Authors: Eun-Jun Yoon, Kee-Young Yoo

Abstract:

Recently, Jia et al. proposed a remote user authentication scheme using bilinear pairings and an Elliptic Curve Cryptosystem (ECC). However, the scheme is vulnerable to privileged insider attack at their proposed registration phase and to forgery attack at their proposed authentication phase. In addition, the scheme can be vulnerable to server spoofing attack because it does not provide mutual authentication between the user and the remote server. Therefore, this paper points out that the Jia et al. scheme is vulnerable to the above three attacks.

Keywords: Cryptography, authentication, smart card, password, cryptanalysis, bilinear pairings.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1335052

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1802

References:

[1] P. Peyret, G. Lisimaque and T. Y. Chua, Smart cards provide very high security and flexibility in subscribers management, IEEE Transactions on Consumer Electronics, Vol.36, No.3, 1990, pp. 744-752.
[2] D. Sternglass, The future is in the pc cards, IEEE Spectrum, Vol.29, No.6, 1992, pp. 46-50.
[3] N. Koblitz, Elliptic curve cryptosystems, Math. Comp., Vol.48, 1987, pp. 203-209.
[4] C. C. Chang and T. C. Wu, Remote password authentication with smart cards, IEEE Proceedings-E, Vol.138, No.3,1993, pp. 165-168.
[5] K. Tan and H. Zhu, Remote password authentication scheme based on cross-product, Computer Communications, Vol.22, No. 4, 1999, pp. 390- 393.
[6] M. S. Hwang, Cryptanalysis of a remote login authentication scheme Computer Communications, Computer Communications, Vol.22, No.8, 1999, pp. 742-744.
[7] A. Bottoni and G. Dini, Improving authentication of remote card transactions with mobile personal trusted devices, Computer Communications, Vol.30, No.8, 2007, pp. 1697-1712.
[8] J. Y. Liu, A. M. Zhou and M. X. Gao, A new mutual authentication scheme based on nonce and smart cards, Computer Communications, Vol.31, No.10, 2008, pp. 2205-2209.
[9] Y. Wang, J. Liu, F. Xiaoa and J. Dana, A more efficient and secure dynamic ID-based remote user authentication scheme, Computer Communications, Vol.32, No.4, 2009, pp. 583-585.
[10] H. C. Hsiang and W. K. Shih, Weaknesses and improvements of the yoon-ryu-yoo remote user authentication scheme using smart cards, Computer Communications, Vol.32, No.4, 2009, pp. 649-652.
[11] A. Joux, A one round protocol for tripartite diffie-hellman, Proceedings of Algorithmic Number Theory Symposium, LNCS 1838, Springer- Verlag, 2000, pp. 385-394.
[12] M. L. Das, A Saxena, V. P. Gulati and D. B. Phatak, A novel remote user authentication scheme using bilinear pairings, Computers & Security, Vol.25, No.3, 2006, pp. 184-189.
[13] J. S. Chou, Y. Chen and J. Y. Lin, Improvement of Manik et al.-s remote user authentication scheme, http://eprint.iacr.org/2005/450.pdf.
[14] G. Thulasi, M. L. Das and A. Saxena, Cryptanalysis of recently proposed remote user authentication schemes, http://eprint.iacr.org/2006/028.pdf.
[15] Z. Jia, Y. Zhang, H. Shao, Y. Lin and J. Wang, A remote user authentication scheme using bilinear pairings and ECC, Proceedings of the Sixth International Conference on Intelligent Systems Design and Applications (ISDA-06), Vol.2, October 2006, pp. 1091-1094.
[16] W. C. Ku and S. M. Chen, ÔÇÿWeaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, IEEE Trans. on Consumer Electronics, Vol.50, No.1, 2004, pp. 204-207.
[17] W. C. Ku, H. M. Chuang and M. J. Tsaur, Vulnerabilities of Wu- Chieu-s improved password authentication scheme using smart cards, IEICE Trans. Fundamentals, Vol.E88-A, No.11, 2005, pp. 3241-3243.
[18] R. J. Anderson, Why cryptosystems fail, Proceedings of First ACM Conference on Computer and Communications Security, USA, Nov. 1993, pp. 215-227.
[19] N. Asokan, H. Debar, M. Steiner and M. Waidner, Authenticating public terminals, Computer Networks, Vol.31, No.8, April 1999, pp. 861-870.
[20] E. J. Yoon, E. K. Ryu and K. Y. Yoo, An improvement of Hwang-Lee- Tang-s simple remote user authentication scheme, Computers & Security, Vol.24, 2005, pp. 50-56.
[21] M. K. Khan and J. Zhang, Improving the security of ÔÇÿa flexible biometrics remote user authentication scheme-, Computer Standards & Interfaces, Vol.29, 2007, pp. 82-85.
[22] A. J. Menezes, P. C. Oorschot and S.A. Vanstone, Handbook of applied cryptograph, CRC Press, New York, 1997.
[23] B. Schneier, Applied cryptography protocols, algorithms and source code in C: second edition, John Wiley & Sons Inc, 1995.