Cryptanalysis of 'A Robust Smart-Card-Based Remote User Password Authentication Scheme'A

被引：0

作者：

Kumari, Saru ^{[1
]}

Bin Muhaya, Fahad ^{[2
]}

Khan, Muhammad Khurram ^{[3
]}

Kumar, Rahul ^{[4
]}

机构：

[1] Dr BRA Univ, Agra Coll, Dept Math, Agra, Uttar Pradesh, India

[2] King Saud Univ, Coll Business Adm, MIS Dept, Riyadh 11451, Saudi Arabia

[3] King Saud Univ, Ctr Excellence Informat Assurance, Riyadh 11451, Saudi Arabia

[4] D BS Coll, Dept Math, Agra, Uttar Pradesh, India

来源：

2013 INTERNATIONAL SYMPOSIUM ON BIOMETRICS AND SECURITY TECHNOLOGIES (ISBAST) | 2013年

关键词：

Smart card; Session-key disclosure; Password guessing attack; User anonymity; User impersonation attack; IMPROVEMENT; EFFICIENT;

D O I：

10.1109/ISBAST.2013.43

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Smart card is a widely accepted user authentication tool to ensure only authorized access to resources available via open networks. In 2010, Sood et al. and Song independently examined a smart card based authentication scheme proposed by Xu et al. They showed that in Xu et al.'s scheme an internal user of the system could turn hostile to impersonate other users of the system. Sood et al. and Song also proposed schemes in order to improve scheme proposed by Xu et al.'s. Recently, Chen et al. identified some security problems in the improvements proposed by Sood et al. and Song. To fix these problems Chen et al. presented another scheme, which they claimed to provide mutual authentication and withstand, lost smart card attack. Undoubtedly, in their scheme user can also verify the legitimacy of server but we find that the scheme fails to resist impersonation attacks and privileged insider attack. We also show that the scheme does not provide user anonymity and confidentiality to air messages. In addition, an attacker can guess a user's password from his lost/stolen smart card.

引用

页码：247 / 250

页数：4

共 50 条

[31] Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card
Wang, Chenyu
Xu, Guoai
[J]. SECURITY AND COMMUNICATION NETWORKS, 2017,
[32] Cryptanalysis and improvement of an 'improved remote authentication scheme with smart card'
Holbl, Marko
Welzer, Tatjana
[J]. ARES 2008: PROCEEDINGS OF THE THIRD INTERNATIONAL CONFERENCE ON AVAILABILITY, SECURITY AND RELIABILITY, 2008, : 1301 - 1305
[33] Security Weaknesses of Li's Remote User Password Authentication Scheme Using Smart Card
Ling, Jie
Zhao, Guang-Qiang
Liu, Yi
[J]. PROCEEDINGS OF THE 2015 INTERNATIONAL CONFERENCE ON MATERIALS ENGINEERING AND INFORMATION TECHNOLOGY APPLICATIONS, 2015, 28 : 677 - 681
[34] A Robust Remote User Authentication Scheme against Smart Card Security Breach
Li, Chun-Ta
Lee, Cheng-Chi
Liu, Chen-Ju
Lee, Chin-Wen
[J]. DATA AND APPLICATIONS SECURITY AND PRIVACY XXV, 2011, 6818 : 231 - 238
[35] Security Enhancements of Smart Card-Based Remote User Password Authentication Scheme with Session Key Agreement
An, Young-Hwa
[J]. 2015 17TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY (ICACT), 2015, : 669 - 674
[36] Improvement on a Smart Card Based Password Authentication Scheme
He, Debiao
Chen, Jianhua
Hu, Jin
[J]. JOURNAL OF INTERNET TECHNOLOGY, 2012, 13 (03): : 405 - 409
[37] Smart card based secure password authentication scheme
Wang, SJ
Chang, JF
[J]. COMPUTERS & SECURITY, 1996, 15 (03) : 231 - 237
[38] A SMART CARD BASED AUTHENTICATION SCHEME FOR REMOTE USER LOGIN AND VERIFICATION
Cheng, Zi-Yao
Liu, Yun
Chang, Chin-Chen
Chang, Shih-Chang
[J]. INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2012, 8 (08): : 5499 - 5511
[39] Smart Card Based Remote User Authentication Scheme for Cloud Computing
Madhusudhan, R.
Hegde, Manjunath
[J]. 2019 IEEE 10TH ANNUAL UBIQUITOUS COMPUTING, ELECTRONICS & MOBILE COMMUNICATION CONFERENCE (UEMCON), 2019, : 905 - 910
[40] Design of a user anonymous password authentication scheme without smart card
Kumari, Saru
Khan, Muhammad Khurram
Li, Xiong
Wu, Fan
[J]. INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2016, 29 (03) : 441 - 458

← 1 2 3 4 5 →