|
|
 |
| |
|
|
|
Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme |
|
|
|
PP: 35-40 |
|
|
|
Author(s) |
|
|
|
SK Hafizul Islam,
G. P. Biswas,
Kim-Kwang Raymond Choo,
|
|
|
|
Abstract |
|
|
| In recent years, several dynamic identity-based two-factor user authentication using password and smartcard have been
proposed to provide mutual authentication between the user and server over unreliable networks. However, the design of secure
cryptographic schemes is still notoriously hard, and there have been several instances of detected flaws in published schemes. For
example in 2010, Hao and Yu demonstrated thatWang et al.’s user authentication scheme is insecure against off-line password guessing
and server masquerade attacks, and proposed an improved scheme. Subsequently in 2012, Chao pointed out that the improved scheme
of Hao and Yu is, unfortunately, susceptible to off-line password guessing and server masquerade attacks, and prone to password
backward security problem; and proposed an enhanced scheme. In this paper, we demonstrated that Chao’s enhanced scheme is not
secure against user masquerade attack, server masquerade attack, insider attack and off-line password guessing attack in violation of its
security claim as well as it fails to achieve users’ anonymity. |
|
|
|
|
|
|
|
