Title :
Cryptanalysis and Improvement of User Authentication Scheme using Smart Cards for Multi-Server Environments
Author :
Cao, Zhen-Fu ; Sun, Da-zhi
Author_Institution :
Dept. of Comput. Sci. & Technol., Shanghai Jiao Tong Univ.
Abstract :
For providing the login service in multi-server environments, Fan, Xu, and Li presented a remote user authentication scheme using smart cards. In this paper, we demonstrate that Fan-Xu-Li´s scheme is vulnerable to the parallel session attack. That is, when a legal user logs in a server, an adversary without knowing any secret information can easily impersonate the user to log in other authorized servers. It means that a serious security flaw exists in Fan-Xu-Li´s scheme. In addition to being practical, it is desirable to avoid relying on timestamps for security in their scheme. We therefore propose an improved scheme to overcome above disadvantages. As a unilateral authentication mechanism, our improved scheme is more suitable for real-life cryptographic applications than Fan-Xu-Li´s scheme
Keywords :
authorisation; cryptography; file servers; message authentication; smart cards; Fan-Xu-Li scheme; cryptanalysis; login service; multiserver environment; parallel session attack; smart card; user authentication scheme; Authentication; Computer science; Cryptography; Cybernetics; File servers; Information security; Law; Legal factors; Machine learning; Network servers; Smart cards; Sun; Authentication; Multi-server; Parallel session attack; Smart card; Synchronization;
Conference_Titel :
Machine Learning and Cybernetics, 2006 International Conference on
Conference_Location :
Dalian, China
Print_ISBN :
1-4244-0061-9
DOI :
10.1109/ICMLC.2006.259062
