Ijettcs 2012 12 14 034

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 1, Issue 4, November December 2012 ISSN 2278-6856
A Noble Remote User Authentication Protocol Based on Smart Card Using Hash Function
Deepchand Ahirwal1, Prof. Sandeep Raghuwanshi2
Scholar M.Tech, Information Technology, Samrat Ashok Technological Institute, Vidisha (M. P.), India Assistant Professor, Information Technology, Samrat Ashok Technological Institute, Vidisha (M. P.), India Abstract- The security issues are always raised for remote
authentication service. Smart card based authentication protocol is best suited for authenticate legitimate user. Developing secure authentication protocol is a strong challenge. There are many potential attacks that are targeted at authentication such as insider attack, offline password guessing attack, masquerade attack, server spoofing attack, and parallel session attack. Recently many previous proposed schemes are fail to resist these attacks. In this paper we introduce a remote authentication protocol that provides secure mutual authentication process and session key agreement. Our proposed protocol is providing better security to resist all possible attacks. In this protocol, we use low computing cost hash function and random nonce. We use random nonce to avoid complexity of time synchronization. The proposed protocol is efficient and practical. It is easy to adapt in low-weight devices like the subscriber identity module.
2 1
Keywords: - Authentication, Network cryptanalysis, smart card, hash function.
security,
1. INTRODUCTION
Smart card based remote user authentication is a mechanism to authenticate the legitimate user. Smart card based remote user authentication is mechanism to authenticate the legitimate user by using of smart. In Smart cards memory, some secret information has stored such as identification or password related information of user. In 1986, Lamport [12] introduced first remote user authentication with using of password verification table. In Lamport schemes [12] user has unique identification and password for verifying as legitimate user. This password table takes lot of maintenance cost and unsecure to insider attack. And verification table has risks of being modified by the adversary and the size of the password verification table is directly proportional to the number of user and management of huge table increase load in the server. To avoid storing the password in the server verification table and sends in the plain text form in the insecure network system. In 2000, Hwang and Li [14] proposed a remote user authentication using smart card is based on ElGamals Volume 1, Issue 4 November - December 2012
public key scheme. This proposed protocol withstands replay attack by using time stamp T in login massage. In 2000, Chi and Cheng [2] cryptanalysis Hwang and Li [14] scheme, and found this scheme does not to resist impersonate attack. A legitimate user can impersonate other valid user to use his ID and PW without knowing the secret key. So this scheme was not suitable for secure remote authentication. In 2004, M.L.Das [15] proposed a dynamic ID-based remote user authentication protocol. This protocol use one-way hash function to protect the secret information and symmetric encryption function to encrypt the messages. But D. Giri [4] has analyzed that Dass [15] protocol is vulnerable the offline/ online password guessing attack and weak password change phase. Later, Rafael M. [17] point out the Dass protocol is not secure against insider attack, masquerade attack, server spoofing attack. In Dass [15] protocol, if the attack is legal user. He can extract h (x) secret key from Ai in smart card. Once he obtains secret key h (x), he tries to get other legitimate users PW and also act as masquerade as legal user. While in 2005 H.Y. Chien and Chen et al. [9] point out that in das et al.s protocol user Ui sends the data (Cid, Ni, Ci, T) to the remote server. In each login request, although the Cid dynamically changes every time, the value Ni is same and unique to each user. So that das et al protocol failed to protect the user antonymic. H. Y. Chien and Chen et al. [9] Also proposed a mutual authentication protocol to preserve user anonymity based on modular exponentiation. This efficient is low. In 2007 L. I. Hu [11] found the Chien and Chens [9] protocol is vulnerable to strong masquerade user or server attack, insider attack, replay attack and denial of service attacks and improved it to avoid these weakness. In 2009, J. Xu et al. [10] presented an authentication protocol using such non-tamper resistant smart card based on costly modular exponentiation. However R. Song [18] point out J. Xu et al. [10]s protocol is vulnerable to the user impersonation attack. In 2010, he introduced a new and more secure authentication protocol based on symmetric key cryptosystem and modular exponentiation. However W. B. Horng -Cheng [21] demonstrates that R. Song et al. Page 62

[18] protocol is vulnerable to the offline password guessing, insider attack, denial-of service and proposed protocol does not provide perfect forward secrecy for session keys. In 2011, E.J Yoon and K.Y Yoo [5] demonstrated that Z. Jias [25] remote authentication protocol is vulnerable to insider attack, forgery attack and server spoofing attack. They point out Jias protocol does not provide mutual authentication between user and server. Moreover In 2011, Li and Cheng Lee [3] present a robust remote user authentication protocol using smart card. They claim that their proposed protocol is providing better authentication process and resistance to all possible attacks. But in this protocol is not provide security to the denial-of-service attack. In this article, we shall present a secure ID-based remote authentication protocol with mutual authentication and session key agreement. Moreover our protocol provides the user to choose and change their password by their own choice. In contrast, the propose protocol can resist parallel session attack, server spoofing attack, masquerade attack, insider attack, Further provides security analysis to compare with other published protocol. By performance analysis, the propose protocol is shown to be very efficient both in the storage and computation cost. The reminder of the article is organized as fallows. In section 2, we briefly discuss the Wang, Liu and Xiaos [20] protocol and its drawback. In Section 3 we Introduce our secure ID-based user authentication protocol, and we discuss the security analysis in session 4, compare the performance and efficiency of the propose protocol with other related protocol in session 5.and finally concludes the paper in Section 6. phases in his protocol: registration phase, login Phase, verification phase and password change phase. The four phases of Wang et al.s protocol are described below. 1. Registration Phase In the registration phase, the user Ui chooses her own IDi and sends it to the remote server S. After S receives Uis message, S performs the following Steps: Step1. S chooses a password PWi for Ui and computes Ni = h (PWi) h(x) IDi, in which x is the servers long term secret. Step2. S prepares a smart card for Ui by storing [h (), Ni, y] in it. y is the servers secret number which is stored in every users smart card. Step3. S sends PWi and the smart card to Ui using the secure channel. S Ui: PWi and the smart card. 2. Login Phase: When Ui needs to access her data stored at the server, she invokes the login phase. Ui inserts her smart card into a card reader and enters her password PWi, and then the smart card performs the following steps: Step1. The smart card computes a dynamic IDi: CIDi = h (PWi) h (Ni y T) IDi, In which T is the current date and time. Step2. The smart card sends IDi, CIDi, Ni and T to the server. SCi S: IDi, CIDi, Ni, T. 3. Verification Phase
2. REVIEW OF Y. WANG LIU AND XIAOS PROTOCOL

Y. Wang, J. Liu and F. Xiao proposed a dynamic IDbased remote user authentication protocol in 2009 [20]. Wang et al.s authentication protocol is based on the security analysis of M. Das protocol. They point out that the authentication protocol proposed in M. Dass protocol [15] is vulnerable to masquerade attacks and lacks mutual authentication. Wang et al.s protocol can prevent these two vulnerabilities and is also very efficient [20]. Common notations Y.Wang, J. Liu, and F. Xiao denoted the user by U, the users identity by ID, the users password by PW, and server by S. Let h () be a cryptographic one way hash function. Exclusive-or (XOR) operation on two binary strings is denoted by and the operation of binary string concatenation is denoted by ||. Finally, two types of channels are used. One of them is a common channel and other one is a secure channel. Wangs has used four Volume 1, Issue 4 November - December 2012
When S receives the login message from Ui at time T, she parses it into the form {IDi, CIDi, Ni, T} and then performs the following steps: Step1. S checks whether T T T. If it doesnt hold, then S directly rejects the users login request. Step2. S computes h (PWi) = CIDi h (Ni y T) IDi. Step3. S computes IDi= Ni h(x) h (PWi) and checks whether IDi is equal to IDi. If IDi is not equal to IDi, then S rejects the users login request; otherwise, S accepts the users login request. Step4. S computes a = h (h (PWi) y T) and sends (a, T) to Ui. When Ui receives the message (a, T) from S at time T, Ui verifies the identity of S, which contains the following step: 1. Ui checks whether T T T. If it doesnt hold, then Ui recognizes the reply as invalid. Otherwise Ui, Page 63

computes a = h (h (PWi) y T) and compares it with a'. If a = a, Ui confirms that S is valid. 4. Password Change Phase: In Wang et al.s protocol, the user doesnt need to send her new password to the remote server during the password change phase. When the user wants to change his/her password from PWi to PWnew, he/she inserts the smart card into the card reader and enters both PWi and PWnew. Then the smart card computes Ni*= Ni h (PWi) h (PWnew) and replaces Ni with Ni*. (2) Since Ui already knows his own IDi and PWi, he computes Z = Ni h (PWi) IDi = h(x). Once Ui gets y and h(x), he gets the ability to perform the verification phase with other users by masquerading as the server, because the verification phase performs secret operations using only h(x) and y. Ui can even pretend to be the server during the registration phase, because he knows the value of h(x) and y. So we can see the server masquerade attack is easy to carry out. 3. The password change phase of Wang et al.s protocol is not secure. It allows an adversary who gets a lost smart card to change the value of Ni to another one, which causes denial of service to the legal user. This is also a security hole of Wang et al.s protocol. From the above analysis, we know that Wang et al.s protocol is vulnerable to these attacks. In the following section, we propose a security enhanced protocol, which does not suffer these attacks.
3. SECURITY ANALYSIS OF WANG ET AL.S PROTOCOL

In this section we point out that Wang et al.s [20] protocol is vulnerable to password guessing attack and server masquerade attack. In addition, the password change phase in Wang et al.s protocol is not securing either [10]. 1. Password Guessing Attack The login phase and verification phase of Wang et al.s protocol use a common channel. So the adversary can eaves-drop the common channel and obtain messages from it. Once the adversary gets a lost smart card, he can obtain y from it. y is the servers secret which is stored in every users smart card. Now the adversary tries to eavesdrop the common channel between Ui and S. By eavesdropping, the adversary can get the login message from Ui to S, which contains IDi, CIDi, Ni and T, in which CIDi = h (PWi) h (Ni y T) IDi. Then the password guessing attack is carried out with the following steps: (1) The adversary computes Xi = h (Ni y T) from Ni, y and T. (2) The adversary computes Yi = CIDi Xi IDi = h (PWi). (3) The adversary picks a random PW*, computes h (PW*) and compares h (PW*) with h (PWi). If they are equal, then due to the collision resistance of one way hash function, the adversary concludes that PW* is Uis password. If they are not equal, then the adversary picks another password candidate and performs the same operations, until he finds the correct password. Because most passwords are chosen to be easy to remember, these have low entropy. This attack can be played efficiently. 2. Server Masquerade Attack In the attack described below, the adversary is just a normal user who is very curious of the servers secret h(x). This attack can be carried out by any single user without interactions with the server. As we cannot ensure all the users are honest, this type of attack must be prevented. The user carries out the attack by the following steps: (1) The user Ui gets the contents from the smart card by power analysis. So Ui gets y and Ni = h (PWi) h(x) IDi. Volume 1, Issue 4 November - December 2012
4. PROPOSED PROTOCOL
In this section, we present a smart card based secure remote user authentication protocol. In proposed protocol we use one-way hash function, bitwise exclusive OR operation and random generate nonce. This protocol has four phases: 1- Registration phase, 2-Login phase, 3authentication phase and 4- password change phase. The notations use in proposed protocol and phases are described below. The notations used throughout summarized as follows: Ui IDi PWi S Xs h () Ni, Nj this article are
A remote user Identity of Ui Password chosen by Ui Authentication server Permanent secret key of S One way hash function Bitwise XOR operation Concatenation Random nonce generated by Ui and S respectively
Registration phase In this phase User Ui wants to submit his/her identity IDi and password PWi to server Si via a secure channel to register himself/herself. Before send these information registration authority computes PWi to h (PWi) and send IDi and h (PWi) as a registration request to the server Si. Upon receiving the registration request from user Ui, the server Si computes two parameters Ai, Bi related to his request. Step1-Server computes Ai = h (X) Bi = Ai h (IDi || h (PWi)) Page 64

The server S issues a smart card to user Ui by storing {Ai, Bi, h ()} into smart card memory. The smart card is delivered to user Ui through a secure channel. Login phase The user Ui wants access some service on remote server Si. This phase provides the facility of a secure login request to server Si. User Ui inserts smart card into a card reader and submits in IDi* and PWi*. Step 2- Firstly, the card reader computes Bi* = Ai h (IDi* || h (PWi*)) And checks whether Bi (stored in the smart card memory) and Bi' are equal or not. If yes, user Ui is a legitimate bearer of the smart card. Step3- Then the card reader generates a nonce Ni and computes. Zi = Ni Ai, Ci = h (PWi*) h (AiNi), Di = h (PWi*) Ai, Ei = h (DiNiBi) And send the login request message {IDi, Ci, Ei, Zi} to the server S. Authentication phase Upon receiving the login request message {IDi, Ci, Ei, Zi}; server S first checks the validity of IDi to accept/reject the login request. If it is true, Step 1- Then the server S computes Ai = h (Xs), Ni = Zi Ai, h (PWi') = Ci h (AiNi), Di' = h (PWi') Ai, Bi' = Ai h (IDi'h (PWi')), Ei' = h (Di'NiBi') And checks whether Ei and Ei' are equal or not. If they are not equal then rejects the login request. If true, Step 2- Then the server S generates a nonce Nj and computes Zj = Nj Ai, Fi = h (AiBi'NiNj) And send the message {Fi, Zj} to the user Ui. After receiving the message {Fi, Zj} from server S, the card reader performs following computations. Step 3- The card reader computes Volume 1, Issue 4 November - December 2012 Page 65 Password change phase This phase is invoked whenever user Ui wants to change the password PWi with a new password PWinew. User Ui inserts the smart card to the card reader and keys in IDi' and PWi' and requests to change password. Nj = Zj Ai, Fi' = h (AiBi'NiNj) And checks whether Fi and Fi' are equal or not. If yes, server S is authentic otherwise terminate the session. Step 4- Then the user Ui computes Gi = h (AiNjBi') And send the message {Gi} to the server S. After receiving the message {Gi} from user Ui, server S computes Gi' = h (AiNjBi') and checks whether Gi and Gi' are equal or not. If yes, Step 5- The user Ui is authentic and mutual authentication is achieved otherwise terminate the session. After mutual authentication, both the parties compute the session key SK = h (DiNiNjBi').
Figure 1 Data Flow Diagram for proposed protocol

Step 1- The card reader computes Bi' = Ai h (IDi'h (PWi')) and checks whether Bi and Bi' are equal or not. If yes, user Ui is a legitimate bearer of the smart card otherwise reject the request. Step 2- Then the reader asks the user Ui to input new password PWinew. After entering the new password, the reader calculates Binew = Ai h (IDi'h (PWinew)) and replaces Bi with Binew in the smart card memory. SECURITY PROTOCOL ANALYSIS OF PROPOSED Ci = h (PWi') h(AiNi) (DiNiBi') Zi = Ni Ai Fi = h (AiBi'NiNj) Hence the proposed protocol is secure against parallel session attack. 5. Resistance to Replay AttackSuppose attacker intercepts the login request massage {IDi, Ci, Ei, Zi} from User U, and can replay the same massage to server, it is useless because the card reader used the random nonce value Ni in each new login request, Zi = Ni Ai Zi makes the dynamic and different login massage for same user for different login request. Hence the proposed protocol is secure against massage replay attack 6. Resistance to Offline password guessing Attack In the proposed protocol, if an adversary wants to guess the password. It can be prove to be impossible. The adversary can guess ID and PW correctly at the same time. It is not possible to guess out two parameters correctly at the same time. An adversary cannot guess valid ID and PW for computes Ai = h (Xs) and Bi* = Ai h (IDi || h (PWi)) Because it is impossible to guess right ID and PW in same time. Server Secret Key Xs protect with one-way function h (.), which computationally infeasible to invert. If attacker know users ID, its cannot extract h (ID h (PW)) without knowing server secret key. 7. Leak of Server secret key Unfortunately, if Server secret key X is prevail from Server S. The attacker cannot retrieve ID and PW from Ai = h (Xs) Bi* = Ai h (IDi || h (PWi)) Because of using one-way function h (), Server can easily change and modify its secret key X, and restore again in smart card. Ei = h Zj = Nj Ai
1. Resistance to Stolen smart card AttackIn case a legitimate user losses his/her smart card. The adversary cannot use this card without knowing the valid password, and if adversary extracts information in its memory {Ai, Bi}. He cannot retrieve ID and PW, because it is computationally infeasible to invert the one-way hash function h (.) and without knowing the Server secret key X. It is not possible to guess out two parameters (ID and PW) correctly at the same time. Therefore the proposed protocol is secure against stolen smart card attack. 2. Resistance to Denial-of- serviceIn the proposed protocol, an adversary can used to invalid ID and PW, and wants to send login request massage continuously to keep server busy. It leads to denial-of-service attack. But he cannot send login request massage because in login phase, smart card reader checks the verification of smart card and correct password. Bi* = Ai h (IDi* || h (PWi*)) And check (Bi = Bi*) Bi stores in smart card. Therefore, its also resistance to denial-of service. 3. Resistance to Insider AttackIf a privileged insider of the Server Si obtains the smart cards secret information {Ai, Bi} from user Ui. He cannot extract sensitive information like {ID, PW,} from Bi. Bi = Ai h (ID || h (PW)), Because it is computationally infeasible to invert the oneway hash function h (.) and also he cannot extract Bi without the knowing of ID and PW. 4. Resistance to Parallel Session AttackIf the attacker can masquerade as legitimate user Ui by a replaying a login request massage { IDi, Ci, Ei, Zi } within the valid time frame window But attacker cannot compute the knowledge massage { Fi, Zj } because knowledge massage does not contains any information to construct next process. Volume 1, Issue 4 November - December 2012
5. THE PERFORMANCE EFFICIENCY COMPARISON
AND
In this section, we compare performance analysis of the proposed protocol with related protocol in terms of storage capacity and computation cost. The computation costs are focus on the registration, login and Page 66

authentication phases. In our proposed protocol, we use the lightweight hash function and exclusive OR operation. It is usually take very low computation cost. We use SHA-1 to implement our protocol. The output sizes of each hash value of secret information is 160 bits long, time stamps are 40 bits length, and identity is 32 bits length. So the users smart card memory needs 320(2*160) bits and server require only 160 bits to store the secret key X. Table 1 shows the storage capacity of our proposed protocol with other related protocol. comparison of our proposed protocol with related protocol. Our protocol takes little more computation in authentication phase to compare to R.Song et al. [18], Wang et al. [20], and Yoon. Yoo et al [6]. Because our proposed provides more security against parallel session attack, server spoofing attack, replay attack. Moreover, the security comparison of the proposed protocol with the relevant authentication protocol is summarized in Table 3. Resistance to / Protocol Our Protoc ol Yes Yes Yes Yes Yes Yes Yes Yes Yes R.Song et al. [18] No Yes No No No Yes No Yes Yes Wang et al. [20] Yes No Yes Yes No No No No weak Yoon Yoo et. al [6] No No No Yes No Yes No No Yes
Table 1.Comparision of storage capacity

Storage capacity (Bits) Smart Card Server Our protocol 320 160 R.Song et al. [18] 320 480 Wang et al. [20] 320 320 Yoon. Yoo et al. [6] 480 320
In terms of computation cost, it is defined as the total time of various operation executed in registration, login, and authentication phases. We denote the execution time for one-way hash function HT, and exclusive OR operation require very low execution time as compare to one-way hash function. So it is does consider its computation cost. Same related protocol use the modular exponential operation denotes as MT. the time complexity associated. This takes more execution time to perform modular operations. Table 2. Comparsion of computation cost. Computatio n cost in phases Registration Login Authenticati on Mutual authenticati on Session key
Our protocol R.Song et al. [18] Wang et al. [20]
1 HT 1 HT 3 HT
Insider attack Masquerade attack Parallel session attack Replay attack Offline password attack Secure password change process Denial of service Session key generation and agreement Mutual Authentication
Yoon. Yoo et al[6]

2 HT 2 HT 3 HT
6. CONCLUSION
This paper point out that the protocols proposed by Yoon and Yoo [6], H.T. Liaw [7], M.S. Hwang and Lee [13], M.K. Das [15], R. Song [18], Y. Wang [20], Zhuo Hao [26] are not secure enough against some weaknesses. We showed that their protocols are vulnerable to denial-of service attacks, forgery attacks, insider attacks, password guessing, parallel session attacks, server spoofing, forward Security, replay attacks, and stolen verifier attacks. All necessary requirements and withstands the various aforementioned attacks, we present our proposed smart card based secure remote authentication protocol in section 3. Our proposed protocol resists most current possible attacks that show on security analysis in section 4. In section 5, the performance analysis of our protocol is shown in terms of computation cost and storage capacity. We use one-way hash function in our research. This is most suitable to use in cryptography, because it is low cost, not reversible and two different parameters cannot have same hash value. Because it provides better authentication mechanisms. In future, we suggest more secure and efficient authentication protocol using smart Page 67
2 HT 4 HT 5 HT
1HT +1MT 3 HT 3 HT +1MT
1 HT
1 HT
1 HT
1 HT
1 HT
1 HT
No
No
The proposed protocol requires little more and same computation cost to comparison other related protocol. Because of our protocol is resistance to various attacks and same security enhancement. Most related protocols do not satisfy various requirements such as denial-of service, mutual authentication, secure session key agreement. Table 2 shows the computation cost Volume 1, Issue 4 November - December 2012

card whose computational cost is very low and resists to all possible attacks. REFERENCES [1] B. Schneier, Applied cryptography protocols, algorithms and source code in C: second edition, John Wiley & Sons Inc, 1995 [2] Chi - Kwong and Cheng, cryptanalysis of a remote user authentication scheme using smart card, IEEE Transaction on Consumer Electronic Vol.46, No.4, 11, 2000. [3] Chun-Ta Li and Cheng-Chi Lee, 2011 a robust remote user authentication scheme using smart card, Information Technology and Control,Vol.40,No.3 [4] Debasis Giri and P.D.Srivastava, Crpytoanalysis and Improvement of a remote user authentication scheme using smart card, ISECS 2008, IEEE 978-07695-3258-5/08, 2008 [5] Eun-Jun Yoon, and Kee-Young Yoo, 2011, Three Attacks on Jia et al.s Remote User Authentication Scheme using Bilinear Pairings and ECC, World Academy of Science, Engineering and Technology 60 (JULY 2011). [6] E.Yoon and Yoo, More efficient and secure remote user authentication scheme using smart card, in proceeding of 11th international conference on Parallel and Distributed System,2005,pp.73-77 [7] H. T. Liaw, F. Lin, and W. C. Wu, "An efficient and complete remote user authentication scheme using smart cards, Math. Computer Model, Elsevier vol. 44, no. 1-2, pp. 223-228, 2006. [8] Huang Kai, Ou Qingyu, Cryptanalysis of a remote user authentication scheme IEEE 978-14244-3693-4/09, 2009 [9] H.Y. Chien and C.H. Chen, 2005A remote authentication scheme preserving user anonymity, proc. advanced information networking and application, vol.2.pp 245-248, march. [10] J. Xu, W.-T. Zhu and D.G. Feng, An improved smart card based password authentication scheme with provable security, Computer Standards & Interfaces, vol. 31, no. 4, pp. 723 728, 2009. [11] L. I. Hu, X.X. Niu, and Y.X. Yang, 2007 Weaknesses and improvements of a remote user authentication scheme using smart cards, The Journal of China Universities of Posts and Telecommunications, vol. 14, pp. 91-94. [12] L. Lamport, 1981 Password authentication with insecure communication. Communications of the ACM, vol.24, no.11, , pp 770-772. [13] M. S. Hwang, C. C. Lee, and Y. L. Tang, A simple remote user Authentication scheme, Mathematical and Computer Modeling, 36, pp. 103 107, 2002. [14] M. S. Hwang and L.H.Li. A new remote user authentication scheme using smart card, In IEEE Transaction on consumer Eleclronic,vol.40, no 1, 2000, pp 28-30 [15] M.L. Das, A.Saxena and V.P. Gulati,A Dynamic ID-based remote user authentication scheme, IEEE Transaction on consumer Eleectronice, vol. 50,2004, pp. 629-631 [16] Ou Qingyu Huang Kai, Cryptanalysis and improvement of a remote user authentication scheme IEEE 978-0-7695-3804- 4/09, 2009 [17] Rafael M., F. Rico-Novella, Improvement of the Dynamic ID-based Remote User authentication scheme IEEE 978-0-9564263-8/03, 2010 [18] R. Song. Advanced smart card based password authentication Protocoll. Computer Standards & Interfaces, Volume 32, Issue 4, June 2010, Pages 321-325. [19] Sandeep K. Sood, Anil K.Sarje and Kuldip Singh, "Secure dynamic identity-based remote user authentication scheme", Distributed Computing and Internet Technology, Lecture Notes in Computer Science, vol. 5966,2010, pp. 224-235. [20] Y. Wang, J. Liu, F. Xiao, and J. Dan, A more efficient and secure dynamic id-based remote user authentication scheme,Comput. Commun., vol. 32, no. 4, pp. 583585, 2009. [21] W.B. Horng and Cheng p Lee, Security weaknesses of songs Advanced smart card based Password authentication Protocol.IEEE trans. Computer, vol.978-4244-6789 1/10, 2010 [22] William Stallings. Cryptography and Network Security, 4/E Prentice Hall. [23] X. Duan, J. Liu, and Q. Zhang, Security improvement on chien et al.s remote user authentication scheme using smart cards, in Computational Intelligence and Security, 2006 International Conference on, vol. 2, pp. 11331135, Nov. 2006. [24] Y. Lee, J. Nam, and D. Won, Vulnerabilities in a remote agent authentication scheme using smart cards , N. T. Nguyen et al. (eds.) KESAMSTA 2008, LNAI 4953, pp. 850-857, SpringerVerlag Berlin Heidelberg 2008. [25] Z. Jia, Y. Zhang, H. Shao, Y. Lin and J. Wang 2006, A remote user authentication scheme using bilinear pairings and ECC, Proceeding Of 6th International Conference on Intelligent Systems Page 68
Volume 1, Issue 4 November - December 2012

Design and Applications (ISDA06), Vol.2, Oct., pp. 1091-1094. [26] Zhuo Hao, Nenghai Yu, A Security Enhanced remote user authentication scheme using smart card International Symp. On Data, privacy, and Ecommerce ISDPE, IEEE 978-0-7695-4203-4/10, 2010
Volume 1, Issue 4 November - December 2012
Page 69

Ijettcs 2012 12 14 034

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ijettcs 2012 12 14 034

Uploaded by

Copyright:

Available Formats

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Keywords: - Authentication, Network cryptanalysis, smart card, hash function.

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

2. REVIEW OF Y. WANG LIU AND XIAOS PROTOCOL

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

3. SECURITY ANALYSIS OF WANG ET AL.S PROTOCOL

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Figure 1 Data Flow Diagram for proposed protocol

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

5. THE PERFORMANCE EFFICIENCY COMPARISON

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Table 1.Comparision of storage capacity

Yoon. Yoo et al[6]

1HT +1MT 3 HT 3 HT +1MT

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Volume 1, Issue 4 November - December 2012

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Volume 1, Issue 4 November - December 2012

You might also like