Docstoc

Cryptanalysis on two multi-server password based authentication protocols

Document Sample
Cryptanalysis on two multi-server password based authentication protocols Powered By Docstoc
					                                                                (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                         Vol. 8, No. 2, 2010


  Cryptanalysis on Two Multi-Server Password Based
               Authentication Protocols
                  Jue-Sam Chou*                            Chun-Hui Huang                                             Yalin Chen
   Dept. of Information Management                Dept. of Information Management                        Institute of Information Systems and
      Nanhua University, Taiwan                      Nanhua University, Taiwan                               Applications, NTHU, Tawain
       jschou@mail.nhu.edu.tw                       g6451519@mail.nhu.edu.tw                                   d949702@oz.nthu.edu.tw
            *
                : corresponding author


Abstract¡ In 2004 and 2005, Tsaur et al. proposed two smart                   b) The User Registration Stage: When a new user Ui wants
card based password authentication protocols for multi-server             to register at m servers, S1, S2, ¡, and Sm (in a multi-server
environments. They claimed that their protocols are safe and can          system), he and CA together perform the registration process
withstand various kinds of attacks. However, after analyses, we           through a secure channel described as follows:
found both of them have some security loopholes. In this article,
we will demonstrate the security loopholes of the two protocols.                 Ui chooses his identity U_IDi and password U_PWi,
                                                                                  and transmits them to CA.
   Keywords- multi-server; remote password authenticationl;
smart card; key agreement; Lagrange interpolating polynomial                     CA randomly chooses a number rui, and computes two
                                                                                  secret keys as
                             I.    INTRODUCTION                                    U_Ri  g U _ PWi  rui (mod N ) and
    In a traditional identity authentication mechanism, a user
must use his identity ID and password PW to register at the                        U_Si  g rui  d (mod N ) .
remote server and the server needs to employ a verification                      CA assumes that U i wants to obtain the services of r
table to record the ID and PW. However, this approach might                       servers, S1, S 2, ¡, S r, for 1 ≤ r < m. The service periods
make the system suffer from the stolen verifier attack. To                        provided by these servers are E_Ti1, E_Ti2, ¡, and
address this problem, some researchers suggested the                              E_Tir respectively. The periods of the other m¡ r servers
authentication system adopt a non-verification-table approach.                    are all set to zeros. CA then constructs a Lagrange
In 1990, Hwang et al. [4] first proposed a smart card based                       interpolating polynomial function fi(X) for Ui as
authentication protocol by using such a non-verification-table
                                                                                                 m
way. Thereafter, many smart-card non-verification-table based                                                                ( X  U _ID )
authentication schemes [1, 2, 3, 5, 6, 7, 10-20] were proposed.                     fi ( X )     (U _IDi  E_Tij ) (S _SK j  U _IDi ) 
                                                                                                                                   i

                                                                                                 j 1
In 2004 and 2005, Tsaur et al. proposed two such
authentication schemes [8, 9] for multi-server environments.                                         m
                                                                                                                 ( X  S _SK k )
They claimed that their schemes are secure and can withstand                                                                      
various attacks. However, after analyses, we found that both of                                  k 1, k  j ( S _SK j  S _SK k )
them have some security loopholes. In this article, we will                                                m      ( X  S _SK y )
demonstrate the security flaws found in their protocols.                                         U _ Ri    (U _IDi  S _SK y )
                                                                                                           y 1
      II.         REVIEW AND ATTACK ON TSAUR ET AL .¡S FIRST
                                  PROTOCOL                                                   a m X m  am1 X m1    a1 X  a0 (mod N )
                                                                                 CA stores fi(X), Ui¡s identity U_IDi, his two secret keys
A. Review
                                                                                  U_Si, U_Ri, and one-way function h(X, Y) in smart card
   Tsaur et al.¡s first protocol [8] consists of next four stages.                U_SCi. Then, CA sends the card to Ui via a secure
    a) The System Setup Stage: CA defines an one-way hash                         channel.
function h(X, Y); he selects two large prime numbers p1, p2, and             c) The Login Stage: In this phase, when a registered user Ui
computes N = p1 ¡ p2; he randomly chooses the encryption key              wants to login server Sj (1 ≤ j ≤ m), he inserts his smart card
e satisfying gcd(e, φ(N)) = 1, where φ(N) = (p1 ¡ 1) ¡ ( p 2 ¡ 1),        U_SCi to the reader and keys in his U_PWi. Then, U_SCi
and computes his corresponding private key as d = e-1 mod                 performs the following steps on behalf of Ui:
φ(N). For each server Sj, CA selects a random S_SKj as the
                                               S _ SK j                          U_SCi gets timestamp t. Then, it generates a secret
server¡s private key and computes S_IDj = g             (mod N) as
                                                                                  random number r1 and computes
his oublic identity, where j = 1,2, ..., m.




                                                                     16                                     http://sites.google.com/site/ijcsis/
                                                                                                            ISSN 1947-5500
                                                                                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                                                   Vol. 8, No. 2, 2010
                                                                                                                                                    m
         C1  g e r1 (mod N ) ,                                                                                                                                                                            ( X  U _ ID )
                            U _ PWi            r1  h (C1 ,t )
                                                                                                                                fE (X )                                                 i
                                                                                                                                                  (U _ ID i  E _Tij ) ( S _ ID j  U _ ID i ) 
                                                                                                                                                  j 1
         C2  (U _S1 )                    g
              g U _PWi  rui  d  g r1h (C1 ,t ) (mod N), and                                                                                m
                                                                                                                                                                ( X  S _ ID k )
                                                  S _ SK j e  r1              S _ SK j  e  r1
                                                                                                                                                           ( S _ ID j  S _ ID k )
                                                                                                                                                                                    
         P  ( S _ID j ) e  r1  ( g                       )        g                            (mod N)                                  k 1 , k  j

                                                                                                                                                                   m              ( X  S _ ID )
                                                                                                                                                           (E )                      y
      Given 1, 2, ¡, m, and P, U_SCi computes fi(1),                                                                                       U _ Ri                 (U _ ID i  S _ ID y ) (mod                                     N)
       fi(2), ¡, fi(m), and fi(P). Then, it constructs an                                                                                                         y 1
       authentication message M = {U_IDi, t, C1, C2, fi(1),
       fi(2), ¡, fi(m), fi(P)} and sends it to S j, one of the m                                                                            b m X m  b m 1 X                    m 1
                                                                                                                                                                                               b1 X  b0 (mod N ) .
       servers for, 1 ≤ j ≤ m.
                                                                                                                         In login stage, E performs the follows steps:
    d) The Server Authentication Stage: In this phase, after
receiving the authentication message from Ui, Sj gets current                                                                E gets timestamp t. Then, he generates a secret random
timestamp tnow and performs the following steps to verify the                                                                 number r1(E) and computes C1(E), C2(E), and P(E) as
login message from Ui:                                                                                                              (E )                    r1 ( E )
                                                                                                                               C1            g e                     (mod N ) ,
      S j checks Ui's identity U_IDi and determines if tnow ¡ t
       >ΔT. If either of the two checks does nothold, Sj rejects                                                                    (E )                                          (E )
                                                                                                                                                                                              r ( E ) *h ( C1 E ) ,t )
                                                                                                                                                                                                            (

       Ui's login message. Otherwise, it continues.                                                                            C2           (U _ S1 )U _ PWi                             g 1                                 (mod N ) ,
                                                                                                                                                             e r1( E )                  S _SK j er1( E )
      S j uses value C1 and its secret key S_SKj to derive the                                                                P( E)  (S_IDj )                            (g                   )
       value P shown as below.
                                                                                                                                               S_ SK j e r1( E )
                     S _SK j                                                                                                           g                                 (mod N).
         P  (C1 )             (mod N )
                                                                                                                             Then, E computes fE(1), fE(2), ¡, fE(m), and fE(P(E))
                   e  r1 S _SK j
             (g        )             (mod N )                                                                                and sends message M(E) = {U_IDi, t, C1(E), C2(E), fE(1),
                                                                                                                              fE(2), ¡, fE(m), fE(P(E))} to server S j, one of the m
                 e  r1  S _ SK j
            g                            (mod N ) .                                                                          servers for 1 ≤ j ≤ m.
                                                                                                                           When receiving message M(E), Sj gets current timestamp tnow.
       Then, it uses these m + 1 points {(1, fi(1 )), (2, fi(2)), ¡,
                                                                                                                      It then performs the following verification steps to authenticate
       (m, fi(m)), (P, fi(P))} to reconstruct the interpolating                                                       E.
       polynomial
                               m                        m 1
                                                                                                                             S j checks E's identity U_ID i and determines whether
         fi ( X )  am X             a m 1 X                      a1 X  a 0 (mod N )
                                                                                                                              tnow ¡ t <ΔT. If either of the two checks dose not hold,
                                                                           (C 2 )       e                                     S j rejects. Otherwise, he continues.
      He checks to see whether                                                                     1 . If it
                                                                ( C1 )   h ( C1 , t )
                                                                                         U _ Ri                             S j uses the transmitted value C1(E) and his secret key
       holds, user Ui is authentic. Otherwise, S j rejects Ui's                                                               S_SKj to derive the value P(E), as shown in the
       login message.                                                                                                         following equation, Equation (2).
                                                                                                                                                        ( E ) S _ SK                        e  r1 ( E )          S _ SK
B. Attack                                                                                                                      P ( E )  ( C1                 )           j
                                                                                                                                                                               (g                          )              j
                                                                                                                                                                                                                               (mod N )
   We show an impersonation attack on Tsaur et al.¡s first
                                                                                                                                                 e  r1 ( E )  S _ SK
protocol. First, an attacker E forges a smart card as follows.                                                                             g                                 j
                                                                                                                                                                                  (mod N ) ¡ ¡ ¡ Equation (2)
      E enters U_IDi, randomly chooses a password                                                                            Then, it uses these m + 1 points {(1, fE(1)), (2,
                (E )                  (E )
       U _ PWi and a random number rui , and calculates                                                                       fE(2)), ¡, (m, fE(m)), (P(E), fE(P(E))} to reconstruct the
       two secrets:                                                                                                           interpolating polynomial
                                           (E )
                                                  *rui ( E ) * e                                                               f E ( X )  bm X m  bm 1 X m 1    b1 X  b0 (mod N )
         U _ Ri( E )  g U _ PW i                                  (mod N ) and
                                   (E )
         U _ S i( E )  g rui             (mod N ) .                                                                                                                                                  (E )
                                                                                                                             S j verifies whether                                           (C 2                 )e
                                                                                                                                                                                  (E)                (E)
                                                                                                                                                                                                                                 (E )
                                                                                                                                                                                                                                         1 . If it
      Though, E does not know each server¡s private key, he                                                                                                             (C 1             ) h (C1          ,t )
                                                                                                                                                                                                                   U _ R i
       knows these servers¡ identities. Therefore, he uses each                                                               holds, E is authentic.
       server¡s identity to replace the original corresponding
       private key in polynomial fi(X) and form another                                                                  Obviously, E can pretend as Ui successfully since the
       polynomial fE(X) as shown in following Equation (1).                                                           computation result is equal to 1, as shown in Equation (3).




                                                                                                                 17                                                http://sites.google.com/site/ijcsis/
                                                                                                                                                                   ISSN 1947-5500
                                                                                                                               (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                                                                        Vol. 8, No. 2, 2010

                                (C 2
                                          (E )
                                                    )e                                                                                           CA then stores U_Si and fi(X) into the storage of smart
                    (E )       h (C1   (E)
                                             ,t )                       (E )                                                                      card U_SCi, and sends the card to U i via a secure
             (C 1          )                         U _ Ri
                                                                                                                                                  channel.
                                         (E )
                                                 * rui ( E )                           (E)
                    ( g U _ PW i                                  g r1 '* h ( C 1             ,t )
                                                                                                       )e                                   3) The Login Stage: When a registered user U i wants to
                                                                                    (E )
                                                                                            * rui ( E ) * e
                 g   e * r1    (E)
                                     * h (C1     (E)
                                                        ,t )
                                                                g   U _ PW      i                                                        login to server S j, he inserts his smart card U_SCi to the reader
                                                                                                                                          and keys in his password U_PWi. Then, U_SCi performs the
                                   (E)           (E )                   (E )
                                                                               *h (C1( E ) ,t )*e                                         following steps on behalf of Ui:
                 g U _ PW i              * rui          *e
                                                                g r1
                                                                                (E)
                            (E)
                                   * h ( C1( E ) , t )                                 * rui ( E ) * e
                 g e * r1                                       g U _ PW i                                                                      U_SCi gets timestamp t and computes r  (U _Si )U _PWi .
             = 1 (mod N) ¡¡¡¡¡¡¡¡¡                                                                          Equation (3)                          Then, it generates a secret random number r1 and
                                                                                                                                                  computes C1, C2 and P as
    III.      REVIEW AND ATTACK ON TSAUR ET AL.¡S SECOND                                                                                           C1  g       r1
                                                                                                                                                                     (mod           p) ,
                                                        PROTOCOL
                                                                                                                                                   C 2  r1  r  h ( C 1 , t )(mod                  p ) , and
A. Review
    Tsaur et al.¡s second protocol [9] consists of four stages.                                                                                     P  ( S _ ID j ) r1 (mod p ) .
They are (1) The system setup stage, (2) The user registration
                                                                                                                                                 Given 1, 2,¡, m, and P, U_SCi computes fi(1), fi(2), ¡,
stage, (3) The login stage, and (4) The server authentication
                                                                                                                                                  fi(m), and fi(P). Then, it constructs message M =
stage. We show them as follows.
                                                                                                                                                  {U_IDi, t, C1, C2, fi(1), fi(2), ¡, fi(m), fi(P)} and sends
   1) The System Setup Stage: CA selects a large number p,                                                                                        it to S j.
                                     *
and publishes a generator g of Z P and an one-way hash                                                                                        4) The Server Authentication Stage: When receiving the
function h(X, Y). CA also selects a secret key S_SKj for server                                                                           authentication message from Ui, Sj obtains current timestamp
Sj and computes Sj¡s public identity as S_ID j = g
                                                                                                               S _ SK j
                                                                                                                          (mod p),        tnow and performs the following steps to verify Ui¡s login
                                                                                                                                          message:
1 ≤ j ≤ m.
                                                                                                                                                 S j checks Ui's identity U_IDi and determines whether
  2) The User Registration Stage: When a new user Ui
                                                                                                                                                  tnow ¡ t < Δ T. If both hold, Sj computes
wants to register at m servers, S1, S 2, ¡, and Sm (in a multi-
                                                                                                                                                               S _ SK j
server system), he and CA together perform the registration                                                                                        P  (C1 )               (mod p) .
process through a secure channel described as follows:
                                                                                                                                                 S j uses the m + 1 points {(1, fi(1)), (2, fi(2)), ¡, (m,
          Ui chooses his identity U_IDi and password U_PWi,                                                                                      fi(m)), (P, fi(P))} from U_IDi to reconstruct the
           and transmits them to CA.                                                                                                              interpolating polynomial
          CA randomly chooses a number r and computes two                                                                                        fi ( X )  a m X          m
                                                                                                                                                                                  a m 1 X   m 1
                                                                                                                                                                                                        a 1X+a 0 (mod N)
           secret keys:
                                                                                                                                                                                                        g C2
            U _ Ri  g r (mod p ) and                                                                                                            S j checks to see whether                                                      1 . If it
                                                                                                                                                                                           ( C 1 )  (U _ R i ) h ( C 1 , t )
            U _ S i  r U _ PW i (mod p ) .                                                                                                      holds, user U i is authentic. Otherwise, Ui is rejected.

          CA supposes that Ui wants to obtain the services of r                                                                          B. Attack
           servers, S1, S 2, ¡ , and Sr. Assume that the service                                                                             We show an impersonation attack on Tsaur et al.¡s second
           periods of r servers are E_Ti1, E_Ti2, ¡, and E_Tir                                                                            protocol. First, an attacker E forges a smart card as follows.
           respectively. The periods of the other servers Sr+1,
           S r+2, ¡, and Sm are all set to zeros. CA then uses Sj¡s                                                                              E enters U_IDi, randomly chooses a password U_PWi(E)
           secret key S_SKj to construct a Lagrange interpolating                                                                                 and a number r(E), and computes two secrets as
           polynomial function fi(X) for Ui as follows:                                                                                                                   (E )

                               m
                                                                                                                                                   U_Ri( E )  g r               (mod p ) and
                                                                                 ( X  U _ ID i )
           fi ( X )        1 (U _ ID i                         E _ T ij )
                                                                             ( S _ SK j  U _ ID i )
                                                                                                                                                                                ( E)
                            j
                                                                                                                                                   U_Si( E )  r U _PWi (mod p) .
                                   m
                                                 ( X  S _ SK k )
                                            ( S _ SK j  S _ SK                               k   )
                                                                                                                                                Though, E does not know each server¡s private key, he
                           k  1, k  j
                                                                                                                                                  knows these servers¡ identities. Therefore, he uses each
                                           m              ( X  S _ SK y )                                                                        server¡s identity to replace the original corresponding
                           U _ Ri        1 (U _ ID i  S _ SK y )
                                         y
                                                                                                                                                  private key in polynomial fi(X) and form another
                                                                                                                                                  polynomial fE(X) as shown in following Equation (4).
                      a m X m  a m 1 X m 1    a1 X  a0 (mod p ) .




                                                                                                                                     18                                           http://sites.google.com/site/ijcsis/
                                                                                                                                                                                  ISSN 1947-5500
                                                                                                                               (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                                                                        Vol. 8, No. 2, 2010
                                  m                                                                                                                          (E)
                                                                                      ( X  U _ ID )                                                                r ( E ) * h ( C1( E ) , t )
           fE (X )              (U _ ID i  E _T ij ) ( S _ ID j  U _ ID i ) 
                                                                          i
                                                                                                                                                      g r1
                                 j 1                                                                                                                   (E)           (E)            (E)
                                                                                                                                                     g r1  r *h ( C1 , t )
                                 m
                                                    ( X  S _ ID k )
                                                                                                                                                  1 (mod p ) ¡¡¡¡¡¡¡¡¡                                         Equation (5)
                            k  1, k  j    ( S _ ID           j    S _ ID k )

                                                        m
                                                                                                                                                                 IV. CONCLUSION
                                           (E )                         ( X  S _ ID y )
                             U _ Ri                 1 (U _ ID i  S _ ID y )
                                                    y
                                                                                                                                              In this paper, we present the security analyses of Tsaur et
                                                                                                                                          al.¡s two smart card based password authentication protocols in
                           m                             m 1                                                                             multi-server environments. Our results show that they are both
         bm X                   bm 1 X                             b1 X  b0 (mod p )                                               vulnerable and suffer from the impersonation attacks which we
        ¡¡¡¡¡¡¡¡¡¡¡¡                                                             ¡¡¡¡                ¡ Equation (4)                       have described in this article.

   In the login stage, when E wants to login to server Sj, he                                                                                                                               REFERENCES
performs the following steps:
          E        gets              timestamp                          t      and            computes                 r(E)    =         [1]    A. K. Awasthi and S. Lal ¡An enhanced remote user authentication
                           ( E ) U _ PWi        (E)                                                                                              scheme using smart cards, ¡ IEEE Trans. Consumer Electron., vol. 50,
           (U _Si )         . Then, it generates a secret random                                                                                 No. 2, pp. 583-586, May 2004.
           number r1(E) and computes C1(E), C2(E) and P(E) as                                                                             [2]    C.K. Chan, L.M. Cheng, ¡ Cryptanalysis of a remote user authentication
                                                                                                                                                 scheme using smarts cards, ¡ IEEE Transactions on Consumer
                                         (E )
            C1
                   (E)
                              g r1              (mod p),                                                                                        Electronics, vol. 46, no 4, pp. 992¡ 993, 2000.
                                                                                                                                          [3]    C.C. Chang, T.C. Wu, ¡Remote password authentication scheme with
                    (E )                (E)              (E)                   (E )                                                              smart cards, ¡ IEE Proceedings-Computers and Digital Techniques, vol.
            C2                 r1              r                  h ( C1           , t ) (mod p), and                                         138, issue 3, pp.165¡ 168, 1991.
                                                      (E )                                                                                [4]    T. Hwang, Y. Chen, and C.S. Laih, ¡Non-interactive password
             P ( E )  ( S _ ID j ) r1                       (mod p ) .                                                                          authentications without password tables, ¡IEEE Region 10 Conference
                                                                                                                                                 on Computer and Communication Systems, IEEE Computer Society, Vol.
          E computes fE(1), fE(2), ¡, fE(m), and fE(P(E)) and                                                                                   1, pp.429¡ 431, 1990.
           sends message M(E) = {U_IDi, t, C1(E), C2(E), fE(1),                                                                           [5]    M.S. Hwang and L.H. Li, ¡A new remote user authentication scheme
           fE(2), ¡, fE(m), fE(P(E))} to the server Sj.                                                                                          using smart cards, ¡ IEEE Transactions on Consumer Electronics, vol.46,
                                                                                                                                                 no.1, pp. 28-30, Feb. 2000.
   After receiving message M(E), S j gets current timestamp tnow.                                                                         [6]    K. C. Leung, L. M. Cheng, A. S. Fong and C. K. Chan, ¡ Cryptanalysis
He then performs the following verification steps to                                                                                             of a modified remote user authentication scheme using smart cards,
authenticate E.                                                                                                                                  ¡ IEEE Trans. Consumer Electron., vol. 49, No. 4, pp. 1243-1245, Nov.
                                                                                                                                                 2003.
          S j checks E's identity U_ID i and determines whether                                                                          [7]    J.J. Shen, C. W. Lin and M. S. Hwang, ¡ A modified remote user
           tnow ¡ t <ΔT. If both hold, Sj computes                                                                                               authentication scheme using smart cards, ¡ IEEE Trans. Consumer
                                                                                                                                                 Electron., vol. 49, No. 2, pp. 414-416, May 2003.
                                           ( E ) S _ SK                                                                                   [8]    W.J. Tsaur, C.C. Wu, W.B. Lee, ¡A smart card -based remote scheme for
               P ( E )  (C 1                       )               j   (mod p).                                                                 password authentication in multi-server Internet services, ¡ Computer
                                                                                                                                                 Standards & Interfaces, Vol. 27, No. 1, pp. 39-51, November 2004.
          S j uses the m + 1 points {(1, fE(1)), (2, fE(2)), ¡, (m,                                                                      [9]    W.J. Tsaur, C.C. Wu, W.B. Lee, ¡An enhanced user authentication
           fE(m)), (P, fE(P))} to reconstruct the interpolating                                                                                  scheme for multi-server Internet services, ¡ Applied Mathematics and
           polynomial                                                                                                                            Computation, Vol. 170, No. 1-1, pp. 258-266, November 2005.
                                                m                            m 1
                                                                                                                                          [10]   G. Yang, D. S. Wong, H. Wang, X. Deng, ¡Two -factor mutual
           f E ( X )  bm X                              b m 1 X                     b1X+b0 (mod p)                                         authentication based on smart cards and passwords¡, Journal of
                                                                                                                                                 Computer and System Sciences, Vol. 74, No. 7, pp.1160-1172,
                                                                                    (E )
                                                                             g C2                                                                November 2008.
          S j verifies if                                                                               (E )
                                                                                                                        1 . If it        [11]   T. Goriparthi, M. L. Das, A. Saxena, ¡An improved bilinear pairing
                                                        (E )                          (E )
                                           (C 1                )  (U _ R i                    ) h (C1          ,t )
                                                                                                                                                 based remote user authentication scheme¡, Computer Standards &
           holds, E is authentic.                                                                                                                Interfaces, Vol. 31, No. 1, pp. 181-185, January 2009.
                                                                                                                                          [12]   I. E. Liao, C. C. Lee, M. S. Hwang, ¡A password authentication scheme
   Obviously, E can pretend as U i successfully. Since that the                                                                                  over insecure networks¡, Journal of Computer and System Sciences, Vol.
computation result of the verification is obviously equal to 1, as                                                                               72, No. 4, pp. 727-740, June 2006.
shown in following Equation (5).                                                                                                          [13]   J. Y. Liu, A. M. Zhou, M. X. Gao, ¡A new mutual authentication scheme
                                                                                                                                                 based on nonce and smart cards¡, Computer Communications, Vol. 31,
                                        (E)
                                                                                                                                                 No. 10, pp. 2205-2209, June 2008.
                                g C2
                                                                                                                                          [14]   H. S. Rhee, J. O. Kwon, D. H. Lee, ¡A remote user authentication
             (E)                           ( E ) h ( C1 ( E ) , t )
       (C1          )  (U _ R i                    )                                                                                            scheme without using smart cards¡, Computer Standards & Interfaces,
                   (E)
                                                                                                                                                 Vol. 31, No. 1, pp. 6-13, January 2009.
                            r ( E ) * h ( C19 E ) , t )
            g r1                                                                                                                          [15]   S. K. Kim , M. G. Chung, ¡More secure remote user authentication
               r1 ( E )        r ( E ) * h ( C1 ( E ) , t )                                                                                     scheme¡, Computer Communications, Vol. 32, No. 6, pp. 1018-1021,
           g               g                                                                                                                    April 2009.




                                                                                                                                     19                                                     http://sites.google.com/site/ijcsis/
                                                                                                                                                                                            ISSN 1947-5500
                                                                        (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                 Vol. 8, No. 2, 2010
[16] Y. Y. Wang, J. Y. Liu, F. X. Xiao, J. Dan, ¡A more efficient and secure
     dynamic ID-based remote user authentication scheme¡, Computer                                                Chun-Hui Huang          is now a graduate
     Communications, Vol. 32, No. 4, pp. 583-585, March 2009.                                                     student at the department of Info.
[17] J. Xu, W. T. Zhu, D. G. Feng, ¡An improved smart card based password                                         Management of Nanhua Univ. in Chiayi,
     authentication scheme with provable security¡, Computer Standards &                                          Taiwan. She is also a teacher at Nantou
     Interfaces, Vol. 31, No. 4, pp. 723-728, June 2009.                                                          County Shuang Long Elementary School in
[18] M. S. Hwang, S. K. Chong, T. Y. Chen, ¡DoS -resistant ID-based                                               Nantou, Taiwan. Her primary interests are
     password authentication scheme using smart cards¡, Journal of Systems                                        data security and privacy, protocol security,
     and Software, Vol. 83, No. 1, pp. 163-172, January 2010.                                                     authentication, key agreement.
[19] C. T. Li, M. S. Hwang, ¡An efficient biometrics-based remote user
     authentication scheme using smart cards¡, Journal of Network and
     Computer Applications, Vol. 33, No. 1, pp. 1-5, January 2010.
[20] D. Z. Sun, J. P. Huai, J. Z. Sun, J. X. Li, J. W. Zhang, Z. Y. Feng,
     ¡Improvements of Juang et al.¡s Password -Authenticated Key
     Agreement Scheme Using Smart Cards¡, IEEE Transactions on                                                  Yalin Chen received her bachelor degree
     Industrial Electronics, Vol. 56, No. 6, pp. 2284-2291, June 2009.                                          in the depart. of computer science and
                                                                                                                information engineering from Tamkang
                                                                                                                Univ. in Taipei, Taiwan and her MBA
                           AUTHORS PROFILE                                                                      degree in the department of information
                                                                                                                management from National Sun-Yat-Sen
                                Jue-Sam Chou received his Ph.D. degree                                          Univ. (NYSU) in Kaohsiung, Taiwan. She
                                in the department of computer science and                                       is now a Ph.D. candidate of the Institute of
                                information engineering from National                                           Info. Systems and Applications of National
                                Chiao Tung Univ. (NCTU) in Hsinchu,                                             Tsing-Hua Univ.(NTHU) in Hsinchu,
                                Taiwan,ROC. He is an associate professor                                        Taiwan. Her primary research interests are
                                and teaches at the department of Info.                                          data security and privacy, protocol security,
                                Management of Nanhua Univ. in Chiayi,               authentication, key agreement, electronic commerce, and wireless
                                Taiwan. His primary research interests are          communication security.
                                electronic commerce, data security and
                                privacy, protocol security, authentication,
                                key agreement, cryptographic protocols, E-
                                commerce protocols, and so on.




                                                                               20                                 http://sites.google.com/site/ijcsis/
                                                                                                                  ISSN 1947-5500