Eun-Kyung Ryu

Further improvement of an efficient password based remote user authentication scheme using smart cards

Recently, Ku-Chen proposed an improvement to Chien et al.s scheme to prevent from some weaknesses. However, the improved scheme is not only still susceptible to parallel session attack, but also insecure for changing the users password in password change phase. Accordingly, the current paper presents an enhancement to resolve such problems. As a result, the proposed scheme enables users to change their passwords freely and securely without the help of a remote server, while also providing secure mutual authentication.

An improvement of Hwang-Lee-Tang's simple remote user authentication scheme

Recently, Hwang-Lee-Tang proposed a simple remote user authentication scheme using smart card, whereby it does not require any password or verification tables in the remote system and any legal users could choose and change their passwords freely. However, their schemes previously generated users secret hash values are insecure if the secret key of the server is leaked or is stolen, also when the smart card is stolen, unauthorized users can easily change new password of the smart card. Furthermore, their scheme cannot resist the denial of service attack using stolen smart card and does not provide mutual authentication. Accordingly, the current paper demonstrates the vulnerability of Hwang-Lee-Tangs scheme and presents an enhancement to resolve such problems. As a result, the proposed scheme previously generated secret hash values are secure even if the secret key of the system is leaked or is stolen and enables users to update their passwords freely and securely, while also providing mutual authentication and fast detect it when user inputs wrong password. In addition, the computational costs of this scheme are less than those of any previously proposed schemes.

An Efficient ID-Based Authenticated Key Agreement Protocol from Pairings

In this paper, we describe a new ID-based authenticated key agreement protocol that makes use of bilinear pairings. We then discuss the security properties of our scheme, including known-key security, perfect forward secrecy and no key control. It is also able to withstand both passive and active attacks. An important advantage of our scheme is that it preserves the perfect forward secrecy even though the long-term secret key of a trusted key generation center is compromised. We also show that it is more efficient than Chen and Kudlas protocol with same security properties as ours.

Efficient remote user authentication scheme based on generalized ElGamal signature scheme

Recently, Shen et al. proposed an improvement to Hwang-Lis scheme to prevent from forgery attack. However, Leung et al. pointed out that this improved scheme is still susceptible to forgery attack proposed by Chan and Cheng. Accordingly, the current paper presents an enhancement based on generalized ElGamal signature scheme to resolve such problems. As a result, the proposed scheme enables users to update their passwords freely without the help of a remote system, while also providing mutual authentication. In addition, the computational costs of this scheme are less than those of previously proposed schemes.

Improvement of Fan et al.'s deniable authentication protocol based on Diffie-Hellman algorithm

Recently, an efficient and non-interactive deniable authentication protocol based on the Diffie-Hellman key distribution protocol is presented by Fan et al. to enable a receiver to identify the source of a given message, but not prove the identity of the sender to a third party. In this paper, we point out that it suffers from an authentication flaw similar to that developed by Lowe to Intruder masquerades as other principals and inquisitor INQ can identify the source of the message unlike their claims. Accordingly, we propose an improved protocol to overcome the weaknesses.

A hybrid approach for privacy-preserving RFID tags

Recently, there have been a considerable amount of works for privacy-preserving RFID tags. However, most existing schemes have a common, inherent problem in the fact that in order to identify only one single tag they require a linear computational complexity on the system side. This problem makes use of the schemes impractical in large-scale RFID deployments. We propose a new scheme for privacy-preserving RFID tags which combines the classical challenge-response mechanism with the idea of one-time pads in a simple but practical way. Our technique has a number of crucial advantages. It supports mutual authentication between reader and tag. It also supports untraceability with no information leakage. Furthermore, the scheme we present requires only one cryptographic operation to identify one device among N, which is an important benefit in large-scale RFID systems.

A secure user authentication scheme using hash functions

Recently, Lee et al. proposed an improvement on Peyravian and Zunic scheme to make the protocol withstand the guessing attack. However, their scheme suffers from a denial of service attack. In this paper, we show that an attacker can easily prevent the normal use of communication facilities by performing the attack. We also propose an enhancement of the scheme to isolate such a problem.

Robust Remote User Authentication Scheme

Recently, Wu and Chieu proposed an improvement to Sun’s scheme, whereby users could choose and change their passwords freely through a secure channel when using a remote system. However, this improved scheme is still susceptible to impersonation attacks and does not provide mutual authentication. Accordingly, the current paper demonstrates the vulnerability of Wu and Chieu’s scheme to impersonation attacks and presents an enhancement to resolve such problems. As a result, the proposed scheme enables users to update their passwords freely without the help of a remote system, while also providing mutual authentication.

New conference key agreement protocol with user anonymity

Abstract In 2003, Yang et al. presented a conference key distribution system that was intended to provide user anonymity. Subsequently, Lin et al. pointed out a security flaw in Yang et al.s scheme based on solving linear equations and proposed a modified scheme. Accordingly, the current paper reviews the schemes proposed by Yang et al. and Lin et al., highlights the weakness in both schemes, and then proposes a new conference key agreement scheme with user anonymity.

A simple key agreement protocol

We propose a simple key agreement protocol(SKA) that provides key establishment with authentication over an insecure channel using only a human memorable password. The SKA is based on Diffie-Hellman scheme and has many of desirable security attributes: it resists off-line dictionary attacks mounted by either passive or active adversaries over network, allowing low-entropy passwords to be used safely. It also offers perfect forward secrecy, which protects past sessions and passwords against future compromise. Besides, it is secure against an adversary who captured a hosts password file. Since user passwords are stored in a verifier form, the adversary cannot use it directly to compromise security. The proposed scheme here shows that it is more efficient in computational time and communication overhead over the existing schemes.