SlideShare una empresa de Scribd logo

A secure modification to hsiang shih’s scheme

IAEME Publication
IAEME Publication
TecnologíaEmpresariales
1 de 8
Descargar para leer sin conexión
International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 77 A SECURE MODIFICATION TO HSIANG-SHIH’S SCHEME Mohd Zainulabedin Hasan Department of Computer Science, Asifia College of Engineering and Technology, Chintulla(V), Yacharam(M), R.R Dist. Mohd Ubaidullah Shareef Department of computer science, Asifia College of Engineering and Technology, Chintulla(V), Yacharam(M), R.R Dist. ABSTRACT The proposal schemes of Hsiang and Shih for the remote User authentication scheme using smart card they arrogate that their schemes guarded against parallel session attack, and password guessing attacks, in this paper, we proposed that Hsiang and Shih’s schemes are still vulnerable to off- line password guessing attacks and indiscernible on-line password guessing attacks. The scenario will be same in which the user loss smart card as in the schemes of Hsian and shih’s. This proposal is a secure modification and beat the security flaws in the Hsiang and Shih’s remote user authentication schemes using smart cards Keywords— Smart Card, Cryptanalysis, authentication, Security, I. INTRODUCTION As the spontaneous spread of communication network technology, it is extremely important to watch keen view to developing security concerns As such , password-based authentication has become one of the best practically applied techniques used to problem-solve regarding various applications in wireless environments and other remote authentication systems. In 1981, Lamport [13] proposed the first password-based remote authentication scheme for identifying a legal user using a hash-chain technique through insecure communication. In our scheme, all secret passwords are stored in a verifier’s table that is maintained by the remote server; in a situation such as this, there exists a potential threat such that all maintained records might be modified by attackers. In order to solve these problems, numerous undertakings in research [1-10, 12, 14-19] have been executed during recent years. INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND TECHNOLOGY (IJARET) ISSN 0976 - 6480 (Print) ISSN 0976 - 6499 (Online) Volume 4, Issue 3, April 2013, pp. 77-84 © IAEME: www.iaeme.com/ijaret.asp Journal Impact Factor (2013): 5.8376 (Calculated by GISI) www.jifactor.com IJARET © I A E M E
International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 78 In 1990, Hwang et al. [10] proposed a non-interactive password authentication scheme without password tables using smart cards. Follow up research [1, 2, 8, 11, 13, 16, 17] has also been proposed. Because these schemes suffered from a susceptibility to ID-theft attack, an attacker could forge a legal user using an eavesdropped users’ identity documentation. Yoon et al. [20], in 2004, proposed an efficient password based remote user authentication scheme using smart cards that has significant advantages; most notably, the remote server does not need to maintain a verifier’s table. However, in 2009, Hsiang and Shih [6] pointed out that Yoon et al.’s scheme still exhibited several weaknesses. For example, it is susceptible to parallel session attacks, masquerade attacks and password guessing attacks. Nevertheless, according to my cryptanalysis, Hsiang and Shih’s scheme still has notable weaknesses to off-line password guessing attacks and undetectable on-line guessing attack. Moreover, the smart-card-based schemes suffered in contexts involving a lost smart card. In fact, some researches [11, 15] reveal the stored parameters of smart card. Therefore, I propose an improved scheme to overcome all of the security weaknesses mentioned above. The rest of this paper is organized as follows. Section 2 provides a brief review of the weakness of Yeh et al.’s schemes. Section 3 provides details of the proposed scheme. Section 4 provides a security analysis of my scheme. Section 5 shows a security and performance comparison with related research. We provide conclusions in the last section. II. REVIEW OF HSIANG AND SHIH’S SCHEME In this section, we briefly describe Hsiang and Shih’s scheme [6], which consists of four phases: the registration phase, the login phase, the authentication phase, and the password change phase. The notation of this paper is listed as follows: U : the user S : the remote server Tu,Ts : the timestamps ID : the user’s identity PWD : the user’s password x : the secret key of remote server b : random numbers Nu, Ns : nonces h(·) : a one-way hash function : Bitwise exclusion operation || : concatenation operation X = Y : determine X if equal to Y A. Registration phase In this phase, U initially registers, or re-registers, to S and the steps are described as follows: Step 1: U selects a random number b and computes h(b PWD). He or she then securely send ID, h (PWD) and h (b PWD) to S. Step 2: S creates a new entry with a value m=0 for U in the database or sets m=m+1 in the existing entry. Here, m denotes the number of times of re-registering to S for each user U. Next, S computes EID, P, R and V: EID = (ID || m) (1) P = h(EID x) (2) R = P h(b PWD) (3) ?
International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 79 V = h (P h (PWD)) (4) Then, S securely issues a smart card containing V, R, h(·) to U. Step 3: Finally, U enters a random number b into his or her smart card. B. Login phase When U wants to login S, the following steps will be performed: Step 1: U inserts his or her smart card into the card reader and then enters the ID and PWD. Step 2: U’s smart card computes C1, C2: C1 = R h( b PWD ) (5) C2= h( C1 Tu ) (6) And sends the authentication request messages (ID, Tu, C2) to S. C. Authentication phase Upon receiving the request messages (ID, Tu, C2), the remote server S and the smart card perform the following steps: Step 1: S first checks the validity of h(ID) and Ts > Tu. If it does not hold, S rejects U’s login request; otherwise, S computes h(h(EID x) Tu), and compares it with C2: h(h(EID x) Tu )=? C2 (7) If the Eq. (7) holds, S accepts U’s login request and computes C3: C3 =h(h(EID x) h(Ts)) (8) otherwise, S rejects it. Continuously, S sends the response messages (Ts, C3) to U. Step 2: According the received messages (Ts, C3), U’s smart card checks the validity of Ts > Tu. If it does not hold, U terminates the session; otherwise, U computes h(C1 h(Ts)) and compares it with C3: h(C1 h(Ts ))=? C3 (9) If the Eq. (9) holds, U successfully authenticates S. D. Password change phase In this phase, U intends to exchange his or her password PWD with a new one PWDnew. The steps are described as follows: Step 1: U inserts his or her smart card into the card reader, enters ID and PWD, and then requests a password change. Step 2: U’s smart card computes P*, V* and compares V* with the stored V: P* = R h(b h( (PWD))) (10) V * = h(P* h( (PWD))) (11) V *=?V (12) If Eq. (12) does not hold, the smart card rejects the request; otherwise, U inputs the new password PWDnew. Afterward, U’s smart card computes Rnew and Vnew as follows: Rnew=P* h(b h( (PWDnew))) (13) Vnew=h(P* h( (PWD))) (14) then, replaces R and V with Rnew and Vnew, respectively.
International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 80 III.WEAKNESS OF HSIANG AND SHIH’S SCHEME Although Hsiang and Shih’s scheme was an improved version of Yoon et al.’s scheme [20], several security weaknesses still exist. These susceptibilities include: off-line password guessing attacks and undetectable on-line password guessing attacks. We describe these attacks as follows. A. Off-line password guessing attacks This involves a situation where a user’s smart card was stolen by an attacker A, and where A uses the stolen smart card to extract the secret parameters b and R [11, 15]. Continuously, A can use the previously eavesdropped messages (ID, Tu, C2) or (Ts, C3) to obtain U’s password PWD according to the following steps: Step 1: First, an attacker a guesses a password PWDA and computes counterfeit messages CA1 or CA2 for comparison with the intercepted messages C2 or C3, as follows: CA1=h(R (b PWDA) Tu) (15) CA1=? C2 (16) Or CA2=h(R (b PWDA) h(Ts)) (17) CA2? =C3 (18) If the Eq. (16) or (18) holds, the attacker A guessed the correct PWD; otherwise, A can retry step 1 until the Eq. (16) or (18) be held. Therefore, A can guess the correct PWD to change the user’s password. Refer to the password change phase. B. Undetectable on-line password guessing attacks This refers to upon subsection, where an attacker A is able to extract the secret parameters b and R through the stolen smart card. As with the previously eavesdropped messages (ID, Tu, C2), A can guess the U’s password as follows: Step 1: A guesses a possible password PWDA and computes a value following Eq. (15) CA1 with a timestamp TA. A then computes counterfeit messages (ID, TA, CA1) to send to the server S. Step 2: After receiving the messages, S first checks the timestamp Ts > TA. Continuously, S computes h(h(EID x) TA) to compare the received value CA1. If both of them are equal, then PWDA is U’s correct password. Then, S accepts this login request and sends the messages (Ts, C3) to A. Step 3: According to the received messages, A can recognize that the correct password has been guessed; otherwise, A retries the above attack procedures until obtaining the correct password. IV.OUR IMPROVED SCHEME In the context of Hsiang and Shih’s remote user authentication scheme, the server’s secret key is compromised by a malicious legal user. Therefore, we have designed a scheme with two unknown factors to protect each parameter in the smart card. Our remediable schemes consist of four phases: the registration phase, the login phase, the authentication phase, and the password change phase. We describe these phases in the following subsection.
International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 81 A. Registration phase Step 1: The user U chooses a password and then submits the registration messages (ID, h(PWD)) to the remote server S via a secure channel. Step 2: When S receives the registration messages from U, S first generates a nonce Ns and uses ID and h(PWD) to compute three values P, R and V: P=h(x) ( (ID) Ns) (24) V=h(ID h(x) Ns)) (25) R= h(x |Ns) h(( PWD)) (26) Afterward, S issues the smart card with parameters P, R, V and h(·) to U through a secure channel. B. Login phase If U wants to login S, he or she first insert his or her own smart card into a card reader or the terminal. Then, U enters his or her ID and PWD. The smart card performs the following steps: Step 1: The smart card uses PWD and R to compute a value h(x||Ns)' and calculate V' to compare with V: h(x ||N )' =R||h ( (PWD)) (27) V ' = h( ID||h(x Ns) ') (28) V ' = V (29) If Eq. (29) holds, the smart card generates a nonce Nu and computes messages C1 and C2; otherwise, the login request is rejected: C1= R h( (PWD)) Nu (30) C2 =h (h(ID) Nu) (31) Step 2: Finally, the smart card sends login request messages (P, C1, C2) to S. C. Authentication phase Upon receiving the login request (P, C1, C2), S has to perform the following steps to authenticate U: Step 1: S uses the received value P and its secret key x to obtain (ID' and Ns'): (ID' Ns ')= P || h(x) (32) Afterward, S computes Nu' to check if the authentication message C2 is valid or not: Nu'=C1||h(x Ns') (33) h (h (ID') Nu ')?= C2 (34) If Eq. (34) holds, S confirms that U is a legal user and responds a message C3 to U: C3=h (ID ' Nu') (35) Otherwise, S rejects the login request. Step 2: When receiving the response C3, U first verifies whether the message is valid or not: h(ID Nu )?= C3 (36) If the Eq. (36) holds, U confirms that S is valid. Therefore, U and S can correctly authenticate each other. D. Password change phase In this phase, if a U wants to change his or her password, he or she will perform the following steps: Step 1: U inserts his or her smart card into a card reader or the terminal, and then enters the ID and the original PWD.
International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 82 Step 2: According to Eqs. (28) and (29), the smart card examines the validity of ID and PWD and compares V' with the stored V. If this holds, U is allowed to key in a new password PWDnew; otherwise, the smart card rejects the password change request. Step 3: The smart card calculates R': R'=R||h ( (PWD)) ||h( (PWD new)) = h(x Ns) h ( (PWD new)) (37) And replaces the old value R with the new R'. Thus, the password has been successfully changed without the participation of remote server S. V. SECURITY ANALYSIS In this section, we will discuss the security of our improved scheme and demonstrate how it is more secure than previous schemes. A. Mutual authentication In our improved scheme, the server authenticates the user by checking the message C2. If server’s computed value (h(ID')||Nu') is equal to C2, the server proves that the user is valid. Then, server sends message C3 to the user. The user also compares C3 with his or her computation value h(ID||Nu). If both of them are equal, the user confirms that the server is legitimate. Since the secret value h(x||Ns) is shared between user and server, they can authenticate each other with the login messages (P, C1, C2) and the reply message C3. Hence, mutual authentication obtains in our improved scheme. B. Smart card lost According to our improved scheme, if an attacker A obtains a legal user U’s smart card somehow, they cannot obtain any parameter without the user’s password; even if A extracts the parameters P, R, and V (see Eqs. (24)-(26)) from the smart card, they still cannot obtain any sensitive information (such as ID, PWD, Ns or the server’s secret key x) with those parameters. Notably, A does not know U’s correct password and each parameter are always protected by two unknown factors of the smart card. Therefore, no one can use the stolen smart card to obtain authentication without U’s correct password and identity. C. Password guessing attacks This situation involves an attacker A obtaining the U’s smart card and intercepting previous messages. In this case, A intends to guess the U’s PWD from the stored parameter R of the smart card and must know the secret key x and the nonce Ns to compute similar parameters for comparison with parameter R. On the other hand, A can use R and the intercepted P to compute similar messages (P, C1', C2') and send it to S in an attempt to guess U’s PWD. As A has two unknown values, ID and PWD, it is difficult to successfully complete this password guessing attack. D. Replay attack In our improved scheme, we use a nonce mechanism to prevent the replay attack and to solve the synchronization problem. When an attacker intends to replay the previous messages (P, C1, C2) to achieve authentication, they cannot as the nonce value Nu is different in each session. For this reason, the attacker cannot achieve authentication using previous messages. VI.PERFORMANCE ANALYSIS Recently researchers [6, 20] have generally only considered one unknown factor for each parameter; this is why their schemes were compromised and have become susceptible to various attacks. However, our improved scheme always consists of two unknown factors within each communication to meet more stringent security requirements. It can be clearly observed that our
International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 83 scheme is more secure than those proposed by others. Generally speaking, the computation cost of our scheme is comparable to Hsiang and Shih’s scheme. However, our scheme can defend against all of the attacks discussed herein more effectively than all previous attempts. We compare the security requirements and computation costs with Hsiang and Shih’s scheme in Tables 1 and 2, respectively. VII. CONCLUSIONS In this paper, we have proposed an improved scheme that consistently protects each secret parameter with two unknown factors in the smart card; thus, an attacker cannot obtain any sensitive information, even if he or she is a malicious legal user. Most notably, our scheme not only addresses more stringent security requirements and protects against known types of attacks, it also reduces computation costs more effectively than Hsiang and Shih’s scheme. Therefore, our scheme holds substantial value in the context of numerous applications in various network environments. TABLE 1. Security Comparision Between Other Related Researches And Ours Yoon et al.’s scheme [20] Hsiang and Shih’s scheme [6] Ours Mutual authentication Yes Yes Yes Solve clock synchronization problem No No Yes Solve smart card lost problem No No Yes Prevention of undetectable online password guessing attacks No No Yes Prevention of offline password guessing attacks No No Yes Prevention of replay attacks No No Yes Table 2. Performance Comparision Between Other Related Researches And Ours Yoon et al.’s scheme [20] Hsiang and Shih’s scheme [6] Ours Registration phase 2H + 3Xor 4H + 4Xor 4H + 2Xor Login and authentication phase 6H + 7Xor 8H + 7Xor 10H + 4Xor Password change phase 6H + 6Xor 6H + 6Xor 3H + 2Xor Total 14H + 16Xor 18H + 17Xor 17H + 8Xor
International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 84 REFERENCES [1] A. K. Awasthi, and S. Lal, “A remote user authentication scheme using smart cards with forward secrecy,” IEEE Transactions on Consumer Electronics, Vol. 49, No. 4, pp. 1246-1248, 2003. [2] C.Chang, and K. F.Hwang, “Some forgery attacks on a remote user authentication scheme using smart cards,” Informatics, Vol. 14, No. 3, pp. 289-294, 2003. [3] H. Y. Chien, and C. H. Chen, “A remote authentication scheme preserving user anonymity,” In: Proceedings of the 19th International Conference on Advanced Information Networking and Applications, pp. 245-248, 2005. [4] Y. Ding, and Horster, P., “Undetectable on-line password guessing attacks,” ACM SIGOPS Operating Systems Review, Vol. 29, No. 4, pp. 77-86, 1995. [5] X. Duan, J.W.Liu, and Q. Zhang, “Security improvement on Chienet al.’s remote user authentication scheme using smart cards,” In: Proceedings of the IEEE International Conference on Computational Intelligence and Security, pp. 1133-1135, 2006. [6] H.C.Hsiang, and W.K. Shih, “Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards,” Computer Communications, Vol. 32, No. 4, pp. 649-652, 2009. [7] M. S.Hwang, S. K.Chong, and T. Y.Chen, “DoS-resistant ID-based password authentication scheme using smart cards,” Journal of Systems and Software, Vol. 83, No. 1, pp. 163-172, 2010. [8] M. S.Hwang, C. C. Lee, and Y. L. Tang, “A simple remote user authentication scheme,” Mathematical and Computer Modelling, Vol. 36 No. 1-2, 103-107, 2002. [9] M. S. Hwang, and L. H. Li, “A new remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, 2000. [10] T. Hwang, Y. Chen, and C. S. Laih, “Non-interactive password authentication without password tables,” In: Proceedings of IEEE Region 10 Conference on Computer and Communication Systems, pp. 429-431, 1990. [11] P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” In: Advances in Cryptology: Proceedings of CRYPTO 99, LNCS 1666, pp. 388-397, 1999. [12] W. C. Ku, and S. M. Chen, “Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, pp. 204-207, 2004. [13] L.Lamport, “Password authentication with insecure communication,” ACM Communications, Vol. 24, No. 11, pp. 770-772, 1981. [14] C. C. Lee, M. S.Hwang, and W. P. Yang, “A flexible remote user authentication scheme using smart cards,” ACM Operating Systems Review, Vol. 36, No. 3, pp. 46-52, 2002. [15] T. S.Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smartcard security under the threat of power analysis attacks,” IEEE Transactions on Computers, Vol. 51, No. 5, 541-552, 2002. [16] M. Misbahuddin, M. A. Ahmed, and M. H. Shastri, “A simple and efficient solution to remote user authentication using smart cards,” Innovations in Information Technology, pp. 1-5, 2006. [17] H. M. Sun, ”An efficient remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, 958-961, 2000. [18] J. J. Shen, C. W.Lin and M. S. Hwang, “A modified remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 49, No. 2, pp. 414-416, 2003. [19] Natasa Zivic, “Soft Verification of Message Authentication Codes” International Journal Of Electronics And Communication Engineering &Technology (IJECET) Volume 3, Issue 1, 2012, pp. 262 - 285, ISSN Print: 0976- 6464, ISSN Online:0976 –6472. [20] Revathi Venkataraman, K.Sornalakshmi, M.Pushpalatha, T.Rama Rao, “Implementation Of Authentication And Confidentiality In Wireless Sensor Network” International Journal Of Computer Engineering & Technology (IJCET) Volume 3, Issue 2, 2012, pp. 553 - 560, ISSN PRINT : 0976 – 6367, ISSN ONLINE : 0976 – 6375

Recomendados

EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME WITH ...
EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME WITH ...EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME WITH ...
EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME WITH ...IJNSA Journal
 
FPGA Based Decimal Matrix Code for Passive RFID Tag
FPGA Based Decimal Matrix Code for Passive RFID TagFPGA Based Decimal Matrix Code for Passive RFID Tag
FPGA Based Decimal Matrix Code for Passive RFID TagIJERA Editor
 
Low cost data acquisition from digital caliper to pc
Low cost data acquisition from digital caliper to pcLow cost data acquisition from digital caliper to pc
Low cost data acquisition from digital caliper to pceSAT Publishing House
 
Low cost data acquisition from digital caliper to pc
Low cost data acquisition from digital caliper to pcLow cost data acquisition from digital caliper to pc
Low cost data acquisition from digital caliper to pceSAT Journals
 
Review on vibration analysis with digital image processing
Review on vibration analysis with digital image processingReview on vibration analysis with digital image processing
Review on vibration analysis with digital image processingIAEME Publication
 
A survey of day of the month effect in world stock markets 2
A survey of day of the month effect in world stock markets 2A survey of day of the month effect in world stock markets 2
A survey of day of the month effect in world stock markets 2IAEME Publication
 
Reactive power aspects in reliability assessment of power systems
Reactive power aspects in reliability assessment of power systemsReactive power aspects in reliability assessment of power systems
Reactive power aspects in reliability assessment of power systemsIAEME Publication
 
Effect of different types of steel fibers with metakaolin & fly
Effect of different types of steel fibers with metakaolin & flyEffect of different types of steel fibers with metakaolin & fly
Effect of different types of steel fibers with metakaolin & flyIAEME Publication
 

Recomendados

EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME WITH ...
EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME WITH ...EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME WITH ...
EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME WITH ...IJNSA Journal
 
FPGA Based Decimal Matrix Code for Passive RFID Tag
FPGA Based Decimal Matrix Code for Passive RFID TagFPGA Based Decimal Matrix Code for Passive RFID Tag
FPGA Based Decimal Matrix Code for Passive RFID TagIJERA Editor
 
Low cost data acquisition from digital caliper to pc
Low cost data acquisition from digital caliper to pcLow cost data acquisition from digital caliper to pc
Low cost data acquisition from digital caliper to pceSAT Publishing House
 
Low cost data acquisition from digital caliper to pc
Low cost data acquisition from digital caliper to pcLow cost data acquisition from digital caliper to pc
Low cost data acquisition from digital caliper to pceSAT Journals
 
Review on vibration analysis with digital image processing
Review on vibration analysis with digital image processingReview on vibration analysis with digital image processing
Review on vibration analysis with digital image processingIAEME Publication
 
A survey of day of the month effect in world stock markets 2
A survey of day of the month effect in world stock markets 2A survey of day of the month effect in world stock markets 2
A survey of day of the month effect in world stock markets 2IAEME Publication
 
Reactive power aspects in reliability assessment of power systems
Reactive power aspects in reliability assessment of power systemsReactive power aspects in reliability assessment of power systems
Reactive power aspects in reliability assessment of power systemsIAEME Publication
 
Effect of different types of steel fibers with metakaolin & fly
Effect of different types of steel fibers with metakaolin & flyEffect of different types of steel fibers with metakaolin & fly
Effect of different types of steel fibers with metakaolin & flyIAEME Publication
 
Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...
Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...
Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...IJECEIAES
 
7317ijcis01
7317ijcis017317ijcis01
7317ijcis01ijcisjournal
 
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...IJNSA Journal
 
PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD
PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARDPRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD
PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARDijcisjournal
 
New Blind Muti-signature Schemes based on ECDLP
New Blind Muti-signature Schemes based on ECDLP New Blind Muti-signature Schemes based on ECDLP
New Blind Muti-signature Schemes based on ECDLP IJECEIAES
 
Text Encryption and Decryption Technique using Columnar Transposition and Sub...
Text Encryption and Decryption Technique using Columnar Transposition and Sub...Text Encryption and Decryption Technique using Columnar Transposition and Sub...
Text Encryption and Decryption Technique using Columnar Transposition and Sub...IRJET Journal
 
Au33270273
Au33270273Au33270273
Au33270273IJERA Editor
 
Au33270273
Au33270273Au33270273
Au33270273IJERA Editor
 
Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...
Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...
Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...ijtsrd
 
1893 1896
1893 18961893 1896
1893 1896Editor IJARCET
 
1893 1896
1893 18961893 1896
1893 1896Editor IJARCET
 
Low Power Elliptic Curve Digital Signature Design for Constrained Devices
Low Power Elliptic Curve Digital Signature Design for Constrained DevicesLow Power Elliptic Curve Digital Signature Design for Constrained Devices
Low Power Elliptic Curve Digital Signature Design for Constrained DevicesCSCJournals
 
Hd3512461252
Hd3512461252Hd3512461252
Hd3512461252IJERA Editor
 
UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEM
UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEMUML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEM
UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEMcscpconf
 
A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...eSAT Journals
 
A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...eSAT Journals
 
IRJET - Hostile to Rigging Voting System using Finger Print
IRJET - Hostile to Rigging Voting System using Finger PrintIRJET - Hostile to Rigging Voting System using Finger Print
IRJET - Hostile to Rigging Voting System using Finger PrintIRJET Journal
 
Wic2010b
Wic2010bWic2010b
Wic2010bHai Nguyen
 
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
 
An efficient implementation for key management technique using smart card and...
An efficient implementation for key management technique using smart card and...An efficient implementation for key management technique using smart card and...
An efficient implementation for key management technique using smart card and...ijctcm
 
IAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdfIAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdfIAEME Publication
 
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...IAEME Publication
 

Más contenido relacionado

Similar a A secure modification to hsiang shih’s scheme

Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...
Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...
Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...IJECEIAES
 
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...IJNSA Journal
 
PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD
PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARDPRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD
PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARDijcisjournal
 
New Blind Muti-signature Schemes based on ECDLP
New Blind Muti-signature Schemes based on ECDLP New Blind Muti-signature Schemes based on ECDLP
New Blind Muti-signature Schemes based on ECDLP IJECEIAES
 
Text Encryption and Decryption Technique using Columnar Transposition and Sub...
Text Encryption and Decryption Technique using Columnar Transposition and Sub...Text Encryption and Decryption Technique using Columnar Transposition and Sub...
Text Encryption and Decryption Technique using Columnar Transposition and Sub...IRJET Journal
 
Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...
Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...
Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...ijtsrd
 
Low Power Elliptic Curve Digital Signature Design for Constrained Devices
Low Power Elliptic Curve Digital Signature Design for Constrained DevicesLow Power Elliptic Curve Digital Signature Design for Constrained Devices
Low Power Elliptic Curve Digital Signature Design for Constrained DevicesCSCJournals
 
UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEM
UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEMUML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEM
UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEMcscpconf
 
A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...eSAT Journals
 
A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...eSAT Journals
 
IRJET - Hostile to Rigging Voting System using Finger Print
IRJET - Hostile to Rigging Voting System using Finger PrintIRJET - Hostile to Rigging Voting System using Finger Print
IRJET - Hostile to Rigging Voting System using Finger PrintIRJET Journal
 
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
 
An efficient implementation for key management technique using smart card and...
An efficient implementation for key management technique using smart card and...An efficient implementation for key management technique using smart card and...
An efficient implementation for key management technique using smart card and...ijctcm
 

Similar a A secure modification to hsiang shih’s scheme (20)

Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...
Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...
Cryptanalysis on Privacy-aware Two-factor Authentication Protocol for Wireles...
 
7317ijcis01
7317ijcis017317ijcis01
7317ijcis01
 
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUT...
 
PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD
PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARDPRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD
PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD
 
New Blind Muti-signature Schemes based on ECDLP
New Blind Muti-signature Schemes based on ECDLP New Blind Muti-signature Schemes based on ECDLP
New Blind Muti-signature Schemes based on ECDLP
 
Text Encryption and Decryption Technique using Columnar Transposition and Sub...
Text Encryption and Decryption Technique using Columnar Transposition and Sub...Text Encryption and Decryption Technique using Columnar Transposition and Sub...
Text Encryption and Decryption Technique using Columnar Transposition and Sub...
 
Au33270273
Au33270273Au33270273
Au33270273
 
Au33270273
Au33270273Au33270273
Au33270273
 
Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...
Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...
Deaf Sign Language using Automatic Hand Gesture Robot Based on Microcontrolle...
 
1893 1896
1893 18961893 1896
1893 1896
 
1893 1896
1893 18961893 1896
1893 1896
 
Low Power Elliptic Curve Digital Signature Design for Constrained Devices
Low Power Elliptic Curve Digital Signature Design for Constrained DevicesLow Power Elliptic Curve Digital Signature Design for Constrained Devices
Low Power Elliptic Curve Digital Signature Design for Constrained Devices
 
Hd3512461252
Hd3512461252Hd3512461252
Hd3512461252
 
UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEM
UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEMUML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEM
UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEM
 
A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...
 
A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...A performance comparison of proposed approach of multiserver authentication a...
A performance comparison of proposed approach of multiserver authentication a...
 
IRJET - Hostile to Rigging Voting System using Finger Print
IRJET - Hostile to Rigging Voting System using Finger PrintIRJET - Hostile to Rigging Voting System using Finger Print
IRJET - Hostile to Rigging Voting System using Finger Print
 
Wic2010b
Wic2010bWic2010b
Wic2010b
 
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...
 
An efficient implementation for key management technique using smart card and...
An efficient implementation for key management technique using smart card and...An efficient implementation for key management technique using smart card and...
An efficient implementation for key management technique using smart card and...
 

Más de IAEME Publication

IAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdfIAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdfIAEME Publication
 
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...IAEME Publication
 
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURSA STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURSIAEME Publication
 
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURSBROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURSIAEME Publication
 
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONSDETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONSIAEME Publication
 
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONSANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONSIAEME Publication
 
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINOVOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINOIAEME Publication
 
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...IAEME Publication
 
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMYVISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMYIAEME Publication
 
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...IAEME Publication
 
GANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICEGANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICEIAEME Publication
 
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...IAEME Publication
 
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...IAEME Publication
 
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...IAEME Publication
 
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...IAEME Publication
 
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...IAEME Publication
 
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...IAEME Publication
 
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...IAEME Publication
 
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...IAEME Publication
 
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENTA MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENTIAEME Publication
 

Más de IAEME Publication (20)

IAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdfIAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdf
 
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
 
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURSA STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
 
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURSBROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
 
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONSDETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
 
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONSANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
 
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINOVOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
 
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
 
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMYVISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
 
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
 
GANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICEGANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICE
 
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
 
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
 
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
 
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
 
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
 
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
 
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
 
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
 
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENTA MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
 

Último

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Último (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

A secure modification to hsiang shih’s scheme

  • 1. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 77 A SECURE MODIFICATION TO HSIANG-SHIH’S SCHEME Mohd Zainulabedin Hasan Department of Computer Science, Asifia College of Engineering and Technology, Chintulla(V), Yacharam(M), R.R Dist. Mohd Ubaidullah Shareef Department of computer science, Asifia College of Engineering and Technology, Chintulla(V), Yacharam(M), R.R Dist. ABSTRACT The proposal schemes of Hsiang and Shih for the remote User authentication scheme using smart card they arrogate that their schemes guarded against parallel session attack, and password guessing attacks, in this paper, we proposed that Hsiang and Shih’s schemes are still vulnerable to off- line password guessing attacks and indiscernible on-line password guessing attacks. The scenario will be same in which the user loss smart card as in the schemes of Hsian and shih’s. This proposal is a secure modification and beat the security flaws in the Hsiang and Shih’s remote user authentication schemes using smart cards Keywords— Smart Card, Cryptanalysis, authentication, Security, I. INTRODUCTION As the spontaneous spread of communication network technology, it is extremely important to watch keen view to developing security concerns As such , password-based authentication has become one of the best practically applied techniques used to problem-solve regarding various applications in wireless environments and other remote authentication systems. In 1981, Lamport [13] proposed the first password-based remote authentication scheme for identifying a legal user using a hash-chain technique through insecure communication. In our scheme, all secret passwords are stored in a verifier’s table that is maintained by the remote server; in a situation such as this, there exists a potential threat such that all maintained records might be modified by attackers. In order to solve these problems, numerous undertakings in research [1-10, 12, 14-19] have been executed during recent years. INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND TECHNOLOGY (IJARET) ISSN 0976 - 6480 (Print) ISSN 0976 - 6499 (Online) Volume 4, Issue 3, April 2013, pp. 77-84 © IAEME: www.iaeme.com/ijaret.asp Journal Impact Factor (2013): 5.8376 (Calculated by GISI) www.jifactor.com IJARET © I A E M E
  • 2. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 78 In 1990, Hwang et al. [10] proposed a non-interactive password authentication scheme without password tables using smart cards. Follow up research [1, 2, 8, 11, 13, 16, 17] has also been proposed. Because these schemes suffered from a susceptibility to ID-theft attack, an attacker could forge a legal user using an eavesdropped users’ identity documentation. Yoon et al. [20], in 2004, proposed an efficient password based remote user authentication scheme using smart cards that has significant advantages; most notably, the remote server does not need to maintain a verifier’s table. However, in 2009, Hsiang and Shih [6] pointed out that Yoon et al.’s scheme still exhibited several weaknesses. For example, it is susceptible to parallel session attacks, masquerade attacks and password guessing attacks. Nevertheless, according to my cryptanalysis, Hsiang and Shih’s scheme still has notable weaknesses to off-line password guessing attacks and undetectable on-line guessing attack. Moreover, the smart-card-based schemes suffered in contexts involving a lost smart card. In fact, some researches [11, 15] reveal the stored parameters of smart card. Therefore, I propose an improved scheme to overcome all of the security weaknesses mentioned above. The rest of this paper is organized as follows. Section 2 provides a brief review of the weakness of Yeh et al.’s schemes. Section 3 provides details of the proposed scheme. Section 4 provides a security analysis of my scheme. Section 5 shows a security and performance comparison with related research. We provide conclusions in the last section. II. REVIEW OF HSIANG AND SHIH’S SCHEME In this section, we briefly describe Hsiang and Shih’s scheme [6], which consists of four phases: the registration phase, the login phase, the authentication phase, and the password change phase. The notation of this paper is listed as follows: U : the user S : the remote server Tu,Ts : the timestamps ID : the user’s identity PWD : the user’s password x : the secret key of remote server b : random numbers Nu, Ns : nonces h(·) : a one-way hash function : Bitwise exclusion operation || : concatenation operation X = Y : determine X if equal to Y A. Registration phase In this phase, U initially registers, or re-registers, to S and the steps are described as follows: Step 1: U selects a random number b and computes h(b PWD). He or she then securely send ID, h (PWD) and h (b PWD) to S. Step 2: S creates a new entry with a value m=0 for U in the database or sets m=m+1 in the existing entry. Here, m denotes the number of times of re-registering to S for each user U. Next, S computes EID, P, R and V: EID = (ID || m) (1) P = h(EID x) (2) R = P h(b PWD) (3) ?
  • 3. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 79 V = h (P h (PWD)) (4) Then, S securely issues a smart card containing V, R, h(·) to U. Step 3: Finally, U enters a random number b into his or her smart card. B. Login phase When U wants to login S, the following steps will be performed: Step 1: U inserts his or her smart card into the card reader and then enters the ID and PWD. Step 2: U’s smart card computes C1, C2: C1 = R h( b PWD ) (5) C2= h( C1 Tu ) (6) And sends the authentication request messages (ID, Tu, C2) to S. C. Authentication phase Upon receiving the request messages (ID, Tu, C2), the remote server S and the smart card perform the following steps: Step 1: S first checks the validity of h(ID) and Ts > Tu. If it does not hold, S rejects U’s login request; otherwise, S computes h(h(EID x) Tu), and compares it with C2: h(h(EID x) Tu )=? C2 (7) If the Eq. (7) holds, S accepts U’s login request and computes C3: C3 =h(h(EID x) h(Ts)) (8) otherwise, S rejects it. Continuously, S sends the response messages (Ts, C3) to U. Step 2: According the received messages (Ts, C3), U’s smart card checks the validity of Ts > Tu. If it does not hold, U terminates the session; otherwise, U computes h(C1 h(Ts)) and compares it with C3: h(C1 h(Ts ))=? C3 (9) If the Eq. (9) holds, U successfully authenticates S. D. Password change phase In this phase, U intends to exchange his or her password PWD with a new one PWDnew. The steps are described as follows: Step 1: U inserts his or her smart card into the card reader, enters ID and PWD, and then requests a password change. Step 2: U’s smart card computes P*, V* and compares V* with the stored V: P* = R h(b h( (PWD))) (10) V * = h(P* h( (PWD))) (11) V *=?V (12) If Eq. (12) does not hold, the smart card rejects the request; otherwise, U inputs the new password PWDnew. Afterward, U’s smart card computes Rnew and Vnew as follows: Rnew=P* h(b h( (PWDnew))) (13) Vnew=h(P* h( (PWD))) (14) then, replaces R and V with Rnew and Vnew, respectively.
  • 4. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 80 III.WEAKNESS OF HSIANG AND SHIH’S SCHEME Although Hsiang and Shih’s scheme was an improved version of Yoon et al.’s scheme [20], several security weaknesses still exist. These susceptibilities include: off-line password guessing attacks and undetectable on-line password guessing attacks. We describe these attacks as follows. A. Off-line password guessing attacks This involves a situation where a user’s smart card was stolen by an attacker A, and where A uses the stolen smart card to extract the secret parameters b and R [11, 15]. Continuously, A can use the previously eavesdropped messages (ID, Tu, C2) or (Ts, C3) to obtain U’s password PWD according to the following steps: Step 1: First, an attacker a guesses a password PWDA and computes counterfeit messages CA1 or CA2 for comparison with the intercepted messages C2 or C3, as follows: CA1=h(R (b PWDA) Tu) (15) CA1=? C2 (16) Or CA2=h(R (b PWDA) h(Ts)) (17) CA2? =C3 (18) If the Eq. (16) or (18) holds, the attacker A guessed the correct PWD; otherwise, A can retry step 1 until the Eq. (16) or (18) be held. Therefore, A can guess the correct PWD to change the user’s password. Refer to the password change phase. B. Undetectable on-line password guessing attacks This refers to upon subsection, where an attacker A is able to extract the secret parameters b and R through the stolen smart card. As with the previously eavesdropped messages (ID, Tu, C2), A can guess the U’s password as follows: Step 1: A guesses a possible password PWDA and computes a value following Eq. (15) CA1 with a timestamp TA. A then computes counterfeit messages (ID, TA, CA1) to send to the server S. Step 2: After receiving the messages, S first checks the timestamp Ts > TA. Continuously, S computes h(h(EID x) TA) to compare the received value CA1. If both of them are equal, then PWDA is U’s correct password. Then, S accepts this login request and sends the messages (Ts, C3) to A. Step 3: According to the received messages, A can recognize that the correct password has been guessed; otherwise, A retries the above attack procedures until obtaining the correct password. IV.OUR IMPROVED SCHEME In the context of Hsiang and Shih’s remote user authentication scheme, the server’s secret key is compromised by a malicious legal user. Therefore, we have designed a scheme with two unknown factors to protect each parameter in the smart card. Our remediable schemes consist of four phases: the registration phase, the login phase, the authentication phase, and the password change phase. We describe these phases in the following subsection.
  • 5. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 81 A. Registration phase Step 1: The user U chooses a password and then submits the registration messages (ID, h(PWD)) to the remote server S via a secure channel. Step 2: When S receives the registration messages from U, S first generates a nonce Ns and uses ID and h(PWD) to compute three values P, R and V: P=h(x) ( (ID) Ns) (24) V=h(ID h(x) Ns)) (25) R= h(x |Ns) h(( PWD)) (26) Afterward, S issues the smart card with parameters P, R, V and h(·) to U through a secure channel. B. Login phase If U wants to login S, he or she first insert his or her own smart card into a card reader or the terminal. Then, U enters his or her ID and PWD. The smart card performs the following steps: Step 1: The smart card uses PWD and R to compute a value h(x||Ns)' and calculate V' to compare with V: h(x ||N )' =R||h ( (PWD)) (27) V ' = h( ID||h(x Ns) ') (28) V ' = V (29) If Eq. (29) holds, the smart card generates a nonce Nu and computes messages C1 and C2; otherwise, the login request is rejected: C1= R h( (PWD)) Nu (30) C2 =h (h(ID) Nu) (31) Step 2: Finally, the smart card sends login request messages (P, C1, C2) to S. C. Authentication phase Upon receiving the login request (P, C1, C2), S has to perform the following steps to authenticate U: Step 1: S uses the received value P and its secret key x to obtain (ID' and Ns'): (ID' Ns ')= P || h(x) (32) Afterward, S computes Nu' to check if the authentication message C2 is valid or not: Nu'=C1||h(x Ns') (33) h (h (ID') Nu ')?= C2 (34) If Eq. (34) holds, S confirms that U is a legal user and responds a message C3 to U: C3=h (ID ' Nu') (35) Otherwise, S rejects the login request. Step 2: When receiving the response C3, U first verifies whether the message is valid or not: h(ID Nu )?= C3 (36) If the Eq. (36) holds, U confirms that S is valid. Therefore, U and S can correctly authenticate each other. D. Password change phase In this phase, if a U wants to change his or her password, he or she will perform the following steps: Step 1: U inserts his or her smart card into a card reader or the terminal, and then enters the ID and the original PWD.
  • 6. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 82 Step 2: According to Eqs. (28) and (29), the smart card examines the validity of ID and PWD and compares V' with the stored V. If this holds, U is allowed to key in a new password PWDnew; otherwise, the smart card rejects the password change request. Step 3: The smart card calculates R': R'=R||h ( (PWD)) ||h( (PWD new)) = h(x Ns) h ( (PWD new)) (37) And replaces the old value R with the new R'. Thus, the password has been successfully changed without the participation of remote server S. V. SECURITY ANALYSIS In this section, we will discuss the security of our improved scheme and demonstrate how it is more secure than previous schemes. A. Mutual authentication In our improved scheme, the server authenticates the user by checking the message C2. If server’s computed value (h(ID')||Nu') is equal to C2, the server proves that the user is valid. Then, server sends message C3 to the user. The user also compares C3 with his or her computation value h(ID||Nu). If both of them are equal, the user confirms that the server is legitimate. Since the secret value h(x||Ns) is shared between user and server, they can authenticate each other with the login messages (P, C1, C2) and the reply message C3. Hence, mutual authentication obtains in our improved scheme. B. Smart card lost According to our improved scheme, if an attacker A obtains a legal user U’s smart card somehow, they cannot obtain any parameter without the user’s password; even if A extracts the parameters P, R, and V (see Eqs. (24)-(26)) from the smart card, they still cannot obtain any sensitive information (such as ID, PWD, Ns or the server’s secret key x) with those parameters. Notably, A does not know U’s correct password and each parameter are always protected by two unknown factors of the smart card. Therefore, no one can use the stolen smart card to obtain authentication without U’s correct password and identity. C. Password guessing attacks This situation involves an attacker A obtaining the U’s smart card and intercepting previous messages. In this case, A intends to guess the U’s PWD from the stored parameter R of the smart card and must know the secret key x and the nonce Ns to compute similar parameters for comparison with parameter R. On the other hand, A can use R and the intercepted P to compute similar messages (P, C1', C2') and send it to S in an attempt to guess U’s PWD. As A has two unknown values, ID and PWD, it is difficult to successfully complete this password guessing attack. D. Replay attack In our improved scheme, we use a nonce mechanism to prevent the replay attack and to solve the synchronization problem. When an attacker intends to replay the previous messages (P, C1, C2) to achieve authentication, they cannot as the nonce value Nu is different in each session. For this reason, the attacker cannot achieve authentication using previous messages. VI.PERFORMANCE ANALYSIS Recently researchers [6, 20] have generally only considered one unknown factor for each parameter; this is why their schemes were compromised and have become susceptible to various attacks. However, our improved scheme always consists of two unknown factors within each communication to meet more stringent security requirements. It can be clearly observed that our
  • 7. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 83 scheme is more secure than those proposed by others. Generally speaking, the computation cost of our scheme is comparable to Hsiang and Shih’s scheme. However, our scheme can defend against all of the attacks discussed herein more effectively than all previous attempts. We compare the security requirements and computation costs with Hsiang and Shih’s scheme in Tables 1 and 2, respectively. VII. CONCLUSIONS In this paper, we have proposed an improved scheme that consistently protects each secret parameter with two unknown factors in the smart card; thus, an attacker cannot obtain any sensitive information, even if he or she is a malicious legal user. Most notably, our scheme not only addresses more stringent security requirements and protects against known types of attacks, it also reduces computation costs more effectively than Hsiang and Shih’s scheme. Therefore, our scheme holds substantial value in the context of numerous applications in various network environments. TABLE 1. Security Comparision Between Other Related Researches And Ours Yoon et al.’s scheme [20] Hsiang and Shih’s scheme [6] Ours Mutual authentication Yes Yes Yes Solve clock synchronization problem No No Yes Solve smart card lost problem No No Yes Prevention of undetectable online password guessing attacks No No Yes Prevention of offline password guessing attacks No No Yes Prevention of replay attacks No No Yes Table 2. Performance Comparision Between Other Related Researches And Ours Yoon et al.’s scheme [20] Hsiang and Shih’s scheme [6] Ours Registration phase 2H + 3Xor 4H + 4Xor 4H + 2Xor Login and authentication phase 6H + 7Xor 8H + 7Xor 10H + 4Xor Password change phase 6H + 6Xor 6H + 6Xor 3H + 2Xor Total 14H + 16Xor 18H + 17Xor 17H + 8Xor
  • 8. International Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 – 6480(Print), ISSN 0976 – 6499(Online) Volume 4, Issue 3, April (2013), © IAEME 84 REFERENCES [1] A. K. Awasthi, and S. Lal, “A remote user authentication scheme using smart cards with forward secrecy,” IEEE Transactions on Consumer Electronics, Vol. 49, No. 4, pp. 1246-1248, 2003. [2] C.Chang, and K. F.Hwang, “Some forgery attacks on a remote user authentication scheme using smart cards,” Informatics, Vol. 14, No. 3, pp. 289-294, 2003. [3] H. Y. Chien, and C. H. Chen, “A remote authentication scheme preserving user anonymity,” In: Proceedings of the 19th International Conference on Advanced Information Networking and Applications, pp. 245-248, 2005. [4] Y. Ding, and Horster, P., “Undetectable on-line password guessing attacks,” ACM SIGOPS Operating Systems Review, Vol. 29, No. 4, pp. 77-86, 1995. [5] X. Duan, J.W.Liu, and Q. Zhang, “Security improvement on Chienet al.’s remote user authentication scheme using smart cards,” In: Proceedings of the IEEE International Conference on Computational Intelligence and Security, pp. 1133-1135, 2006. [6] H.C.Hsiang, and W.K. Shih, “Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards,” Computer Communications, Vol. 32, No. 4, pp. 649-652, 2009. [7] M. S.Hwang, S. K.Chong, and T. Y.Chen, “DoS-resistant ID-based password authentication scheme using smart cards,” Journal of Systems and Software, Vol. 83, No. 1, pp. 163-172, 2010. [8] M. S.Hwang, C. C. Lee, and Y. L. Tang, “A simple remote user authentication scheme,” Mathematical and Computer Modelling, Vol. 36 No. 1-2, 103-107, 2002. [9] M. S. Hwang, and L. H. Li, “A new remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, 2000. [10] T. Hwang, Y. Chen, and C. S. Laih, “Non-interactive password authentication without password tables,” In: Proceedings of IEEE Region 10 Conference on Computer and Communication Systems, pp. 429-431, 1990. [11] P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” In: Advances in Cryptology: Proceedings of CRYPTO 99, LNCS 1666, pp. 388-397, 1999. [12] W. C. Ku, and S. M. Chen, “Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, pp. 204-207, 2004. [13] L.Lamport, “Password authentication with insecure communication,” ACM Communications, Vol. 24, No. 11, pp. 770-772, 1981. [14] C. C. Lee, M. S.Hwang, and W. P. Yang, “A flexible remote user authentication scheme using smart cards,” ACM Operating Systems Review, Vol. 36, No. 3, pp. 46-52, 2002. [15] T. S.Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smartcard security under the threat of power analysis attacks,” IEEE Transactions on Computers, Vol. 51, No. 5, 541-552, 2002. [16] M. Misbahuddin, M. A. Ahmed, and M. H. Shastri, “A simple and efficient solution to remote user authentication using smart cards,” Innovations in Information Technology, pp. 1-5, 2006. [17] H. M. Sun, ”An efficient remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, 958-961, 2000. [18] J. J. Shen, C. W.Lin and M. S. Hwang, “A modified remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 49, No. 2, pp. 414-416, 2003. [19] Natasa Zivic, “Soft Verification of Message Authentication Codes” International Journal Of Electronics And Communication Engineering &Technology (IJECET) Volume 3, Issue 1, 2012, pp. 262 - 285, ISSN Print: 0976- 6464, ISSN Online:0976 –6472. [20] Revathi Venkataraman, K.Sornalakshmi, M.Pushpalatha, T.Rama Rao, “Implementation Of Authentication And Confidentiality In Wireless Sensor Network” International Journal Of Computer Engineering & Technology (IJCET) Volume 3, Issue 2, 2012, pp. 553 - 560, ISSN PRINT : 0976 – 6367, ISSN ONLINE : 0976 – 6375