Eun-Jun Yoon

Further improvement of an efficient password based remote user authentication scheme using smart cards

Recently, Ku-Chen proposed an improvement to Chien et al.s scheme to prevent from some weaknesses. However, the improved scheme is not only still susceptible to parallel session attack, but also insecure for changing the users password in password change phase. Accordingly, the current paper presents an enhancement to resolve such problems. As a result, the proposed scheme enables users to change their passwords freely and securely without the help of a remote server, while also providing secure mutual authentication.

An improvement of Hwang-Lee-Tang's simple remote user authentication scheme

Recently, Hwang-Lee-Tang proposed a simple remote user authentication scheme using smart card, whereby it does not require any password or verification tables in the remote system and any legal users could choose and change their passwords freely. However, their schemes previously generated users secret hash values are insecure if the secret key of the server is leaked or is stolen, also when the smart card is stolen, unauthorized users can easily change new password of the smart card. Furthermore, their scheme cannot resist the denial of service attack using stolen smart card and does not provide mutual authentication. Accordingly, the current paper demonstrates the vulnerability of Hwang-Lee-Tangs scheme and presents an enhancement to resolve such problems. As a result, the proposed scheme previously generated secret hash values are secure even if the secret key of the system is leaked or is stolen and enables users to update their passwords freely and securely, while also providing mutual authentication and fast detect it when user inputs wrong password. In addition, the computational costs of this scheme are less than those of any previously proposed schemes.

Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem

Conventional single-server authentication schemes suffer a significant shortcoming. If a remote user wishes to use numerous network services, he/she must register his/her identity and password at these servers. It is extremely tedious for users to register numerous servers. In order to resolve this problem, various multi-server authentication schemes recently have been proposed. However, these schemes are insecure against some cryptographic attacks or inefficiently designed because of high computation costs. Moreover, these schemes do not provide strong key agreement function which can provide perfect forward secrecy. Based on these motivations, this paper proposes a new efficient and secure biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem (ECC) without verification table to minimize the complexity of hash operation among all users and fit multi-server communication environments. By adopting the biometrics technique, the proposed scheme can provide more strong user authentication function. By adopting the ECC technique, the proposed scheme can provide strong key agreement function with the property of perfect forward secrecy to reduce the computation loads for smart cards. As a result, compared with related multi-serve authentication schemes, the proposed scheme has strong security and enhanced computational efficiency. Thus, the proposed scheme is extremely suitable for use in distributed multi-server network environments such as the Internet and in limited computations and communication resource environments to access remote information systems since it provides security, reliability, and efficiency.

A secure and efficient SIP authentication scheme for converged VoIP networks

Session Initiation Protocol (SIP) has been widely used in current Internet protocols such as Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). SIP is a powerful signaling protocol that controls communications on the Internet for establishing, maintaining and terminating sessions. The services that are enabled by SIP are equally applicable to mobile and ubiquitous computing. This paper demonstrates that recently proposed SIP authentication schemes are insecure against attacks such as off-line password guessing attacks, Denning-Sacco attacks and stolen-verifier attacks. In order to overcome such security problems, a new secure and efficient SIP authentication scheme in a converged VoIP network based on elliptic curve cryptography (ECC) is proposed and it works to exploit the key block size, speed, and security jointly.

Robust Mutual Authentication with a Key Agreement Scheme for the Session Initiation Protocol

Abstract The session initiation protocol (SIP) is a powerful signaling protocol that controls communication on the Internet, establishing, maintaining, and terminating the sessions. The services that are enabled by SIP are equally applicable in the world of mobile and ubiquitous computing. In 2009, Tsai proposed an efficient nonce-based authentication scheme for SIP. The current paper, however, demonstrates that Tsai’s authentication scheme is still vulnerable to offline password guessing attacks, Denning-Sacco attacks, and stolen-verifier attacks, and does not provide perfect forward secrecy. We also propose a new secure and efficient authentication scheme based on the elliptic curve discrete logarithm problem for SIP in order to overcome such security problems.

Improving the dynamic ID-Based remote mutual authentication scheme

In 2005, Liao et al pointed out the weaknesses of Das et al.s dynamic ID-based remote user authentication scheme using smart cards, and then proposed a slight modification thereof to overcome these weaknesses The current paper, however, demonstrates that Liao et al.s scheme is still vulnerable to reflection attacks, privileged insiders attacks, and impersonation attacks by using lost or stolen smart card Then, we present an improvement to the scheme in order to isolate such problems.

An Efficient ID-Based Authenticated Key Agreement Protocol from Pairings

In this paper, we describe a new ID-based authenticated key agreement protocol that makes use of bilinear pairings. We then discuss the security properties of our scheme, including known-key security, perfect forward secrecy and no key control. It is also able to withstand both passive and active attacks. An important advantage of our scheme is that it preserves the perfect forward secrecy even though the long-term secret key of a trusted key generation center is compromised. We also show that it is more efficient than Chen and Kudlas protocol with same security properties as ours.

Efficient remote user authentication scheme based on generalized ElGamal signature scheme

Recently, Shen et al. proposed an improvement to Hwang-Lis scheme to prevent from forgery attack. However, Leung et al. pointed out that this improved scheme is still susceptible to forgery attack proposed by Chan and Cheng. Accordingly, the current paper presents an enhancement based on generalized ElGamal signature scheme to resolve such problems. As a result, the proposed scheme enables users to update their passwords freely without the help of a remote system, while also providing mutual authentication. In addition, the computational costs of this scheme are less than those of previously proposed schemes.

Cryptanalysis of a simple three-party password-based key exchange protocol

In order to secure communications between two clients with a trusted servers help in public network environments, a three-party authenticated key exchange (3PAKE) protocol is used to provide the transaction confidentiality and the efficiency. In 2009, Huang proposed a simple three-party password-based authenticated key exchange (HS-3PAKE) protocol without any servers public key. By analysis, Huang claimed that the proposed HS-3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that HS-3PAKE protocol is vulnerable to undetectable online password guessing attacks and off-line password guessing attacks by any other user. Copyright

More Efficient and Secure Remote User Authentication Scheme using Smart Cards

In 2004, Lee et al. proposed an improvement to Chien et als scheme to prevent parallel session attack and in which any legal users could choose and change their passwords freely. This paper, however, demonstrates that Lee et al.s scheme is vulnerable to masquerading server attack. Additionally, we point out to the systems secret key forward secrecy problem and insecure password change. Furthermore, the current paper presents a more efficient and secure scheme in that it not only resolves such problems but also involves less computations and communications than Lee et al.s scheme