement Protocol Using IBE Framework