Title :
Notes on “a password-based remote user authentication scheme without smart card”
Author :
Kumari, Smriti ; Khan, Muhammad Khurram ; Xiong Li ; Kumar, Ravindra
Author_Institution :
Dept. of Math., Dr. B.R.A. Univ., Agra, India
Abstract :
Recently, Chen et al. proposed a remote user authentication scheme for non-tamper-proof storage devices like Universal Serial Bus (USB) stick. A little later, He et al. found that Chen et al.´s scheme suffers from device stolen attack, insider attack and lack of forward secrecy. He et al. improved the scheme by Chen et al. by presenting another scheme. Nonetheless, we detect some security problems in the scheme by He et al.. We show that He et al.´s scheme is vulnerable to off-line password guessing attack. Besides, an attacker can not only impersonate the user impersonation but can also establish a session key with the server, as a result, the scheme lacks proper mutual authentication. Further, the scheme does not protect user´s privacy and a user cannot freely change his password at his will as password updating requires interaction with the server.
Keywords :
message authentication; storage media; USB stick; Universal Serial Bus stick; device stolen attack; forward secrecy lackness; insider attack; nontamper-proof storage devices; offline password guessing attack; password-based remote user authentication scheme; Authentication; Cryptography; Educational institutions; Servers; Smart cards; Universal Serial Bus; authentication; common storage device; off-line password guessing attack; user privacy;
Conference_Titel :
Biometrics and Security Technologies (ISBAST), 2014 International Symposium on
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4799-6443-7
DOI :
10.1109/ISBAST.2014.7013105
