Abstract
Several password authentication schemes utilizing smart cards have been proposed in the literature. Recently Kumar et al. proposed a new authentication scheme to access remote server over insecure channels. They also claimed that their scheme is able to resist various attacks. However, in this paper we demonstrate that Kumar et al. scheme is still vulnerable to various malicious attacks and is aslo unable to provide several essential security properties.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)
Amin, R.: Cryptanalysis and an efficient secure id-based remote user authentication scheme using smart card. IJCA 75, 1149–1157. Citeseer (2013)
Amin, R., Biswas, G.P.: Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device. In: IEEE 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT), pp. 1–6 (2015)
Amin, R., Biswas, G.P.: Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel. Pers. Commun. 84, 439–462 (2015)
Amin, R., Biswas, G.P.: A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. J. Med. Syst. 39(3), 1–17 (2015)
Amin, R., Biswas, G.P.: Remote access control mechanism using rabin public key cryptosystem. In: Mandal, J., Satapathy, S., Kumar Sanyal, M., Sarkar, P., Mukhopadhyay, A. (eds.) Information Systems Design and Intelligent Applications, pp. 525–533. Springer, Heidelberg (2015)
Amin, R., Maitra, T., Rana, S.P.: An improvement of wang. et. al’.s remote user authentication scheme against smart card security breach. Int. J. Comput. Appl. 75(13), 37–42 (2013)
Giri, D., Maitra, T., Amin, R., Srivastava, P.: An efficient and robust rsa-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1), 1–9 (2015)
He, D., Kumar, N., Chilamkurti, N.: A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. 321, 263–277 (2015)
He, D., Kumar, N., Chilamkurti, N., Lee, J.H.: Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10), 1–16 (2014)
Islam, S.H.: A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack. Wirel. Pers. Commun. 79(3), 1975–1991 (2014)
Islam, S.H.: Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf. Sci. 312, 104–130 (2015)
Islam, S., Biswas, G.P., Choo, K.K.R.: Cryptanalysis of an improved smartcard-based remote password authentication scheme. Inf. Sci. Lett. 3(1), 35–40 (2014)
Islam, S., Khan, M.K., Obaidat, M., Muhaya, F.: Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun. 84, 2013–2034 (2015)
Kumari, S., Khan, M.K.: Cryptanalysis and improvement of a robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27, 3939–3955 (2013). doi:10.1002/dac.2590
Hsieh, W.B., Leu, J.S.: Exploiting hash functions to intensify the remote user authentication scheme. Comput. Secur. 31(6), 791–798 (2012)
Kumari, S., Khan, M.K., Li, X.: An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 40(6), 1997–2012 (2014)
Ku, W.C., Chen, S.M.: Weakness and improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(1), 204–207 (2004)
Karuppiah, M., Saravanan, R.: A secure remote user mutual authentication scheme using smart cards. J. Inf. Secur. Appl. 19(4–5), 282–294 (2014). doi:10.1016/j.jisa.2014.09.006
Ramasamy, R., Muniyandi, A.P.: New remote mutual authentication scheme using smart cards. Trans. Data Priv. 2(2), 141–152 (2009)
Wang, X.M., Zhang, W.F., Zhang, J.S., Khan, M.K.: Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput. Stan. Interfaces 29(5), 507–512 (2007)
Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(2), 612–614 (2004)
Wang, D., Ma, C.G., Zhang, Q.M., Zhao, S.: Secure password-based remote user authentication scheme against smart card security breach. J. Netw. 8(1), 148–155 (2013)
Yang, G., Wong, D.S., Wang, H., Deng, X.: Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7), 1160–1172 (2008)
Kumar, R., Amin, R., Karati, A., Biswas, G.P.: Secure remote login scheme with password and smart card update facilities. In: Das, S., Pal, T., Kar, S., Satapathy, S., Mandal, J. (eds.) Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA). Advances in Intelligent Systems and Computing (AISC), vol. 404, pp. 495–505. Springer, Heidelberg (2015). doi:10.1007/978-81-322-2695-6-41
Karuppiah, M., Saravanan, R.: A secure authentication scheme with user anonymity for roaming service in global mobility networks. Wirel. Pers. Commun. 84(3), 2055–2078 (2015)
Karuppiah, M., Saravanan, R.: Cryptanalysis and an Improvement of New Remote Mutual Authentication Scheme using Smart Cards. Journal of Discrete Mathematical Sciences and Cryptography 18(5), 623–649 (2015)
Wu, F., Xu, L., Kumari, S., Li, X., Das, A.K., Khan, M.K., Karuppiah, M., Baliyan, R.: A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks. Netw. Secur. Commun. 9, 3527–3542 (2016). doi:10.1002/sec.1558
Kumari, S., Karuppiah, M., Li, X., Wu, F., Das, A.K., Odelu, V.: A Secure Trust-Extended Authentication Mechanism for VANETs. Security and Communication Network (2016)
Karuppiah, M., Kumari, S., Das, A.K., Li, X., Wu, F., Basu, S.A.: A secure lightweight authentication scheme with user anonymity for roaming service in ubiquitous networks. Secur. Commun. Netw. 9, 4192–4209 (2016)
Karuppiah, M.: Remote user authentication scheme using smart card: a review. Int. J. Internet Protoc. Technol. 9, 107–120 (2016)
Xu, J., Zhu, W.T., Feng, D.G.: An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4), 723–728 (2009)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) Advances in Cryptology – CRYPTO’ 99. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi:10.1007/3-540-48405-1_25
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)
Ma, C.G., Wang, D., Zhao, S.D.: Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. 27, 2215–2227 (2012). doi:10.1002/dac.2468
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Karuppiah, M., Pradhan, A., Kumari, S., Amin, R., Rajkumar, S., Kumar, R. (2017). Security on “Secure Remote Login Scheme with Password and Smart Card Update Facilities”. In: Giri, D., Mohapatra, R., Begehr, H., Obaidat, M. (eds) Mathematics and Computing. ICMC 2017. Communications in Computer and Information Science, vol 655. Springer, Singapore. https://doi.org/10.1007/978-981-10-4642-1_3
Download citation
DOI: https://doi.org/10.1007/978-981-10-4642-1_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-4641-4
Online ISBN: 978-981-10-4642-1
eBook Packages: Computer ScienceComputer Science (R0)