Security analysis of smart card based password authentication schemes

Hyun Seok Kim; Suk Seo; Jin Young Choi

doi:10.1109/ICICIS.2010.5534807

Security analysis of smart card based password authentication schemes

Hyun Seok Kim, Suk Seo, Jin Young Choi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

In the last few years, researchers have extensively studied the key exchange protocol. In 2007, Kwon et al. proposed a simple three-step key exchange protocol using smart card. In 2008, Chen and Lee proposed a secure and efficient user authentication scheme using smart card that is modified to enhance the security of the series of the Peyravian-Zunic scheme. The current paper demonstrates the vulnerability of Kwon et al.'s protocol regarding off-line password guessing attack and forgery attack. Also, we show that Chen and Lee's scheme is still vulnerable to the off-line password guessing attack and has the non-reparability. In this paper, in addition, after analyzing the two protocols, we propose each of countermeasure against our attacks.

Original language	English
Title of host publication	Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010
Pages	352-356
Number of pages	5
DOIs	https://doi.org/10.1109/ICICIS.2010.5534807
Publication status	Published - 2010
Event	3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010 - Chengdu, China Duration: 2010 Jun 23 → 2010 Jun 25

Publication series

Name	Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010

Other

Other	3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010
Country/Territory	China
City	Chengdu
Period	10/6/23 → 10/6/25

Keywords

Forgery attack
Key exchange protocol
Non-reparability
Off-line password guessing attack
Password-based authentication

ASJC Scopus subject areas

Human-Computer Interaction
Information Systems

Access to Document

10.1109/ICICIS.2010.5534807

Cite this

Kim, H. S., Seo, S., & Choi, J. Y. (2010). Security analysis of smart card based password authentication schemes. In Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010 (pp. 352-356). Article 5534807 (Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010). https://doi.org/10.1109/ICICIS.2010.5534807

Security analysis of smart card based password authentication schemes. / Kim, Hyun Seok; Seo, Suk; Choi, Jin Young.
Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010. 2010. p. 352-356 5534807 (Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kim, HS, Seo, S & Choi, JY 2010, Security analysis of smart card based password authentication schemes. in Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010., 5534807, Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010, pp. 352-356, 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010, Chengdu, China, 10/6/23. https://doi.org/10.1109/ICICIS.2010.5534807

@inproceedings{9423fc5c971043f7a5f63b517da1b8c2,

title = "Security analysis of smart card based password authentication schemes",

abstract = "In the last few years, researchers have extensively studied the key exchange protocol. In 2007, Kwon et al. proposed a simple three-step key exchange protocol using smart card. In 2008, Chen and Lee proposed a secure and efficient user authentication scheme using smart card that is modified to enhance the security of the series of the Peyravian-Zunic scheme. The current paper demonstrates the vulnerability of Kwon et al.'s protocol regarding off-line password guessing attack and forgery attack. Also, we show that Chen and Lee's scheme is still vulnerable to the off-line password guessing attack and has the non-reparability. In this paper, in addition, after analyzing the two protocols, we propose each of countermeasure against our attacks.",

keywords = "Forgery attack, Key exchange protocol, Non-reparability, Off-line password guessing attack, Password-based authentication",

author = "Kim, {Hyun Seok} and Suk Seo and Choi, {Jin Young}",

year = "2010",

doi = "10.1109/ICICIS.2010.5534807",

language = "English",

isbn = "9781424473854",

series = "Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010",

pages = "352--356",

booktitle = "Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010",

note = "3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010 ; Conference date: 23-06-2010 Through 25-06-2010",

}

TY - GEN

T1 - Security analysis of smart card based password authentication schemes

AU - Kim, Hyun Seok

AU - Seo, Suk

AU - Choi, Jin Young

PY - 2010

Y1 - 2010

N2 - In the last few years, researchers have extensively studied the key exchange protocol. In 2007, Kwon et al. proposed a simple three-step key exchange protocol using smart card. In 2008, Chen and Lee proposed a secure and efficient user authentication scheme using smart card that is modified to enhance the security of the series of the Peyravian-Zunic scheme. The current paper demonstrates the vulnerability of Kwon et al.'s protocol regarding off-line password guessing attack and forgery attack. Also, we show that Chen and Lee's scheme is still vulnerable to the off-line password guessing attack and has the non-reparability. In this paper, in addition, after analyzing the two protocols, we propose each of countermeasure against our attacks.

AB - In the last few years, researchers have extensively studied the key exchange protocol. In 2007, Kwon et al. proposed a simple three-step key exchange protocol using smart card. In 2008, Chen and Lee proposed a secure and efficient user authentication scheme using smart card that is modified to enhance the security of the series of the Peyravian-Zunic scheme. The current paper demonstrates the vulnerability of Kwon et al.'s protocol regarding off-line password guessing attack and forgery attack. Also, we show that Chen and Lee's scheme is still vulnerable to the off-line password guessing attack and has the non-reparability. In this paper, in addition, after analyzing the two protocols, we propose each of countermeasure against our attacks.

KW - Forgery attack

KW - Key exchange protocol

KW - Non-reparability

KW - Off-line password guessing attack

KW - Password-based authentication

UR - http://www.scopus.com/inward/record.url?scp=77957578693&partnerID=8YFLogxK

U2 - 10.1109/ICICIS.2010.5534807

DO - 10.1109/ICICIS.2010.5534807

M3 - Conference contribution

AN - SCOPUS:77957578693

SN - 9781424473854

T3 - Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010

SP - 352

EP - 356

BT - Proceedings - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010

T2 - 3rd International Conference on Information Sciences and Interaction Sciences, ICIS 2010

Y2 - 23 June 2010 through 25 June 2010

ER -

Security analysis of smart card based password authentication schemes

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this