Security analysis of smart card based password authentication schemes

Hyun Seok Kim, Suk Seo, Jin Young Choi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

In the last few years, researchers have extensively studied the key exchange protocol. In 2007, Kwon et al. proposed a simple three-step key exchange protocol using smart card. In 2008, Chen and Lee proposed a secure and efficient user authentication scheme using smart card that is modified to enhance the security of the series of the Peyravian-Zunic scheme. The current paper demonstrates the vulnerability of Kwon et al.'s protocol regarding off-line password guessing attack and forgery attack. Also, we show that Chen and Lee's scheme is still vulnerable to the off-line password guessing attack and has the non-reparability. In this paper, in addition, after analyzing the two protocols, we propose each of countermeasure against our attacks.

Original languageEnglish
Title of host publicationProceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010
Pages352-356
Number of pages5
DOIs
Publication statusPublished - 2010 Oct 11
Event3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010 - Chengdu, China
Duration: 2010 Jun 232010 Jun 25

Other

Other3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010
CountryChina
CityChengdu
Period10/6/2310/6/25

Fingerprint

Smart cards
Authentication

Keywords

  • Forgery attack
  • Key exchange protocol
  • Non-reparability
  • Off-line password guessing attack
  • Password-based authentication

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Information Systems

Cite this

Kim, H. S., Seo, S., & Choi, J. Y. (2010). Security analysis of smart card based password authentication schemes. In Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010 (pp. 352-356). [5534807] https://doi.org/10.1109/ICICIS.2010.5534807

Security analysis of smart card based password authentication schemes. / Kim, Hyun Seok; Seo, Suk; Choi, Jin Young.

Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010. 2010. p. 352-356 5534807.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, HS, Seo, S & Choi, JY 2010, Security analysis of smart card based password authentication schemes. in Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010., 5534807, pp. 352-356, 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010, Chengdu, China, 10/6/23. https://doi.org/10.1109/ICICIS.2010.5534807
Kim HS, Seo S, Choi JY. Security analysis of smart card based password authentication schemes. In Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010. 2010. p. 352-356. 5534807 https://doi.org/10.1109/ICICIS.2010.5534807
Kim, Hyun Seok ; Seo, Suk ; Choi, Jin Young. / Security analysis of smart card based password authentication schemes. Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010. 2010. pp. 352-356
@inproceedings{9423fc5c971043f7a5f63b517da1b8c2,
title = "Security analysis of smart card based password authentication schemes",
abstract = "In the last few years, researchers have extensively studied the key exchange protocol. In 2007, Kwon et al. proposed a simple three-step key exchange protocol using smart card. In 2008, Chen and Lee proposed a secure and efficient user authentication scheme using smart card that is modified to enhance the security of the series of the Peyravian-Zunic scheme. The current paper demonstrates the vulnerability of Kwon et al.'s protocol regarding off-line password guessing attack and forgery attack. Also, we show that Chen and Lee's scheme is still vulnerable to the off-line password guessing attack and has the non-reparability. In this paper, in addition, after analyzing the two protocols, we propose each of countermeasure against our attacks.",
keywords = "Forgery attack, Key exchange protocol, Non-reparability, Off-line password guessing attack, Password-based authentication",
author = "Kim, {Hyun Seok} and Suk Seo and Choi, {Jin Young}",
year = "2010",
month = "10",
day = "11",
doi = "10.1109/ICICIS.2010.5534807",
language = "English",
isbn = "9781424473854",
pages = "352--356",
booktitle = "Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010",

}

TY - GEN

T1 - Security analysis of smart card based password authentication schemes

AU - Kim, Hyun Seok

AU - Seo, Suk

AU - Choi, Jin Young

PY - 2010/10/11

Y1 - 2010/10/11

N2 - In the last few years, researchers have extensively studied the key exchange protocol. In 2007, Kwon et al. proposed a simple three-step key exchange protocol using smart card. In 2008, Chen and Lee proposed a secure and efficient user authentication scheme using smart card that is modified to enhance the security of the series of the Peyravian-Zunic scheme. The current paper demonstrates the vulnerability of Kwon et al.'s protocol regarding off-line password guessing attack and forgery attack. Also, we show that Chen and Lee's scheme is still vulnerable to the off-line password guessing attack and has the non-reparability. In this paper, in addition, after analyzing the two protocols, we propose each of countermeasure against our attacks.

AB - In the last few years, researchers have extensively studied the key exchange protocol. In 2007, Kwon et al. proposed a simple three-step key exchange protocol using smart card. In 2008, Chen and Lee proposed a secure and efficient user authentication scheme using smart card that is modified to enhance the security of the series of the Peyravian-Zunic scheme. The current paper demonstrates the vulnerability of Kwon et al.'s protocol regarding off-line password guessing attack and forgery attack. Also, we show that Chen and Lee's scheme is still vulnerable to the off-line password guessing attack and has the non-reparability. In this paper, in addition, after analyzing the two protocols, we propose each of countermeasure against our attacks.

KW - Forgery attack

KW - Key exchange protocol

KW - Non-reparability

KW - Off-line password guessing attack

KW - Password-based authentication

UR - http://www.scopus.com/inward/record.url?scp=77957578693&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77957578693&partnerID=8YFLogxK

U2 - 10.1109/ICICIS.2010.5534807

DO - 10.1109/ICICIS.2010.5534807

M3 - Conference contribution

AN - SCOPUS:77957578693

SN - 9781424473854

SP - 352

EP - 356

BT - Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010

ER -