A Noble Remote User Authentication Protocol Based on Smart Card Using Hash Function

Document Sample
A Noble Remote User Authentication Protocol Based on Smart Card Using Hash Function Powered By Docstoc
					    International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856




       A Noble Remote User Authentication Protocol
        Based on Smart Card Using Hash Function
                                        Deepchand Ahirwal1, Prof. Sandeep Raghuwanshi2

                                            1
                                         Scholar M.Tech, Information Technology,
                                 Samrat Ashok Technological Institute, Vidisha (M. P.), India
                                        2
                                       Assistant Professor, Information Technology,
                                Samrat Ashok Technological Institute, Vidisha (M. P.), India

Abstract- The security issues are always raised for remote        public key scheme. This proposed protocol withstands
authentication service. Smart card based authentication           replay attack by using time stamp T in login massage. In
protocol is best suited for authenticate legitimate user.         2000, Chi and Cheng [2] cryptanalysis Hwang and Li
Developing secure authentication protocol is a strong             [14] scheme, and found this scheme does not to resist
challenge. There are many potential attacks that are targeted     impersonate attack. A legitimate user can impersonate
at authentication such as insider attack, offline password        other valid user to use his ID and PW without knowing
guessing attack, masquerade attack, server spoofing attack,
                                                                  the secret key. So this scheme was not suitable for secure
and parallel session attack. Recently many previous proposed
schemes are fail to resist these attacks. In this paper we
                                                                  remote authentication.
introduce a remote authentication protocol that provides          In 2004, M.L.Das [15] proposed a dynamic ID-based
secure mutual authentication process and session key              remote user authentication protocol. This protocol use
agreement. Our proposed protocol is providing better security     one-way hash function to protect the secret information
to resist all possible attacks. In this protocol, we use low      and symmetric encryption function to encrypt the
computing cost hash function and random nonce. We use             messages. But D. Giri [4] has analyzed that Das’s [15]
random nonce to avoid complexity of time synchronization.         protocol is vulnerable the offline/ online password
The proposed protocol is efficient and practical. It is easy to   guessing attack and weak password change phase. Later,
adapt in low-weight devices like the subscriber identity          Rafael M. [17] point out the Das’s protocol is not secure
module.                                                           against insider attack, masquerade attack, server spoofing
Keywords: - Authentication, Network                  security,    attack. In Das’s [15] protocol, if the attack is legal user.
cryptanalysis, smart card, hash function.                         He can extract h (x) secret key from Ai in smart card.
                                                                  Once he obtains secret key h (x), he tries to get other
                                                                  legitimate user’s PW and also act as masquerade as legal
1. INTRODUCTION                                                   user. While in 2005 H.Y. Chien and Chen et al. [9] point
Smart card based remote user authentication is a                  out that in das et al.’s protocol user Ui sends the data
mechanism to authenticate the legitimate user. Smart              (Cid, Ni, Ci, T) to the remote server. In each login
card based remote user authentication is mechanism to             request, although the Cid dynamically changes every
authenticate the legitimate user by using of smart. In            time, the value Ni is same and unique to each user. So
Smart card’s memory, some secret information has stored           that das et al protocol failed to protect the user antonymic.
such as identification or password related information of         H. Y. Chien and Chen et al. [9] Also proposed a mutual
user. In 1986, Lamport [12] introduced first remote user          authentication protocol to preserve user anonymity based
authentication with using of password verification table.         on modular exponentiation. This efficient is low. In 2007
In Lamport scheme’s [12] user has unique identification           L. I. Hu [11] found the Chien and Chen’s [9] protocol is
and password for verifying as legitimate user. This               vulnerable to strong masquerade user or server attack,
password table takes lot of maintenance cost and unsecure         insider attack, replay attack and denial of service attacks
to insider attack. And verification table has risks of being      and improved it to avoid these weakness. In 2009, J. Xu
modified by the adversary and the size of the password            et al. [10] presented an authentication protocol using such
verification table is directly proportional to the number of      non-tamper resistant smart card based on costly modular
user and management of huge table increase load in the            exponentiation. However R. Song [18] point out J. Xu et
server. To avoid storing the password in the server               al. [10]’s protocol is vulnerable to the user impersonation
verification table and sends in the plain text form in the        attack. In 2010, he introduced a new and more secure
insecure network system.                                          authentication protocol based on symmetric key
In 2000, Hwang and Li [14] proposed a remote user                 cryptosystem and modular exponentiation. However W.
authentication using smart card is based on ElGamal’s             B. Horng -Cheng [21] demonstrates that R. Song et al.

Volume 1, Issue 4 November - December 2012                                                                           Page 62
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856


[18] protocol is vulnerable to the offline password           phases in his protocol: registration phase, login Phase,
guessing, insider attack, denial-of service and proposed      verification phase and password change phase.
protocol does not provide perfect forward secrecy for
                                                              The four phases of Wang et al.’s protocol are described
session keys.
                                                              below.
In 2011, E.J Yoon and K.Y Yoo [5] demonstrated that Z.
                                                              1. Registration Phase
Jia’s [25] remote authentication protocol is vulnerable to
insider attack, forgery attack and server spoofing attack.     In the registration phase, the user Ui chooses her own
They point out Jia’s protocol does not provide mutual         IDi and sends it to the remote server S. After S receives
authentication between user and server. Moreover In           Ui’s message, S performs the following Steps:
2011, Li and Cheng Lee [3] present a robust remote user
                                                              Step1. S chooses a password PWi for Ui and computes Ni
authentication protocol using smart card. They claim that
                                                                     = h (PWi) ⊕ h(x) ⊕ IDi, in which x is the
their proposed protocol is providing better authentication
                                                                     server’s long term secret.
process and resistance to all possible attacks. But in this
protocol is not provide security to the denial-of-service     Step2. S prepares a smart card for Ui by storing [h (•),
attack.                                                             Ni, y] in it. y is the server’s secret number which is
                                                                    stored in every user’s smart card.
In this article, we shall present a secure ID-based remote
authentication protocol with mutual authentication and        Step3. S sends PWi and the smart card to Ui using the
session key agreement. Moreover our protocol provides               secure channel.
the user to choose and change their password by their
                                                                     S ⇒ Ui: PWi and the smart card.
own choice. In contrast, the propose protocol can resist
parallel session attack, server spoofing attack,              2. Login Phase:
masquerade attack, insider attack, Further provides
                                                              When Ui needs to access her data stored at the server, she
security analysis to compare with other published
                                                              invokes the login phase. Ui inserts her smart card into a
protocol. By performance analysis, the propose protocol is
                                                              card reader and enters her password PWi, and then the
shown to be very efficient both in the storage and
                                                              smart card performs the following steps:
computation cost.
                                                              Step1. The smart card computes a dynamic IDi:
The reminder of the article is organized as fallows. In
section 2, we briefly discuss the Wang, Liu and Xiao’s               CIDi = h (PWi) ⊕ h (Ni ⊕ y ⊕T) ⊕ IDi,
[20] protocol and its drawback. In Section 3 we Introduce
                                                                     In which T is the current date and time.
our secure ID-based user authentication protocol, and we
discuss the security analysis in session 4, compare the       Step2. The smart card sends IDi, CIDi, Ni and T to the
performance and efficiency of the propose protocol with             server.
other related protocol in session 5.and finally concludes
the paper in Section 6.                                              SCi → S: IDi, CIDi, Ni, T.
                                                              3. Verification Phase
                                                              When S receives the login message from Ui at time T’,
2. REVIEW OF Y. WANG LIU AND XIAO‘S                           she parses it into the form {IDi, CIDi, Ni, T} and then
PROTOCOL                                                      performs the following steps:
Y. Wang, J. Liu and F. Xiao proposed a dynamic ID-            Step1. S checks whether T’ − T ≤ ΔT. If it doesn’t hold,
based remote user authentication protocol in 2009 [20].              then S directly rejects the user’s login request.
Wang et al.’s authentication protocol is based on the
security analysis of M. Das protocol. They point out that     Step2. S computes h (PWi)’ = CIDi ⊕ h (Ni ⊕ y ⊕ T)
the authentication protocol proposed in M. Das’s protocol            ⊕ IDi.
[15] is vulnerable to masquerade attacks and lacks mutual
                                                              Step3. S computes IDi‘= Ni ⊕ h(x) ⊕ h (PWi) and
authentication. Wang et al.’s protocol can prevent these
                                                                    checks whether IDi’ is equal to IDi. If IDi’ is not
two vulnerabilities and is also very efficient [20].
                                                                    equal to IDi, then S rejects the user’s login
Common notations                                                    request; otherwise, S accepts the user’s login
                                                                    request.
Y.Wang, J. Liu, and F. Xiao denoted the user by U, the
user’s identity by ID, the user’s password by PW, and         Step4. S computes a’ = h (h (PWi) ⊕ y ⊕ T’) and sends
server by S. Let h (•) be a cryptographic one way hash               (a’, T’) to Ui. When Ui receives the message (a’,
function. Exclusive-or (XOR) operation on two binary                 T’) from S at time T’, Ui verifies the identity of S,
strings is denoted by ⊕ and the operation of binary string           which contains the following step: 1. Ui checks
concatenation is denoted by “||”. Finally, two types of              whether T’ − T ≤ ΔT. If it doesn’t hold, then Ui
channels are used. One of them is a common channel and               recognizes the reply as invalid. Otherwise Ui,
other one is a secure channel. Wang’s has used four
Volume 1, Issue 4 November - December 2012                                                                      Page 63
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856


       computes a = h (h (PWi) ⊕ y ⊕ T’) and compares           (2) Since Ui already knows his own IDi and PWi, he
       it with a'. If a = a’, Ui confirms that S is valid.         computes Z = Ni ⊕ h (PWi) ⊕ IDi = h(x).
4. Password Change Phase:                                       Once Ui gets y and h(x), he gets the ability to perform the
                                                                verification phase with other users by masquerading as
In Wang et al.’s protocol, the user doesn’t need to send
                                                                the server, because the verification phase performs secret
her new password to the remote server during the
                                                                operations using only h(x) and y. Ui can even pretend to
password change phase. When the user wants to change
                                                                be the server during the registration phase, because he
his/her password from PWi to PWnew, he/she inserts the
                                                                knows the value of h(x) and y. So we can see the server
smart card into the card reader and enters both PWi and
                                                                masquerade attack is easy to carry out.
PWnew. Then the smart card computes Ni*= Ni ⊕ h
                                                                3. The password change phase of Wang et al.’s protocol is
(PWi) ⊕ h (PWnew) and replaces Ni with Ni*.
                                                                not secure. It allows an adversary who gets a lost smart
                                                                card to change the value of Ni to another one, which
                                                                causes denial of service to the legal user. This is also a
3. SECURITY ANALYSIS OF WANG ET                                 security hole of Wang et al.’s protocol. From the above
AL.’S PROTOCOL                                                  analysis, we know that Wang et al.’s protocol is
In this section we point out that Wang et al.’s [20]            vulnerable to these attacks. In the following section, we
protocol is vulnerable to password guessing attack and          propose a security enhanced protocol, which does not
server masquerade attack. In addition, the password             suffer these attacks.
change phase in Wang et al.’s protocol is not securing
either [10].                                                    4. PROPOSED PROTOCOL
1. Password Guessing Attack
The login phase and verification phase of Wang et al.’s         In this section, we present a smart card based secure
protocol use a common channel. So the adversary can             remote user authentication protocol. In proposed protocol
eaves-drop the common channel and obtain messages               we use one-way hash function, bitwise exclusive OR
from it. Once the adversary gets a lost smart card, he can      operation and random generate nonce. This protocol has
obtain y from it. y is the server’s secret which is stored in   four phases: 1- Registration phase, 2-Login phase, 3-
every user’s smart card. Now the adversary tries to eaves-      authentication phase and 4- password change phase. The
drop the common channel between Ui and S. By                    notations use in proposed protocol and phases are
eavesdropping, the adversary can get the login message          described below.
from Ui to S, which contains IDi, CIDi,                         The notations used throughout           this   article   are
Ni and T, in which CIDi = h (PWi) ⊕ h (Ni ⊕ y ⊕ T)              summarized as follows:
⊕ IDi. Then the password guessing attack is carried out
with the following steps:                                       Ui            A remote user
      (1) The adversary computes Xi = h (Ni ⊕ y ⊕ T)            IDi           Identity of Ui
from Ni, y and T.                                               PWi           Password chosen by Ui
      (2) The adversary computes Yi = CIDi ⊕ Xi ⊕ IDi           S             Authentication server
= h (PWi).                                                      Xs            Permanent secret key of S
      (3) The adversary picks a random PW*, computes h          h (•)         One way hash function
(PW*) and compares h (PW*) with h (PWi). If they are                         Bitwise XOR operation
equal, then due to the collision resistance of one way hash     ║             Concatenation
function, the adversary concludes that PW* is Ui’s              Ni, Nj        Random nonce generated by Ui and S
password. If they are not equal, then the adversary picks                     respectively
another password candidate and performs the same
operations, until he finds the correct password. Because        Registration phase
most passwords are chosen to be easy to remember, these
have low entropy. This attack can be played efficiently.        In this phase User Ui wants to submit his/her identity IDi
2. Server Masquerade Attack                                     and password PWi to server Si via a secure channel to
In the attack described below, the adversary is just a          register himself/herself. Before send these information
normal user who is very curious of the server’s secret          registration authority computes PWi to h (PWi) and send
h(x). This attack can be carried out by any single user         IDi and h (PWi) as a registration request to the server Si.
without interactions with the server. As we cannot ensure       Upon receiving the registration request from user Ui, the
all the users are honest, this type of attack must be           server Si computes two parameters Ai, Bi related to his
prevented. The user carries out the attack by the following     request.
steps:                                                          Step1-Server computes
(1) The user Ui gets the contents from the smart card by                 Ai = h (X)
    power analysis.                                                      Bi = Ai  h (IDi || h (PWi))
    So Ui gets y and Ni = h (PWi) ⊕ h(x) ⊕ IDi.
Volume 1, Issue 4 November - December 2012                                                                        Page 64
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856


       The server S issues a smart card to user Ui by                Nj = Zj  Ai,
       storing {Ai, Bi, h (•)} into smart card memory.
                                                                     Fi' = h (Ai║Bi'║Ni║Nj)
       The smart card is delivered to user Ui through a
       secure channel.                                               And checks whether Fi and Fi' are equal or not. If
                                                                     yes, server S is authentic otherwise terminate the
Login phase
                                                                     session.
The user Ui wants access some service on remote server
Si. This phase provides the facility of a secure login         Step 4- Then the user Ui computes
request to server Si. User Ui inserts smart card into a card         Gi = h (Ai║Nj║Bi')
reader and submits in IDi* and PWi*.
                                                                     And send the message {Gi} to the server S.
Step 2- Firstly, the card reader computes –
                                                                     After receiving the message {Gi} from user Ui,
       Bi* = Ai  h (IDi* || h (PWi*))                               server S computes Gi' = h (Ai║Nj║Bi') and checks
                                                                     whether Gi and Gi' are equal or not. If yes,
       And checks whether Bi (stored in the smart card
       memory) and Bi' are equal or not. If yes, user Ui is    Step 5- The user Ui is authentic and mutual
       a legitimate bearer of the smart card.                       authentication is achieved otherwise terminate the
                                                                    session. After mutual authentication, both the
Step3- Then the card reader generates a nonce Ni and                parties compute the session key
      computes.
      Zi = Ni  Ai,                                                  SK = h (Di║Ni║Nj║Bi').
       Ci = h (PWi*)  h (Ai║Ni),
       Di = h (PWi*)  Ai,
       Ei = h (Di║Ni║Bi)
       And send the login request message {IDi, Ci, Ei,
       Zi} to the server S.
Authentication phase
Upon receiving the login request message {IDi, Ci, Ei,
Zi}; server S first checks the validity of IDi to
accept/reject the login request. If it is true,
Step 1- Then the server S computes
       Ai = h (Xs),
       Ni = Zi  Ai,
       h (PWi') = Ci  h (Ai║Ni),
       Di' = h (PWi')  Ai,
       Bi' = Ai  h (IDi'║h (PWi')),
       Ei' = h (Di'║Ni║Bi')
       And checks whether Ei and Ei' are equal or not. If
       they are not equal then rejects the login request. If
       true,
Step 2- Then the server S generates a nonce Nj and
computes
                                                                  Figure 1 Data Flow Diagram for proposed protocol
       Zj = Nj  Ai,
       Fi = h (Ai║Bi'║Ni║Nj)                                   Password change phase
       And send the message {Fi, Zj} to the user Ui.           This phase is invoked whenever user Ui wants to change
                                                               the password PWi with a new password PWinew. User Ui
       After receiving the message {Fi, Zj} from server S,
                                                               inserts the smart card to the card reader and keys in IDi'
       the card reader performs following computations.
                                                               and PWi' and requests to change password.
Step 3- The card reader computes

Volume 1, Issue 4 November - December 2012                                                                      Page 65
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856


Step 1- The card reader computes Bi' = Ai  h (IDi'║h                 Ci = h (PWi')  h(Ai║Ni)         Ei = h
      (PWi')) and checks whether Bi and Bi' are equal or       (Di║Ni║Bi')
      not. If yes, user Ui is a legitimate bearer of the
                                                                       Zi = Ni  Ai                    Zj = Nj  Ai
      smart card otherwise reject the request.
                                                                       Fi = h (Ai║Bi'║Ni║Nj)
Step 2- Then the reader asks the user Ui to input new
      password PWinew.       After entering the new
                                                               Hence the proposed protocol is secure against parallel
      password, the reader calculates Binew = Ai  h
                                                               session attack.
      (IDi'║h (PWinew)) and replaces Bi with Binew in the
      smart card memory.                                       5. Resistance to Replay Attack-
                                                               Suppose attacker intercepts the login request massage
SECURITY          ANALYSIS           OF       PROPOSED         {IDi, Ci, Ei, Zi} from User U, and can replay the same
PROTOCOL                                                       massage to server, it is useless because the card reader
1. Resistance to Stolen smart card Attack-                     used the random nonce value “Ni” in each new login
In case a legitimate user losses his/her smart card. The       request,
adversary cannot use this card without knowing the valid
password, and if adversary extracts information in its           Zi = Ni  Ai
memory {Ai, Bi}. He cannot retrieve ID and PW, because
it is computationally infeasible to invert the one-way hash     “Zi” makes the dynamic and different login massage for
function h (.) and without knowing the Server secret key       same user for different login request. Hence the proposed
X. It is not possible to guess out two parameters (ID and      protocol is secure against massage replay attack
PW) correctly at the same time. Therefore the proposed         6. Resistance to Offline password guessing Attack -
protocol is secure against stolen smart card attack.
2. Resistance to Denial-of- service-                           In the proposed protocol, if an adversary wants to guess
                                                               the password. It can be prove to be impossible. The
In the proposed protocol, an adversary can used to invalid     adversary can guess ID and PW correctly at the same
ID and PW, and wants to send login request massage             time. It is not possible to guess out two parameters
continuously to keep server busy.                              correctly at the same time. An adversary cannot guess
It leads to denial-of-service attack. But he cannot send       valid “ID” and “PW” for computes
login request massage because in login phase, smart card               Ai = h (Xs) and
reader checks the verification of smart card and correct
password.                                                        Bi* = Ai  h (IDi || h (PWi))

  Bi* = Ai  h (IDi* || h (PWi*))                              Because it is impossible to guess right “ID” and “PW” in
  And check (Bi = Bi*)                                         same time. Server Secret Key Xs protect with one-way
Bi stores in smart card. Therefore, it’s also resistance to    function h (.), which computationally infeasible to invert.
denial-of service.                                             If attacker know user’s “ID”, it’s cannot extract h (ID ║ h
                                                               (PW)) without knowing server secret key.
3. Resistance to Insider Attack-
                                                               7. Leak of Server secret key -
If a privileged insider of the Server Si obtains the smart
card‘s secret information {Ai, Bi} from user Ui. He            Unfortunately, if Server secret key “X” is prevail from
cannot extract sensitive information like {ID, PW,} from       Server S. The attacker cannot retrieve “ID” and “PW”
Bi.                                                            from

         Bi = Ai  h (ID || h (PW)),                                  Ai = h (Xs)

Because it is computationally infeasible to invert the one-           Bi* = Ai  h (IDi || h (PWi))
way hash function h (.) and also he cannot extract Bi          Because of using one-way function h (•), Server can easily
without the knowing of ID and PW.                              change and modify its secret key “X”, and restore again
                                                               in smart card.
4. Resistance to Parallel Session Attack-
If the attacker can masquerade as legitimate user Ui by a      5.   THE    PERFORMANCE                             AND
replaying a login request massage { IDi, Ci, Ei, Zi } within
the valid time frame window But attacker cannot compute
                                                               EFFICIENCY COMPARISON
the knowledge massage { Fi, Zj } because knowledge             In this section, we compare performance analysis of the
massage does not contains any information to construct         proposed protocol with related protocol in terms of
next process.                                                  storage capacity and computation cost. The computation
                                                               costs are focus on the registration, login and
Volume 1, Issue 4 November - December 2012                                                                      Page 66
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856


authentication phases. In our proposed protocol, we use                      comparison of our proposed protocol with related
the lightweight hash function and exclusive OR                               protocol. Our protocol takes little more computation in
operation. It is usually take very low computation cost.                     authentication phase to compare to R.Song et al. [18],
We use SHA-1 to implement our protocol. The output                           Wang et al. [20], and Yoon. Yoo et al [6]. Because our
sizes of each hash value of secret information is 160 bits                   proposed provides more security against parallel session
long, time stamps are 40 bits length, and identity is 32                     attack, server spoofing attack, replay attack.
bits length. So the user’s smart card memory needs
                                                                             Moreover, the security comparison of the proposed
320(2*160) bits and server require only 160 bits to store
                                                                             protocol with the relevant authentication protocol is
the secret key X. Table 1 shows the storage capacity of
                                                                             summarized in Table 3.
our proposed protocol with other related protocol.
                                                                               Resistance to /    Our        R.Song    Wang      Yoon
            Table 1.Comparision of storage capacity                            Protocol           Protoc     et al.    et al.    Yoo
                                                                                                  ol         [18]      [20]      et. al
 Storage        Our          R.Song              Wang           Yoon.                                                            [6]
 capacity       protocol     et al. [18]         et al.         Yoo et         Insider attack       Yes        No        Yes       No
 (Bits)                                          [20]           al. [6]        Masquerade
                                                                                                    Yes       Yes        No        No
 Smart
                320          320                 320            480
                                                                               attack
 Card                                                                          Parallel session
                                                                                                    Yes        No        Yes       No
 Server         160          480                 320            320            attack
                                                                               Replay attack        Yes        No        Yes      Yes
                                                                               Offline
In terms of computation cost, it is defined as the total                                            Yes        No        No        No
                                                                               password attack
time of various operation executed in registration, login,
                                                                               Secure
and authentication phases. We denote the execution time
                                                                               password             Yes       Yes        No       Yes
for one-way hash function HT, and exclusive OR
                                                                               change process
operation require very low execution time as compare to
                                                                               Denial of
one-way hash function. So it is does consider its                                                   Yes        No        No        No
                                                                               service
computation cost. Same related protocol use the modular
                                                                               Session key
exponential operation denotes as MT. the time complexity
                                                                               generation and       Yes       Yes        No        No
associated. This takes more execution time to perform
                                                                               agreement
modular operations.
                                                                               Mutual
                                                                                                    Yes       Yes       weak      Yes
          Table 2. Comparsion of computation cost.                             Authentication


   Computatio         Our          R.Song              Wang       Yoon.
                      protocol     et al. [18]         et al.     Yoo
                                                                             6. CONCLUSION
   n cost in
   phases                                              [20]       et al[6]   This paper point out that the protocols proposed by Yoon
   Registration                                                              and Yoo [6], H.T. Liaw [7], M.S. Hwang and Lee [13],
                      2 HT         1HT +1MT            1 HT       2 HT       M.K. Das [15], R. Song [18], Y. Wang [20], Zhuo Hao
                                                                             [26] are not secure enough against some weaknesses. We
   Login
                      4 HT         3 HT                1 HT       2 HT       showed that their protocols are vulnerable to denial-of
                                                                             service attacks, forgery attacks, insider attacks, password
   Authenticati                                                              guessing, parallel session attacks, server spoofing,
                      5 HT         3 HT +1MT           3 HT       3 HT
   on                                                                        forward Security, replay attacks, and stolen verifier
   Mutual                                                                    attacks. All necessary requirements and withstands the
   authenticati       1 HT         1 HT                1 HT       1 HT       various aforementioned attacks, we present our proposed
   on                                                                        smart card based secure remote authentication protocol in
   Session key                                                               section 3. Our proposed protocol resists most current
                      1 HT         1 HT                No         No
                                                                             possible attacks that show on security analysis in section
                                                                             4. In section 5, the performance analysis of our protocol is
The proposed protocol requires little more and same                          shown in terms of computation cost and storage capacity.
computation cost to comparison other related protocol.                       We use one-way hash function in our research. This is
Because of our protocol is resistance to various attacks                     most suitable to use in cryptography, because it is low
and same security enhancement. Most related protocols                        cost, not reversible and two different parameters cannot
do not satisfy various requirements such as denial-of                        have same hash value. Because it provides better
service, mutual authentication, secure session key                           authentication mechanisms. In future, we suggest more
agreement. Table 2 shows the computation cost                                secure and efficient authentication protocol using smart

Volume 1, Issue 4 November - December 2012                                                                                      Page 67
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856


card whose computational cost is very low and resists to   [13] M. S. Hwang, C. C. Lee, and Y. L. Tang, “A
all possible attacks.                                        simple remote user Authentication scheme,”
                                                             Mathematical and Computer Modeling, 36, pp. 103–
                                                             107, 2002.
REFERENCES
  [1] B. Schneier, Applied cryptography protocols,         [14] M. S. Hwang and L.H.Li. “A new remote user
    algorithms and source code in C: second edition,         authentication scheme using smart card”, In IEEE
    John Wiley & Sons Inc, 1995                              Transaction on consumer Eleclronic,”vol.40, no 1,
                                                             2000, pp 28-30
  [2] Chi - Kwong and Cheng, “cryptanalysis of a
    remote user authentication scheme using smart card”,   [15] M.L. Das, A.Saxena and V.P. Gulati,”A Dynamic
    IEEE Transaction on Consumer Electronic Vol.46,          ID-based       remote user authentication scheme”,
    No.4, 11, 2000.                                          IEEE Transaction on consumer Eleectronice, vol.
                                                             50,2004, pp. 629-631
  [3] Chun-Ta Li and Cheng-Chi Lee, 2011 “a robust
    remote user authentication scheme using smart card,”   [16] Ou Qingyu Huang Kai, “Cryptanalysis and
    Information Technology and Control,Vol.40,No.3           improvement of a      remote user authentication
                                                             scheme” IEEE 978-0-7695-3804- 4/09, 2009
  [4] Debasis Giri and P.D.Srivastava, “Crpytoanalysis
    and Improvement of a remote user authentication        [17] Rafael M., F. Rico-Novella, “Improvement of the
    scheme using smart card”, ISECS 2008, IEEE 978-0-        Dynamic ID-based Remote User authentication
    7695-3258-5/08, 2008                                     scheme” IEEE 978-0-9564263-8/03, 2010

  [5] Eun-Jun Yoon, and Kee-Young Yoo, 2011,               [18] R. Song. “Advanced smart card based password
    “Three Attacks on Jia et al.’s Remote User               authentication Protocoll”. Computer Standards &
    Authentication Scheme using Bilinear Pairings and        Interfaces, Volume 32, Issue 4, June 2010, Pages
    ECC”, World Academy of Science, Engineering and          321-325.
    Technology 60 (JULY 2011).                             [19] Sandeep K. Sood, Anil K.Sarje and Kuldip Singh,
  [6] E.Yoon and Yoo, “More efficient and secure             "Secure      dynamic identity-based remote user
    remote user authentication scheme using smart card”,     authentication scheme",       Distributed Computing
    in proceeding of 11th international conference on        and Internet Technology, Lecture Notes in Computer
    Parallel and Distributed System,2005,pp.73-77            Science, vol. 5966,2010, pp. 224-235.

  [7] H. T. Liaw, F. Lin, and W. C. Wu, "An efficient      [20] Y. Wang, J. Liu, F. Xiao, and J. Dan, “A more
    and complete remote user authentication scheme           efficient and secure dynamic id-based remote user
    using smart cards,” Math. Computer Model, Elsevier       authentication scheme,”Comput. Commun., vol. 32,
    vol. 44, no. 1-2, pp. 223-228, 2006.                     no. 4, pp. 583–585, 2009.

  [8] Huang Kai, Ou Qingyu, “Cryptanalysis of a            [21] W.B. Horng and Cheng p Lee, “Security
    remote user authentication scheme” IEEE 978-1-           weaknesses of song’s Advanced smart card based
    4244-3693-4/09, 2009                                     Password authentication Protocol.”IEEE trans.
                                                             Computer, vol.978-4244-6789 1/10, 2010
  [9] H.Y. Chien and C.H. Chen, 2005”A remote
    authentication scheme preserving user anonymity,”      [22] William Stallings. Cryptography and Network
    proc. advanced information networking and                Security, 4/E Prentice Hall.
    application, vol.2.pp 245-248, march.                  [23] X. Duan, J. Liu, and Q. Zhang, “Security
  [10] J. Xu, W.-T. Zhu and D.G. Feng, “An improved          improvement on chien et al.’s remote user
    smart card based password authentication scheme          authentication scheme using smart cards,” in
    with provable security,” Computer Standards &            Computational Intelligence and Security, 2006
    Interfaces, vol. 31, no. 4, pp. 723 – 728, 2009.         International Conference on, vol. 2, pp. 1133–1135,
                                                             Nov. 2006.
  [11] L. I. Hu, X.X. Niu, and Y.X. Yang, 2007
    “Weaknesses and improvements of a remote user          [24] Y. Lee, J. Nam, and D. Won, “Vulnerabilities in a
    authentication scheme using smart cards”, The            remote agent authentication scheme using smart
    Journal of China Universities of Posts and               cards ,” N. T. Nguyen et al. (eds.) KES–AMSTA
    Telecommunications, vol. 14, pp. 91-94.                  2008, LNAI 4953, pp. 850-857, Springer–Verlag
                                                             Berlin Heidelberg 2008.
  [12] L. Lamport, 1981 “Password authentication with
    insecure communication”. Communications of the         [25] Z. Jia, Y. Zhang, H. Shao, Y. Lin and J. Wang
    ACM, vol.24, no.11, , pp 770-772.                        2006, “A remote user authentication scheme using
                                                             bilinear pairings and ECC”, Proceeding Of 6th
                                                             International Conference on Intelligent Systems

Volume 1, Issue 4 November - December 2012                                                              Page 68
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856


   Design and Applications (ISDA’06), Vol.2, Oct., pp.
   1091-1094.
 [26] Zhuo Hao, Nenghai Yu, “A Security Enhanced
   remote user authentication scheme using smart card”
   International Symp. On Data, privacy, and E-
   commerce ISDPE, IEEE 978-0-7695-4203-4/10,
   2010




Volume 1, Issue 4 November - December 2012                                            Page 69

				
DOCUMENT INFO
Description: International Journal of Emerging Trends & Technology in Computer Science (IJETTCS) Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 1, Issue 4, November – December 2012, ISSN 2278-6856, Impact Factor of IJETTCS for year 2012: 2.524