智能卡密码认证方案的密码分析与增强

IF 0.5 4区计算机科学 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Cooperative Information Systems Pub Date : 2017-09-30 DOI:10.5281/ZENODO.1161879

Raphael Nyirongo, Solomon Kuonga, Patrick Ali, L. Eneya, Hyunsung Kim

{"title":"智能卡密码认证方案的密码分析与增强","authors":"Raphael Nyirongo, Solomon Kuonga, Patrick Ali, L. Eneya, Hyunsung Kim","doi":"10.5281/ZENODO.1161879","DOIUrl":null,"url":null,"abstract":"ABSTRACT\n\nPassword authentication with smart card is one of the simplest and efficient authentication mechanisms to ensure secure communication over insecure network environments. Recently, Tsai et al. proposed an improved password authentication scheme for smart card. Their scheme is more secure than the other previous schemes. In this paper, we show Tsai et al.’s scheme is vulnerable to password guessing attack and has computational overhead. Furthermore, we propose an enhanced password authentication scheme to eliminate the security vulnerability and enhance the overhead. By presenting concrete analysis of security and performance, we show that the proposed scheme cannot only resist various well known attacks, but also is more efficient than the other related works, and thus is feasible for practical applications.","PeriodicalId":54966,"journal":{"name":"International Journal of Cooperative Information Systems","volume":null,"pages":null},"PeriodicalIF":0.5000,"publicationDate":"2017-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Cryptanalysis And Enhancement Of Password Authentication Scheme For Smart Card\",\"authors\":\"Raphael Nyirongo, Solomon Kuonga, Patrick Ali, L. Eneya, Hyunsung Kim\",\"doi\":\"10.5281/ZENODO.1161879\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT\\n\\nPassword authentication with smart card is one of the simplest and efficient authentication mechanisms to ensure secure communication over insecure network environments. Recently, Tsai et al. proposed an improved password authentication scheme for smart card. Their scheme is more secure than the other previous schemes. In this paper, we show Tsai et al.’s scheme is vulnerable to password guessing attack and has computational overhead. Furthermore, we propose an enhanced password authentication scheme to eliminate the security vulnerability and enhance the overhead. By presenting concrete analysis of security and performance, we show that the proposed scheme cannot only resist various well known attacks, but also is more efficient than the other related works, and thus is feasible for practical applications.\",\"PeriodicalId\":54966,\"journal\":{\"name\":\"International Journal of Cooperative Information Systems\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2017-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Cooperative Information Systems\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.5281/ZENODO.1161879\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Cooperative Information Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.5281/ZENODO.1161879","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 1

摘要

ABSTRACT智能卡密码身份验证是最简单有效的身份验证机制之一，可确保在不安全的网络环境中进行安全通信。最近，Tsai等人提出了一种改进的智能卡密码认证方案。他们的方案比以前的其他方案更安全。在本文中，我们证明了Tsai等人的方案容易受到密码猜测攻击，并且有计算开销。此外，我们提出了一种增强的密码认证方案，以消除安全漏洞并提高开销。通过对安全性和性能的具体分析，我们表明所提出的方案不仅能够抵抗各种众所周知的攻击，而且比其他相关工作更有效，因此在实际应用中是可行的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cryptanalysis And Enhancement Of Password Authentication Scheme For Smart Card

ABSTRACT Password authentication with smart card is one of the simplest and efficient authentication mechanisms to ensure secure communication over insecure network environments. Recently, Tsai et al. proposed an improved password authentication scheme for smart card. Their scheme is more secure than the other previous schemes. In this paper, we show Tsai et al.’s scheme is vulnerable to password guessing attack and has computational overhead. Furthermore, we propose an enhanced password authentication scheme to eliminate the security vulnerability and enhance the overhead. By presenting concrete analysis of security and performance, we show that the proposed scheme cannot only resist various well known attacks, but also is more efficient than the other related works, and thus is feasible for practical applications.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Cooperative Information Systems 工程技术-计算机：信息系统

CiteScore

2.30

自引率

0.00%

发文量

审稿时长

>12 weeks

期刊介绍： The paradigm for the next generation of information systems (ISs) will involve large numbers of ISs distributed over large, complex computer/communication networks. Such ISs will manage or have access to large amounts of information and computing services and will interoperate as required. These support individual or collaborative human work. Communication among component systems will be done using protocols that range from conventional ones to those based on distributed AI. We call such next generation ISs Cooperative Information Systems (CIS). The International Journal of Cooperative Information Systems (IJCIS) addresses the intricacies of cooperative work in the framework of distributed interoperable information systems. It provides a forum for the presentation and dissemination of research covering all aspects of CIS design, requirements, functionality, implementation, deployment, and evolution.