Cryptanalysis of a flexible remote user authentication scheme using smart cards

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Cryptanalysis of a flexible remote user authentication scheme using smart cards

Full text

Pdf (406 KB)

Source

ACM SIGOPS Operating Systems Review archive
Volume 39 , Issue 1 (January 2005) table of contents

Pages: 90 - 96

Year of Publication: 2005

ISSN:0163-5980

Authors

Wei-Chi Ku	Fu Jen Catholic University, Hsinchuang, Taipei County, Taiwan, R.O.C.
Shuai-Min Chen	Fu Jen Catholic University, Hsinchuang, Taipei County, Taiwan, R.O.C.

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 15, Downloads (12 Months): 116, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1044552.1044562 What is a DOI?

ABSTRACT

In 2002, Lee, Hwang, and Yang proposed a verifier-free remote user authentication scheme using smart cards. Their scheme is efficient because of mainly using cryptographic hash functions. However, we find that Lee-Hwang-Yang's scheme is not reparable once the user's permanent secret is compromised and is vulnerable to a privileged insider's attack. Furthermore, it lacks the user eviction mechanism. In this paper, we first show the weaknesses of Lee-Hwang-Yang's scheme, and then compare Lee-Hwang-Yang's scheme with three similar schemes.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	A. K. Awasthi and S. Lal, "A remote user authentication scheme using smart cards with forward secrecy," IEEE Transactions on Consumer Electronics, vol. 49, no. 4, pp. 1246--1248, Nov. 2003.
	2	C. K. Chan and L. M. Cheng, "Cryptanalysis of a remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 46, no. 4, pp. 992--993, Nov. 2000.
	3	C. K. Chan and L. M. Cheng, "Cryptanalysis of a timestamp-based password authentication scheme," Computers & Security, vol. 21, no. 1, pp. 74--76, 2002.
	4	C. C. Chang and K. F. Hwang, "Some forgery attacks on a remote user authentication scheme using smart cards," Informatica, vol. 14, no. 3, pp. 289--294, 2003.
	5	K. F. Chen and S. Zhong, "Attacks on the (enhanced) Yang-Shieh authentication," Computers & Security, vol. 22, no. 8, pp. 725--727, Dec. 2003.
	6	H. Y. Chien, J. K. Jan, and Y. M. Tseng, "An efficient and practical solution to remote authentication: smart card," Computers & Security, vol. 21, no. 4, pp. 372--375, 2002.
	7	L. Fan, J. H. Li, and H. W. Zhu, "An enhancement of timestamp-based password authentication scheme," Computers & Security, vol. 21, no. 7, pp. 665--667, Nov. 2002.
	8	T. Hwang, Y. Chen, and C. S. Laih, "Non-interactive password authentications without password tables," Proc. IEEE Region 10 Conference on Computer and Communication Systems, Hong Kong, pp. 429--431, Sept. 1990.
	9	T. Hwang and W. C. Ku, "Reparable key distribution protocols for Internet environments," IEEE Transactions on Communications, vol. 43, no. 5, pp. 1947--1950, May 1995.
	10	M. S. Hwang and L. H. Li, "A new remote user authentication scheme using smart card," IEEE Transactions on Consumer Electronics, vol. 46, no. 1, pp. 28--30, Feb. 2000.
	11	Paul C. Kocher , Joshua Jaffe , Benjamin Jun, Differential Power Analysis, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, p.388-397, August 15-19, 1999
	12	W. C. Ku, C. M. Chen, and H. L. Lee, "Cryptanalysis of a variant of Peyravian-Zunic's password authentication scheme," IEICE Transactions on Communications, vol. E86-B, no. 5, pp. 1682--1684, May 2003.
	13	W. C. Ku and S. M. Chen, "Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 50, no. 1, pp. 204--207, Feb. 2004.
	14	W. C. Ku, S. M. Chen, and H. M. Chuang, "A study of hash-based password authentication schemes without storing verifiers," Proc. 14th Information Security Conference, Taiwan, pp. 429--435, June 2004.
	15	Cheng-Chi Lee , Min-Shiang Hwang , Wei-Peng Yang, A flexible remote user authentication scheme using smart cards, ACM SIGOPS Operating Systems Review, v.36 n.3, p.46-52, July 2002 [doi>10.1145/567331.567335]
	16	K. C. Leung, L. M. Cheng, A. S. Fong, and C. K. Chan, "Cryptanalysis of a modified remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 49, no. 4, pp. 1243--1245, Nov. 2003.
	17	Thomas S. Messerges , Ezzat A. Dabbish , Robert H. Sloan, Examining Smart-Card Security under the Threat of Power Analysis Attacks, IEEE Transactions on Computers, v.51 n.5, p.541-552, May 2002 [doi>10.1109/TC.2002.1004593]
	18	J. J. Shen, C. W. Lin, and M. S. Hwang, "A modified remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 49, no. 2, pp. 414--416, May 2003.
	19	H. M. Sun, "An efficient remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 46, no. 4, pp. 958--961, Nov. 2000.
	20	H. M. Sun and H. T. Yeh, "Further cryptanalysis of a password authentication scheme with smart cards," IEICE Transactions on Communications, vol. E86-B, no. 4, pp. 1412--1415, April 2003.
	21	B. Wang, J. H. Li, and Z. P. Tong, "Cryptanalysis of an enhanced timestamp-based password authentication scheme," Computers & Security, vol. 22, no. 7, pp. 643--645, Oct. 2003.
	22	W. H. Yang and S. P. Shieh, "Password authentication schemes with smart cards," Computers & Security, vol. 18, no. 8, pp. 727--733, 1999.
	23	H. T. Yeh, H. M. Sun, and B. T. Hsieh, "Security of a remote user authentication scheme using smart cards," IEICE Transactions on Communications, vol. E87-B, no. 1, pp. 192--194, Jan. 2004.