Smart Card Based Password Authentication Research Articles

Improvement on a Smart Card Based Password Authentication Scheme

As an important mechanism to guarantee secure communication, the authentication scheme has attracted wide attention. Recently, Xu et al. proposed a new authentication scheme and show their scheme is provably secure in the random oracle model under the computational Diffie-Hellman assumption. Unfortunately, in this paper, we will demonstrate that Xu et al.'s scheme is vulnerable to the impersonation attack and the privileged insider attack. We also propose an improved scheme to eliminate the security vulnerability.

An Improved Authentication Scheme for Telecare Medicine Information Systems

The telecare medicine information system enables or supports health-care delivery services. In order to safeguard patients' privacy, such as telephone number, medical record number, health information, etc., a secure authentication scheme will thus be in demand. Recently, Wu etal. proposed a smart card based password authentication scheme for the telecare medicine information system. Later, He etal. pointed out that Wu etal.'s scheme could not resist impersonation attacks and insider attacks, and then presented a new scheme. In this paper, we show that both of them fail to achieve two-factor authentication as smart card based password authentication schemes should achieve. We also propose an improved authentication scheme for the telecare medicine information system, and demonstrate that the improved one satisfies the security requirements of two-factor authentication and is also efficient.

An Efficient and Secure ID-based Remote User Authentication Scheme using Smart Card

The User Authentication mechanism technology has enjoyed strong growth in recent year, but security threats and facing attacks in authentication have grown equally fast. Today, there are many potential attacks that are targeted at authentication including insider attack, masquerade attack, server spoofing attack, parallel session attack, offline password guessing attack and many more. Recently, In 2010 R. Song proposed advanced smart card based password authentication protocol with such non-tamper resistant smart card based on symmetric key cryptosystem as well as modular exponentiation. R. Song et al Scheme is vulnerable to the offline password attack, insider attack; forward secrecy and denial of service attack are cryptanalyses by W B Horng. In this article, we will propose an efficient ID-based authentication scheme which can avoid all type of security flaws. The functionally, performance and security analysis show that our proposed scheme is feasible in terms of computation cost, storage capacity and the scheme can resist server attack.

Improvement of smart card based password authentication scheme for multiserver environments

In multiserver (MS) environments, it is preferable for a remote user to login to different service provider servers by keying in the same password. Recently, Wang et al. proposed an improvement on the dynamic identity-based smart card authentication scheme of Liao and Wang for MS environments. Sandeep et al. improved the dynamic identity-based smart card authentication scheme of Hsiang et al. for MS architecture. However, we found that the schemes of Wang et al. and Sandeep et al. failed to provide service provider server authentication, perfect forward security, and login scalability. In addition, the scheme of Sandeep et al. was insecure against stolen verifier attacks. This paper proposes an improved smart card-based password authentication scheme for MS environments. The new scheme removes all of the abovementioned weaknesses. The proposed identity-based smart card authentication scheme satisfies the following properties: C1. User authentication; C2. Service provider server authentication; C3. Control server authentication; C4. Perfect forward security; C5. Freedom of password change; C6. Scalability of login; C7. Resistance to stolen verifier attacks; and C8. High efficiency.

Advanced smart card based password authentication protocol

Password-based authentication is widely used for systems that control remote access to computer networks. In order to address some of the security and management problems that occur in traditional password authentication protocols, research in recent decades has focused on smart card based password authentication. In this paper, we show that the improved smart card authentication scheme proposed by Xu-Zhu-Feng is vulnerable to internal and impersonation attacks. We propose an improvement of their solution, present a new efficient strong smart card authentication protocol, and demonstrate that the new protocol satisfies the requirements of strong smart card authentication and is more efficient.

A new secure password authentication scheme using smart cards

Thirteen security requirements for an ideal password authentication scheme using smart cards are listed and a new smart card based password authentication scheme with identity anonymity is proposed. The new scheme can satisfy all the listed ideal security requirements and has the following merits: ① it can resist all the attacks listed in introduction; ② less storage memory requirement due to no verification table stored in server; ③ low computational cost due to hash functions based operations; ④ even if the smart card is lost, the new system is still secure; ⑤ As user identity is anonymous, this scheme is more practical. The new proposed scheme can be applied in source constraint networks.

An improved smart card based password authentication scheme with provable security

Password authentication has been adopted as one of the most commonly used solutions in network environment to protect resources from unauthorized access. Recently, Lee–Kim–Yoo [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards & Interfaces 27 (2) (2005) 181–183] and Lee-Chiu [N.Y. Lee, Y.C. Chiu, Improved remote authentication scheme with smart card, Computer Standards & Interfaces 27 (2) (2005) 177–180] respectively proposed a smart card based password authentication scheme. We show that these two schemes are both subject to forgery attacks provided that the information stored in the smart card is disclosed by the adversary. We also propose an improved scheme with formal security proof.

An enhanced user authentication scheme for multi-server Internet services

Abstract In 2001, Tsaur proposed a smart card based password authentication scheme for multi-server Internet environments. It is the first scheme for password authentication in multi-server environments. Tsaur’s scheme can verify a single password for logging in multiple authorized servers without using any password verification table at all, and emphasizes that any client can get service granted from multiple servers without repeating registration to every single server. One year later in 2002, Kim et al. pointed out that Tsaur’s scheme cannot be secure against the off-line guessing attack. Nevertheless, Kim et al. did not propose any modification method. In this paper, we will show another weakness in Tsaur’s scheme, and further give an improvement such that the above two weaknesses can be withstood accurately.