Sung-Woon Lee

Improvement of Chien et al.'s remote user authentication scheme using smart cards

Abstract In 2000, Sun proposed an efficient remote user authentication scheme using smart cards. Later, Chien et al. pointed out that Suns scheme does not provide the mutual authentication between the user and the server and allow users to freely choose password themselves. Chien et al. further proposed a new efficient and practical solution to solve the problems. However, Hsu showed that Chien et al.s scheme is vulnerable to the parallel session attack. This paper proposes an improved scheme to overcome the weakness while maintaining the advantages of Chien et al.s scheme.

ID-based password authentication scheme using smart cards and fingerprints

This paper proposes two ID-based password authentication schemes, which does not require a dictionary of passwords or verification tables, with smart card and fingerprint. In these schemes, users can change their passwords freely. For a network without synchronization clocks, the proposed nonce-based authentication scheme can withstand message replay attacks. The proposed two schemes require a system to authenticate each user by each users knowledge, possession, and biometrics, and this feature makes our schemes more reliable.

Efficient verifier-based key agreement protocol for three parties without server's public key

So far, there have been several key agreement protocols for three-parties, in which two clients establish a common session key through a authentication server. Most of those protocols require to use servers public key to prevent password guessing attacks. However, because clients need to verify and safely keep the servers public key, the protocols may not be practical for some environments. This paper proposes a new efficient verifier-based key agreement protocol for three parties which does not require servers public key. The proposed protocol is resistant against various attacks and provides the perfect forward secrecy.

Enhanced novel access control protocol over wireless sensor networks

Nodes in a sensor network may be lost because of the power exhaustion problem or malicious attacks. Thereby new node deployment is necessary in the sensor network. Huang recently proposed a novel access control protocol (NACP) based on the elliptic curve cryptography and the hash chain. She claimed that NACP can easily add new nodes and can resist against various known attacks. However, this paper addresses that her NACP is insecure to the replay attack and against an active attack, and has the lack of hash chain renewability, which is one of the necessary aspects in the sensor network with memory restricted nodes. To cope with them, we propose an enhanced novel access control protocol which is quite adequate for power and resource constrained sensor networks.

Efficient nonce-based remote user authentication scheme using smart cards

This paper proposes an efficient remote user authentication scheme using smart cards, which does not require password verification tables. To withstand message replay attacks, the proposed scheme uses random nonces in place of timestamps. So, it does not require synchronized clocks. In our scheme, users are able to freely choose and change their passwords. Moreover, the proposed protocol is very efficient in computation cost because the security only relies on one-way hash functions and provides mutual authentication between two entities.

Improved efficient remote user authentication scheme using smart cards

In 2000, since Hwang and Li proposed a remote user authentication scheme without password table using smart cards based on ID-based cryptosystems, the related works have been done. In 2002, Chien et al. proposed an efficient and practical remote user authentication scheme providing the many merits. However, Hsu showed that Chien et al.s scheme is vulnerable to the parallel session attack. This paper proposes an improved scheme to overcome the weakness while maintaining the advantages of Chien et al.s scheme.

Improvement of Lee and Lee's authenticated key agreement scheme

Recently, Lee and Lee showed that Hsu et al.s authenticated key agreement scheme is vulnerable to the modification attack and then proposed an improved scheme. In this paper, we argue that the Lee and Lees scheme cannot withstand the password guessing attack. Hence, we propose an improved scheme to solve this problem.

Comment on "A remote user authentication scheme using smart cards with forward secrecy

In 2000, Hwang and Li proposed a new remote user authentication scheme using smart cards. However. Chan and Cheng showed that the scheme is vulnerable to the impersonation attack. Later, Shen et al. showed a different type of impersonation attack on the scheme and presented a modified scheme to withstand these attacks. Recently, Awasthi and LaI presented a remote user authentication scheme using smart cards with forward secrecy. In this paper, we show that the Awasthi and LaIs scheme is incorrect.

LFSR multipliers over GF(2m) defined by all-one polynomial

This paper presents two bit-serial modular multipliers based on the linear feedback shift register using an irreducible all one polynomial (AOP) over GF(2^m). First, a new multiplication algorithm and its architecture are proposed for the modular AB multiplication. Then a new algorithm and architecture for the modular AB^2 multiplication are derived based on the first multiplier. They have significantly smaller hardware complexity than the previous multipliers because of using the property of AOP. It simplifies the modular reduction compared with the case of using the generalized irreducible polynomial. Since the proposed multipliers have low hardware requirements and regular structures, they are suitable for VLSI implementation. The proposed multipliers can be used as the kernel architecture for the operations of exponentiation, inversion, and division.

Efficient Password-Based Authenticated Key Agreement Protocol

In this paper, we present a new password-based authenticated key agreement protocol called PAKA, which provides mutual authentication and key agreement over an insecure channel between two parties knowing only a small password having low entropy. We then extend PAKA to a protocol called PAKA-X, in which the client uses a plaintext version of the password, while the server stores a verifier for the password, and which does not allow an adversary who compromises the server to impersonate a client without actually running a dictionary attack on the password file. The proposed protocols are secure against passive and active attacks and provide perfect forward secrecy.