An Enhanced Remote User Authentication Scheme

Abstract

Remote user authentication schemes are used to verify the legitimacy of remote users’ login request. Recently, several dynamic user authentication schemes have been proposed. It can be seen that, these schemes have weaknesses because of using timestamps. The implement of strict and safe time synchronization is very difficult and increases network overhead. In this paper, we propose a new dynamic user authentication based on nonce. Mutual authentication is performed using a challenge-response handshake between user and server, and it avoids the problems of synchronism between smart card and the remote server. Besides, the scheme provides user’s anonymity and session key agreement. Finally, the security analysis and performance evaluation show that the scheme can resist several attacks, and our proposal is feasible in terms of computation cost and communication cost.

Share and Cite:

Yang, X. , Cui, X. , Cao, Z. and Hu, Z. (2014) An Enhanced Remote User Authentication Scheme. Engineering, 6, 261-267. doi: 10.4236/eng.2014.66030.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] Lamport, L. (1981) Password Authentication with Insecure Communication. Communications of the ACM, 24, 770772.
http://dx.doi.org/10.1145/358790.358797
[2] Yoon, E.J., Ryu, E.K. and Yoo, K.Y. (2004) Further Improvement of an Efficient Password Based Remote User Authentication Scheme Using Smart Cards. IEEE Transactions on Consumer Electronics, 50, 612-614.
http://dx.doi.org/10.1109/TCE.2004.1309437
[3] Tina, X., Zhu, R.W. and Wong, D.S. (2007) Improved Efficient Remote User Authentication Schemes. International Journal of Network Security, 4, 149-154.
[4] Yang, L. and Ma, J.F. (2011) Trusted Mutual Authentication Scheme with Smart Cards and Passwords. Journal of University of Electronic Science and Technology of China, 4, 128-133.
[5] Das, M.L., Saxena, A. and Gulati, P. (2004) A Dynamic Id-Based Remote User Authentication Scheme. IEEE Transactions on Consumer Electronics, 50, 629-631.
http://dx.doi.org/10.1109/TCE.2004.1309441
[6] Wang, Y.Y., Liu, J.Y., Xiao, F.X. and Dan, J. (2009) A More Efficient and Secure Dynamic Id-Based Remote User Authentication Scheme. Computer Communications, 32, 583-585.
http://dx.doi.org/10.1016/j.comcom.2008.11.008
[7] Khan, M.K., Kim, S.K. and Alghathbar, K. (2011) Cryptanalysis and Security Enhancement of a More Efficient & Secure Dynamic ID-Based Remote User Authentication Scheme. Computer Communications, 34, 305-309.
http://dx.doi.org/10.1016/j.comcom.2010.02.011
[8] Kocher, P., Jaffe, J. and Jun, B. (1999) Differential Power Analysis. Lecture Notes in Computer Science, 1666, 388397.
[9] Messerges, T.S., Dabbish, E.A. and Sloan, R.H. (2002) Examining Smart-Card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers, 51, 541-552.
http://dx.doi.org/10.1109/TC.2002.1004593

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.