Three Attacks on Jia et al.'s Remote User Authentication Scheme using Bilinear Pairings and ECC
Recently, Jia et al. proposed a remote user authentication scheme using bilinear pairings and an Elliptic Curve Cryptosystem (ECC). However, the scheme is vulnerable to privileged insider attack at their proposed registration phase and to forgery attack at their proposed authentication phase. In addition, the scheme can be vulnerable to server spoofing attack because it does not provide mutual authentication between the user and the remote server. Therefore, this paper points out that the Jia et al. scheme is vulnerable to the above three attacks.
[1] P. Peyret, G. Lisimaque and T. Y. Chua, Smart cards provide very high
security and flexibility in subscribers management, IEEE Transactions
on Consumer Electronics, Vol.36, No.3, 1990, pp. 744-752.
[2] D. Sternglass, The future is in the pc cards, IEEE Spectrum, Vol.29,
No.6, 1992, pp. 46-50.
[3] N. Koblitz, Elliptic curve cryptosystems, Math. Comp., Vol.48, 1987,
pp. 203-209.
[4] C. C. Chang and T. C. Wu, Remote password authentication with smart
cards, IEEE Proceedings-E, Vol.138, No.3,1993, pp. 165-168.
[5] K. Tan and H. Zhu, Remote password authentication scheme based on
cross-product, Computer Communications, Vol.22, No. 4, 1999, pp. 390-
393.
[6] M. S. Hwang, Cryptanalysis of a remote login authentication scheme
Computer Communications, Computer Communications, Vol.22, No.8,
1999, pp. 742-744.
[7] A. Bottoni and G. Dini, Improving authentication of remote card transactions
with mobile personal trusted devices, Computer Communications,
Vol.30, No.8, 2007, pp. 1697-1712.
[8] J. Y. Liu, A. M. Zhou and M. X. Gao, A new mutual authentication
scheme based on nonce and smart cards, Computer Communications,
Vol.31, No.10, 2008, pp. 2205-2209.
[9] Y. Wang, J. Liu, F. Xiaoa and J. Dana, A more efficient and secure
dynamic ID-based remote user authentication scheme, Computer Communications,
Vol.32, No.4, 2009, pp. 583-585.
[10] H. C. Hsiang and W. K. Shih, Weaknesses and improvements of the
yoon-ryu-yoo remote user authentication scheme using smart cards,
Computer Communications, Vol.32, No.4, 2009, pp. 649-652.
[11] A. Joux, A one round protocol for tripartite diffie-hellman, Proceedings
of Algorithmic Number Theory Symposium, LNCS 1838, Springer-
Verlag, 2000, pp. 385-394.
[12] M. L. Das, A Saxena, V. P. Gulati and D. B. Phatak, A novel remote user
authentication scheme using bilinear pairings, Computers & Security,
Vol.25, No.3, 2006, pp. 184-189.
[13] J. S. Chou, Y. Chen and J. Y. Lin, Improvement of Manik et al.-s remote
user authentication scheme, http://eprint.iacr.org/2005/450.pdf.
[14] G. Thulasi, M. L. Das and A. Saxena, Cryptanalysis of recently proposed
remote user authentication schemes, http://eprint.iacr.org/2006/028.pdf.
[15] Z. Jia, Y. Zhang, H. Shao, Y. Lin and J. Wang, A remote user
authentication scheme using bilinear pairings and ECC, Proceedings of
the Sixth International Conference on Intelligent Systems Design and
Applications (ISDA-06), Vol.2, October 2006, pp. 1091-1094.
[16] W. C. Ku and S. M. Chen, ÔÇÿWeaknesses and improvements of an efficient
password based remote user authentication scheme using smart cards,
IEEE Trans. on Consumer Electronics, Vol.50, No.1, 2004, pp. 204-207.
[17] W. C. Ku, H. M. Chuang and M. J. Tsaur, Vulnerabilities of Wu-
Chieu-s improved password authentication scheme using smart cards,
IEICE Trans. Fundamentals, Vol.E88-A, No.11, 2005, pp. 3241-3243.
[18] R. J. Anderson, Why cryptosystems fail, Proceedings of First ACM
Conference on Computer and Communications Security, USA, Nov.
1993, pp. 215-227.
[19] N. Asokan, H. Debar, M. Steiner and M. Waidner, Authenticating public
terminals, Computer Networks, Vol.31, No.8, April 1999, pp. 861-870.
[20] E. J. Yoon, E. K. Ryu and K. Y. Yoo, An improvement of Hwang-Lee-
Tang-s simple remote user authentication scheme, Computers & Security,
Vol.24, 2005, pp. 50-56.
[21] M. K. Khan and J. Zhang, Improving the security of ÔÇÿa flexible
biometrics remote user authentication scheme-, Computer Standards &
Interfaces, Vol.29, 2007, pp. 82-85.
[22] A. J. Menezes, P. C. Oorschot and S.A. Vanstone, Handbook of applied
cryptograph, CRC Press, New York, 1997.
[23] B. Schneier, Applied cryptography protocols, algorithms and source
code in C: second edition, John Wiley & Sons Inc, 1995.
[1] P. Peyret, G. Lisimaque and T. Y. Chua, Smart cards provide very high
security and flexibility in subscribers management, IEEE Transactions
on Consumer Electronics, Vol.36, No.3, 1990, pp. 744-752.
[2] D. Sternglass, The future is in the pc cards, IEEE Spectrum, Vol.29,
No.6, 1992, pp. 46-50.
[3] N. Koblitz, Elliptic curve cryptosystems, Math. Comp., Vol.48, 1987,
pp. 203-209.
[4] C. C. Chang and T. C. Wu, Remote password authentication with smart
cards, IEEE Proceedings-E, Vol.138, No.3,1993, pp. 165-168.
[5] K. Tan and H. Zhu, Remote password authentication scheme based on
cross-product, Computer Communications, Vol.22, No. 4, 1999, pp. 390-
393.
[6] M. S. Hwang, Cryptanalysis of a remote login authentication scheme
Computer Communications, Computer Communications, Vol.22, No.8,
1999, pp. 742-744.
[7] A. Bottoni and G. Dini, Improving authentication of remote card transactions
with mobile personal trusted devices, Computer Communications,
Vol.30, No.8, 2007, pp. 1697-1712.
[8] J. Y. Liu, A. M. Zhou and M. X. Gao, A new mutual authentication
scheme based on nonce and smart cards, Computer Communications,
Vol.31, No.10, 2008, pp. 2205-2209.
[9] Y. Wang, J. Liu, F. Xiaoa and J. Dana, A more efficient and secure
dynamic ID-based remote user authentication scheme, Computer Communications,
Vol.32, No.4, 2009, pp. 583-585.
[10] H. C. Hsiang and W. K. Shih, Weaknesses and improvements of the
yoon-ryu-yoo remote user authentication scheme using smart cards,
Computer Communications, Vol.32, No.4, 2009, pp. 649-652.
[11] A. Joux, A one round protocol for tripartite diffie-hellman, Proceedings
of Algorithmic Number Theory Symposium, LNCS 1838, Springer-
Verlag, 2000, pp. 385-394.
[12] M. L. Das, A Saxena, V. P. Gulati and D. B. Phatak, A novel remote user
authentication scheme using bilinear pairings, Computers & Security,
Vol.25, No.3, 2006, pp. 184-189.
[13] J. S. Chou, Y. Chen and J. Y. Lin, Improvement of Manik et al.-s remote
user authentication scheme, http://eprint.iacr.org/2005/450.pdf.
[14] G. Thulasi, M. L. Das and A. Saxena, Cryptanalysis of recently proposed
remote user authentication schemes, http://eprint.iacr.org/2006/028.pdf.
[15] Z. Jia, Y. Zhang, H. Shao, Y. Lin and J. Wang, A remote user
authentication scheme using bilinear pairings and ECC, Proceedings of
the Sixth International Conference on Intelligent Systems Design and
Applications (ISDA-06), Vol.2, October 2006, pp. 1091-1094.
[16] W. C. Ku and S. M. Chen, ÔÇÿWeaknesses and improvements of an efficient
password based remote user authentication scheme using smart cards,
IEEE Trans. on Consumer Electronics, Vol.50, No.1, 2004, pp. 204-207.
[17] W. C. Ku, H. M. Chuang and M. J. Tsaur, Vulnerabilities of Wu-
Chieu-s improved password authentication scheme using smart cards,
IEICE Trans. Fundamentals, Vol.E88-A, No.11, 2005, pp. 3241-3243.
[18] R. J. Anderson, Why cryptosystems fail, Proceedings of First ACM
Conference on Computer and Communications Security, USA, Nov.
1993, pp. 215-227.
[19] N. Asokan, H. Debar, M. Steiner and M. Waidner, Authenticating public
terminals, Computer Networks, Vol.31, No.8, April 1999, pp. 861-870.
[20] E. J. Yoon, E. K. Ryu and K. Y. Yoo, An improvement of Hwang-Lee-
Tang-s simple remote user authentication scheme, Computers & Security,
Vol.24, 2005, pp. 50-56.
[21] M. K. Khan and J. Zhang, Improving the security of ÔÇÿa flexible
biometrics remote user authentication scheme-, Computer Standards &
Interfaces, Vol.29, 2007, pp. 82-85.
[22] A. J. Menezes, P. C. Oorschot and S.A. Vanstone, Handbook of applied
cryptograph, CRC Press, New York, 1997.
[23] B. Schneier, Applied cryptography protocols, algorithms and source
code in C: second edition, John Wiley & Sons Inc, 1995.
@article{"International Journal of Information, Control and Computer Sciences:63343", author = "Eun-Jun Yoon and Kee-Young Yoo", title = "Three Attacks on Jia et al.'s Remote User Authentication Scheme using Bilinear Pairings and ECC", abstract = "Recently, Jia et al. proposed a remote user authentication scheme using bilinear pairings and an Elliptic Curve Cryptosystem (ECC). However, the scheme is vulnerable to privileged insider attack at their proposed registration phase and to forgery attack at their proposed authentication phase. In addition, the scheme can be vulnerable to server spoofing attack because it does not provide mutual authentication between the user and the remote server. Therefore, this paper points out that the Jia et al. scheme is vulnerable to the above three attacks.
", keywords = "Cryptography, authentication, smart card, password, cryptanalysis, bilinear pairings.", volume = "5", number = "12", pages = "1708-5", }
