An Efficient and Secure Smart Card Based Authentication Scheme

Chien Ming Chen; Bin Xiang; King Hang Wang; Yong Zhang; Tsu Yang Wu

doi:10.3966/160792642019072004011

An Efficient and Secure Smart Card Based Authentication Scheme

Chien Ming Chen
, Bin Xiang
, King Hang Wang
, Yong Zhang
, Tsu Yang Wu^*

^*Corresponding author for this work

Department of Computer Science

Research output: Contribution to journal › Journal article › peer-review

10 Citations (Scopus)

Abstract

Remote user authentication schemes are helpful to provide authenticity between users and a remote server in network-based services. In order to meet the security requirements, many related schemes have been proposed. Recently, Moon et al. proposed a smart card based three-factor authentication scheme and claimed that the scheme prevented various attacks. However, just in the same year, Li et al. suggested a new insider attack scenario and pointed out that Moon et al.’s scheme suffers from a user anonymity violation attack, a user impersonation attack, and a server masquerade attack under this scenario. In this study, it is demonstrated that without the new attack scenario, Moon et al.’s scheme is still insecure against a traceability attack, an offline identity-guessing attack, an impersonation attack, and a man-in-the-middle attack. Based on Moon et al.’s scheme, a new three-factor authenticated key agreement scheme is proposed. The proposed scheme is validated by widely accepted BAN logic. In addition, the proposed scheme can satisfy various types of functional features and prevent various security attacks.

Original language	English
Pages (from-to)	1113-1124
Number of pages	12
Journal	Journal of Internet Technology
Volume	20
Issue number	4
DOIs	https://doi.org/10.3966/160792642019072004011
Publication status	Published - Jul 2019

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 16 Peace, Justice and Strong Institutions

User-Defined Keywords

Authentication key agreement
BAN logic
Biometric
Elliptic-curve cryptosystem
Smart card

Access to Document

10.3966/160792642019072004011

Cite this

@article{8d89396339164a96b160e958a645b412,

title = "An Efficient and Secure Smart Card Based Authentication Scheme",

abstract = "Remote user authentication schemes are helpful to provide authenticity between users and a remote server in network-based services. In order to meet the security requirements, many related schemes have been proposed. Recently, Moon et al. proposed a smart card based three-factor authentication scheme and claimed that the scheme prevented various attacks. However, just in the same year, Li et al. suggested a new insider attack scenario and pointed out that Moon et al.{\textquoteright}s scheme suffers from a user anonymity violation attack, a user impersonation attack, and a server masquerade attack under this scenario. In this study, it is demonstrated that without the new attack scenario, Moon et al.{\textquoteright}s scheme is still insecure against a traceability attack, an offline identity-guessing attack, an impersonation attack, and a man-in-the-middle attack. Based on Moon et al.{\textquoteright}s scheme, a new three-factor authenticated key agreement scheme is proposed. The proposed scheme is validated by widely accepted BAN logic. In addition, the proposed scheme can satisfy various types of functional features and prevent various security attacks.",

keywords = "Authentication key agreement, BAN logic, Biometric, Elliptic-curve cryptosystem, Smart card",

author = "Chen, \{Chien Ming\} and Bin Xiang and Wang, \{King Hang\} and Yong Zhang and Wu, \{Tsu Yang\}",

note = "The work of Yong Zhang was supported in part by the Science \& Technology Plan Projects of Shenzhen (JCYJ20170302145623566). The work of Tsu-Yang Wu was supported in part by the Natural Science Foundation of Fujian Province under Grant no.2018J01636 and the Science and Technology Development Center, Ministry of Education, China under Grant no. 2017A13025. Publisher Copyright: {\textcopyright} 2019 Taiwan Academic Network Management Committee. All rights reserved.",

year = "2019",

month = jul,

doi = "10.3966/160792642019072004011",

language = "English",

volume = "20",

pages = "1113--1124",

journal = "Journal of Internet Technology",

issn = "1607-9264",

publisher = "Taiwan Academic Network Management Committee",

number = "4",

}

TY - JOUR

T1 - An Efficient and Secure Smart Card Based Authentication Scheme

AU - Chen, Chien Ming

AU - Xiang, Bin

AU - Wang, King Hang

AU - Zhang, Yong

AU - Wu, Tsu Yang

N1 - The work of Yong Zhang was supported in part by the Science & Technology Plan Projects of Shenzhen (JCYJ20170302145623566). The work of Tsu-Yang Wu was supported in part by the Natural Science Foundation of Fujian Province under Grant no.2018J01636 and the Science and Technology Development Center, Ministry of Education, China under Grant no. 2017A13025. Publisher Copyright: © 2019 Taiwan Academic Network Management Committee. All rights reserved.

PY - 2019/7

Y1 - 2019/7

N2 - Remote user authentication schemes are helpful to provide authenticity between users and a remote server in network-based services. In order to meet the security requirements, many related schemes have been proposed. Recently, Moon et al. proposed a smart card based three-factor authentication scheme and claimed that the scheme prevented various attacks. However, just in the same year, Li et al. suggested a new insider attack scenario and pointed out that Moon et al.’s scheme suffers from a user anonymity violation attack, a user impersonation attack, and a server masquerade attack under this scenario. In this study, it is demonstrated that without the new attack scenario, Moon et al.’s scheme is still insecure against a traceability attack, an offline identity-guessing attack, an impersonation attack, and a man-in-the-middle attack. Based on Moon et al.’s scheme, a new three-factor authenticated key agreement scheme is proposed. The proposed scheme is validated by widely accepted BAN logic. In addition, the proposed scheme can satisfy various types of functional features and prevent various security attacks.

AB - Remote user authentication schemes are helpful to provide authenticity between users and a remote server in network-based services. In order to meet the security requirements, many related schemes have been proposed. Recently, Moon et al. proposed a smart card based three-factor authentication scheme and claimed that the scheme prevented various attacks. However, just in the same year, Li et al. suggested a new insider attack scenario and pointed out that Moon et al.’s scheme suffers from a user anonymity violation attack, a user impersonation attack, and a server masquerade attack under this scenario. In this study, it is demonstrated that without the new attack scenario, Moon et al.’s scheme is still insecure against a traceability attack, an offline identity-guessing attack, an impersonation attack, and a man-in-the-middle attack. Based on Moon et al.’s scheme, a new three-factor authenticated key agreement scheme is proposed. The proposed scheme is validated by widely accepted BAN logic. In addition, the proposed scheme can satisfy various types of functional features and prevent various security attacks.

KW - Authentication key agreement

KW - BAN logic

KW - Biometric

KW - Elliptic-curve cryptosystem

KW - Smart card

UR - https://www.scopus.com/pages/publications/85071729853

U2 - 10.3966/160792642019072004011

DO - 10.3966/160792642019072004011

M3 - Journal article

AN - SCOPUS:85071729853

SN - 1607-9264

VL - 20

SP - 1113

EP - 1124

JO - Journal of Internet Technology

JF - Journal of Internet Technology

IS - 4

ER -

An Efficient and Secure Smart Card Based Authentication Scheme

Abstract

UN SDGs

User-Defined Keywords

Access to Document

Other files and links

Fingerprint

Cite this