Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards

Author

Huang Kai ; Ou Qingyu ; Wu Xiaoping ; Song Yexin

Author_Institution

Dept. of Inf. Security, Naval Univ. of Eng., Wuhan, China

fYear

2009

fDate

24-26 Sept. 2009

Firstpage

1

Lastpage

4

Abstract

With the popularity of computer network, smart card based remote user authentication is receiving more and more attention than ever. Recently, Liaw et al. proposed an efficient and complete remote user authentication scheme using smart cards. Its security depends on the one-way hash function and is nonce-based. They claim that it achieves more functionality and satisfies all criteria and can withstand the replay attack. Nevertheless, there still exist several security flaws in their scheme. In this paper, we give a cryptanalysis of the scheme and present that the scheme is vulnerable and insecure against at least four kinds of attack, including the offline password guessing attack, two impersonation attacks, the intruder-in-the-middle attack and the denial-of-service attack.

Keywords

authorisation; computer networks; cryptography; smart cards; computer network; cryptanalysis; denial-of-service attack; impersonation attacks; intruder-in-the-middle attack; offline password guessing attack; one-way hash function; remote user authentication scheme; security flaws; smart cards; Authentication; Clocks; Computational efficiency; Computer crime; Computer networks; Computer security; Cryptography; Information security; Smart cards; Synchronization;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless Communications, Networking and Mobile Computing, 2009. WiCom '09. 5th International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-3692-7

Electronic_ISBN

978-1-4244-3693-4

Type

conf

DOI

10.1109/WICOM.2009.5302288

Filename

5302288