Security analysis of a nonce-based user authentication scheme using smart cards

Junghyun Nam; Seungjoo Kim; Sangjoon Park; Dongho Won

doi:10.1093/ietfec/e90-a.1.299

Security analysis of a nonce-based user authentication scheme using smart cards

Junghyun Nam, Seungjoo Kim, Sangjoon Park, Dongho Won

Research output: Contribution to journal › Article › peer-review

29 Citations (Scopus)

Abstract

A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.

Original language	English
Pages (from-to)	299-302
Number of pages	4
Journal	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Volume	E90-A
Issue number	1
DOIs	https://doi.org/10.1093/ietfec/e90-a.1.299
Publication status	Published - 2007 Jan
Externally published	Yes

Keywords

Authentication scheme
Denial of service attack
Distributed system
Parallel session attack
Password
Smart card

ASJC Scopus subject areas

Signal Processing
Computer Graphics and Computer-Aided Design
Electrical and Electronic Engineering
Applied Mathematics

Access to Document

10.1093/ietfec/e90-a.1.299

Cite this

@article{ad4e83b0c7c4404a8b512ab39bdba277,

title = "Security analysis of a nonce-based user authentication scheme using smart cards",

abstract = "A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.",

keywords = "Authentication scheme, Denial of service attack, Distributed system, Parallel session attack, Password, Smart card",

author = "Junghyun Nam and Seungjoo Kim and Sangjoon Park and Dongho Won",

year = "2007",

month = jan,

doi = "10.1093/ietfec/e90-a.1.299",

language = "English",

volume = "E90-A",

pages = "299--302",

journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",

issn = "0916-8508",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "1",

}

TY - JOUR

T1 - Security analysis of a nonce-based user authentication scheme using smart cards

AU - Nam, Junghyun

AU - Kim, Seungjoo

AU - Park, Sangjoon

AU - Won, Dongho

PY - 2007/1

Y1 - 2007/1

N2 - A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.

AB - A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.

KW - Authentication scheme

KW - Denial of service attack

KW - Distributed system

KW - Parallel session attack

KW - Password

KW - Smart card

UR - http://www.scopus.com/inward/record.url?scp=33846446132&partnerID=8YFLogxK

U2 - 10.1093/ietfec/e90-a.1.299

DO - 10.1093/ietfec/e90-a.1.299

M3 - Article

AN - SCOPUS:33846446132

SN - 0916-8508

VL - E90-A

SP - 299

EP - 302

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

IS - 1

ER -

Security analysis of a nonce-based user authentication scheme using smart cards

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this