Security analysis of a nonce-based user authentication scheme using smart cards

Junghyun Nam, Seung-Joo Kim, Sangjoon Park, Dongho Won

Research output: Contribution to journalArticle

27 Citations (Scopus)

Abstract

A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.

Original languageEnglish
Pages (from-to)299-302
Number of pages4
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE90-A
Issue number1
DOIs
Publication statusPublished - 2007 Jan 1
Externally publishedYes

Fingerprint

User Authentication
Smart cards
Smart Card
Security Analysis
Authentication
Servers
Server
Computer systems
Password
Network protocols
Distributed Systems

Keywords

  • Authentication scheme
  • Denial of service attack
  • Distributed system
  • Parallel session attack
  • Password
  • Smart card

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Hardware and Architecture
  • Information Systems

Cite this

Security analysis of a nonce-based user authentication scheme using smart cards. / Nam, Junghyun; Kim, Seung-Joo; Park, Sangjoon; Won, Dongho.

In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E90-A, No. 1, 01.01.2007, p. 299-302.

Research output: Contribution to journalArticle

@article{ad4e83b0c7c4404a8b512ab39bdba277,
title = "Security analysis of a nonce-based user authentication scheme using smart cards",
abstract = "A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.",
keywords = "Authentication scheme, Denial of service attack, Distributed system, Parallel session attack, Password, Smart card",
author = "Junghyun Nam and Seung-Joo Kim and Sangjoon Park and Dongho Won",
year = "2007",
month = "1",
day = "1",
doi = "10.1093/ietfec/e90-a.1.299",
language = "English",
volume = "E90-A",
pages = "299--302",
journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",
issn = "0916-8508",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "1",

}

TY - JOUR

T1 - Security analysis of a nonce-based user authentication scheme using smart cards

AU - Nam, Junghyun

AU - Kim, Seung-Joo

AU - Park, Sangjoon

AU - Won, Dongho

PY - 2007/1/1

Y1 - 2007/1/1

N2 - A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.

AB - A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.

KW - Authentication scheme

KW - Denial of service attack

KW - Distributed system

KW - Parallel session attack

KW - Password

KW - Smart card

UR - http://www.scopus.com/inward/record.url?scp=33846446132&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33846446132&partnerID=8YFLogxK

U2 - 10.1093/ietfec/e90-a.1.299

DO - 10.1093/ietfec/e90-a.1.299

M3 - Article

VL - E90-A

SP - 299

EP - 302

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 1

ER -