An Efficient and Robust Remote User Authentication Method

Wu-Chieu proposed an enhanced remote user authentication scheme to improve the security of a user-friendly remote user authentication scheme with smart cards. However, we demonstrate that their scheme is vulnerable and susceptible to the attacks and can easily be cryptanalyzed. Their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, their scheme is slower in detecting the wrong input-password, and users cannot change their passwords. This paper proposes an efficient and secure remote authentication scheme to solve the problems found in Wu-Chieu’s scheme. In addition, the computational costs and efficiency of the proposed scheme is better than other related published schemes.


I. Introduction
In remote authentication methods, legitimacy of the remote users is authenticated over an insecure communication channel. In 1981, Lamport [1] proposed a remote user authentication scheme using password tables. In 2000, Hwang and Li [2] identified that Lamport's scheme has the risks of attacking and modifying the password table.
So, Hwang and Li presented a novel remote user authentication method without using the password table on the basis of El-Gamal public key encryption method [3]. To improve the previous research work, many remote user authentication schemes have been proposed  and each scheme has its pros and cons.
In some of the published schemes, password is computed by the remote system and assigned to the users, but length of the password is usually long and random and there is no user's consent in selecting the passwords, which make these schemes infeasible.
So in 2003, Shyi-Bin [10] proposed an authentication scheme in which users are free to choose and change their passwords. Later in 2004, Yang-Wang [14] identified that the scheme of Shyi-Bin's suffers from the forgery attack and the password guessing attack. More recently, Wu-Chieu [15] also pointed out impersonation attack on Shyi-Bin's scheme and described that an adversary can easily impersonate a valid user and gets login into the system. Consequently, they proposed a modified remote user authentication scheme. Wu-Chieu claimed that their scheme is better and secure than the scheme of Shyi-Bin [10].
However, in this paper, we demonstrate that the Wu-Chieu's scheme also suffers from the attacks and can be easily cryptanalyzed. We describe that their scheme only performs unilateral authentication (only client authentication) and user has no information about the authenticity of the remote system. Thus, their scheme is susceptible to the server spoofing attack. We also point out that their scheme is slower in detecting the wrong input-password, and users cannot change their passwords. For the remedy of the problems in Wu-Chieu's scheme, we propose an improved and efficient remote user authentication, in which users can update their passwords freely and securely without help of the remote system, and wrong input-password is detected at the user end instead of server side. Furthermore, user and remote system performs mutual authentication to verify each other. Moreover, computational costs and efficiency of the improved scheme is better than other related schemes of [10] and [15].
Rest of the paper is organized as follows; Section II briefly reviews the Wu-Chieu's scheme, Section III demonstrates the cryptanalysis and weaknesses of their scheme, Section IV proposes an improved and efficient scheme, Section V performs the security analysis of the proposed scheme, Section VI elaborates the efficiency of the presented scheme, and Section VII concludes this paper.

II. Review of Wu and Chieu's Scheme
Wu and Chieu's scheme is divided into three phases, namely; registration, login, and authentication. In the following subsections, their scheme is briefly reviewed.

A. Registration Phase
In the registration phase, user Ui chooses his IDi and password Pwi, and submits to the registration server. Upon receiving the registration request, remote system performs the following operations:

Computes Ai by
where x is the private key of the server, h(.) is the collision-free one-way hash function.

Computes
Bi by , where p is a large prime number and g is a public primitive element in GF(P).
3. Remote server personalizes the smart card, which contains the information and issues smart card to the Ui.

B. Login Phase
In the login phase, user inserts his smart card into the reader machine or terminal and enters his IDi and . Smart card performs the followings operations: 1. Computes , and 2. User sends login message to the remote server over an insecure network.

C. Authentication Phase
Remote system receives the message from the user and performs the following operations at time : 1. Checks the format of IDi. If the format is not correct, remote system rejects the login request.
2. Verify the validity of time interval between T and . If , where denotes the expected valid time interval for transmission delay, then remote system rejects the login request.

Compares whether
or not. If they are equal, it means user is authentic and remote system accepts the login request otherwise, the login request is rejected.

III. Cryptanalysis and Weaknesses of Wu-Chieu's Scheme
Wu-Chieu's scheme is vulnerable to the attacks and can easily be cryptanalyzed. In the following subsections, we demonstrate the cryptanalysis and weaknesses of their scheme.
1. Wu-Chieu's scheme performs only unilateral authentication i.e. only client authentication and there is no authenticity of the remote system. So, their scheme has risk of manipulating the user's data by setting up fake server by an adversary [16,21].
Here, we assume that an adversary Bob is an eavesdropper over the insecure channel between remote system and application user. The user Ui sends login information i.e. over the insecure channel, so Bob also gets it. Here, Bob can spoof the Ui by impersonating the server. Bob plays the role of fake-server and sends a fake mutual authentication message to Ui by performing the following operations: 2. If user Ui inserts wrong password by mistake, this wrong password will be detected by remote server in the authentication phase. Hence, Wu-Chieu's scheme is very slow in detecting the wrong passwords, which could be keyed-in by mistake.
3. In Wu-Chieu's scheme, there is no way to change the passwords. As an example, if the password of Ui is compromised or he wants to change the password for any reasons, then there is no any method to change the password in their scheme. So, this drawback also not fulfills the user's requirement of authentication protocols [16] [18].

IV. Proposed Remote User Authentication Scheme
In this section, we propose an efficient and secure remote user authentication scheme with smart cards, which can withstand the security pitfalls found in Wu-Chieu's scheme.

A. Registration Phase
In the registration phase, user Ui chooses his IDi and password Pwi, and submits to the registration server. Upon receiving the registration request, remote system performs the following operations: 1. Computes and , where x is the private key of the remote system and h(.) is collision free one-way hash function.

2.
Remote system personalizes the smart card with the secure information and issues the card to the Ui.

B. Login Phase
If Ui wants to login into the system, he inserts his smart card into the terminal and enters his IDi and . Smart card performs the following operations: 1. Computes , and verifies whether equals to the stored or not. If they are equal, smart card performs further operations, otherwise terminates the operation.

Computes
, where is the current timestamp of the input device is.
3. At the end of login phase, Ui sends login message to the remote server over an insecure network channel.

C. Authentication Phase
In the authentication phase, remote system receives the message from the user and performs the following operations: believes that the remote party is authentic system and the mutual authentication between Ui and remote server is completed, otherwise Ui terminates the operation.

D. Password Change Phase
Whenever Ui wants to change his old password to the new password , he performs the following operations without any help from the remote system:

V. Security Analysis of the Proposed Scheme
In this section, we perform security analysis of the presented scheme.
1. It is very difficult for anyone to derive the server's secret key x from the hash value of , because of the security property of one-way hash functions [6].
2. To withstand replay attacks, neither the replay of an old login message in the login phase nor the replay of the remote system's response in step 5 of the authentication phase will work. It would be failed in steps 2 and 6 of the authentication phase, because of the time interval and , respectively.
3. From the login message , it is infeasible to compute by using equation , because it is computed by the secure one-way hash function.
4. Proposed scheme protects from the impersonation attack found in [10]. An attacker can attempt to modify login message into .
However, this impersonation attempt will be failed in the step 3 of the authentication phase, because an attacker has no way of obtaining the value of to compute the valid value of .
5. Server spoofing attack is completely solved by providing the mutual authentication between user and remote system. Remote system sends mutual authentication message to the user. If an attacker intercepts it and resends the forge message i.e. to the user, it will be verified in steps 6 and 7 of the authentication phase because the value of is computed by .
In addition, replay of this message can be exposed because of the time stamp.
6. In the password change phase, value of is compared with the value of . If these two values are not same, user is not allowed to change the password.
Furthermore, when the smart card is stolen or theft, unauthorized users can not change new password. Hence, proposed scheme also protects from the denial of service attack using stolen smart card.

VI. Efficiency of the Proposed Scheme
The performance and efficiency of the proposed scheme are summarized in table 1.
Our scheme is completely based on one-way collision free hash functions, which are computationally faster than modular exponentiations [6]. In the registration, login, and authentication phases, without mutual authentication, scheme in [10] requires 2 times exponential and 5 times hash operations, while scheme in [15] requires 3 times exponential and 6 hash operations. While on the other hand, proposed scheme requires only 6 hash computations with the mutual authentication so, the computational complexity of our scheme is less than [10] and [15]. Furthermore, schemes of [10] and [15] detect wrong input-password at the server end, while our scheme checks the input-password at the client end and prompts the user on the spot without any transmission delay of network. Besides, proposed scheme enables users to update their passwords freely and securely without the help of remote system. In contrast, scheme in [10] allows users to change their passwords but users have to submit their smart cards to the remote system for changing passwords, which is an inefficient solution while in scheme [15]; there is no any method to change the passwords. In addition, compared with [10] and [15], only our scheme supports mutual authentication to protect the system from the server spoofing attack [16,21].
Moreover, our scheme consumes less memory space on the smart card to store user's public information. Hence, it is obvious that proposed scheme is more efficient and secure in terms of computations, performance, and security.

VII. Conclusion
In this paper, we presented an enhancement of Wu-Chieu's scheme. We showed that their scheme does not provide mutual authentication between user and remote server, so user can not trust on the authenticity of the remote server. We also discussed that their scheme is slow in detecting the wrong passwords and does not allow users to change their passwords. To solve these problems, we proposed an efficient and secure remote user authentication scheme, in which legal users can change their passwords freely and securely, and wrong input password is detected very fast at the time of input. In addition, server spoofing attacks is completely solved by providing mutual authentication between user and remote system. Moreover, computational costs and efficiency of the proposed scheme is better than those of the related published schemes.