Title :
Cryptanalysis and Security Enhancement of Two Password Authentication Schemes with Smart Cards
Author :
Khan, Muhammad Khurram
Author_Institution :
Res. Group for Biometrics & Security, Bahria Univ., Karachi
Abstract :
Recently, Yang et al. proposed an improvement of two password authentication schemes based on timestamp and nonce. They claimed that their schemes are secure against different kind of attacks. However, we point out that their schemes are vulnerable and can easily be cryptanalyzed. We demonstrate that their schemes perform unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, thus their schemes are susceptible to the server spoofing attack. To fill this security gap, we present an improvement which overcomes the weakness of Yang et al.´s schemes. As a result, our improved security patch establishes trust between client and remote system in the form of mutual authentication.
Keywords :
authorisation; cryptography; smart cards; client authentication; cryptanalysis; mutual authentication; password authentication; security enhancement; smart cards; timestamp; unilateral authentication; Authentication; Biometrics; Computer science; Computer security; Equations; Forgery; Information security; Network servers; Resists; Smart cards;
Conference_Titel :
Multitopic Conference, 2007. INMIC 2007. IEEE International
Conference_Location :
Lahore
Print_ISBN :
978-1-4244-1552-6
Electronic_ISBN :
978-1-4244-1553-3
DOI :
10.1109/INMIC.2007.4557692
