Cryptanalysis of a Timestamp-Based Password Authentication Scheme

نویسندگان

  • Chi-Kwong Chan
  • Lee-Ming Cheng
چکیده

Recently, J.-J. Shen, C.-W. Lin and M.-S. Hwang (Computers & Security, Vol 22, No 7, pp 591-595, 2003) proposed a modified Yang-Shieh scheme to enhance security. They claimed that their modified scheme can withstand the forged login attack and also provide a mutual authentication method to prevent the forged server attack. In this paper, we show that the Shen-Lin-Hwang scheme cannot resist the forged login attack either. The intruder is able to forge a valid forge request of a legitimate user Ui and then successfully impersonate him by intercepting a login request sent by Ui and registering a smart card.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An Efficient Password Authentication Scheme for Smart Card

Yang-Wang-Chang proposed an improved timestamp associated password authentication scheme based on YangShieh, who had earlier proposed timestamp-based remote authentication scheme using smart cards. In this paper, we propose an efficient password authentication scheme with smart card applying RSA. The proposed scheme withstands most of the attacks with minimum computational cost.

متن کامل

An improvement of the Yang-Shieh password authentication schemes

Recently, Yang and Shieh proposed two password authentication schemes by employing smart cards. One is a timestamp-based password authentication scheme and the other is a nonce-based password authentication scheme. In 2002, Chan and Cheng pointed out that Yang and Shieh’s timestamp-based password authentication scheme was vulnerable to the forgery attack. However, in 2003, Sun and Yeh pointed o...

متن کامل

A Robust and Efficient Timestamp-based Remote User Authentication Scheme with Smart Card Lost Attack Resistance

Password-based authentication scheme with smart card is an important part of security for accessing remote servers. In 2011, Awasthi et al. proposed an improved timestampbased remote user authentication scheme to eliminate the attacks in Shen et al.’s. However, we find that their scheme is vulnerable to the privileged insider, the lost smart card, the password guessing, the replay, the modifica...

متن کامل

Cryptanalysis of Timestamp-Based Password Authentication Schemes Using Smart Cards

Password authentication is an important mechanism for remote login systems, where only authorized users can be authenticated via using their passwords and/or some similar secrets. In 1999, Yang and Shieh [14] proposed two password authentication schemes using smart cards. Their schemes are not only very efficient, but also allow users to change their passwords freely and the server has no need ...

متن کامل

An Improved Timestamp-Based Password Remote User Authentication Scheme

In 2003, Shen et al [4] proposed a timestamp-based password authentication scheme in which remote server does not need to store the passwords or verification table for users authentication. Unfortunately Wang and Li[6], E.J.Yoon [8], Lieu et al.[3], analyzed independently the Shen Lin Scheme [4] and was found to be vulnerable to some deadly attacks. In continuation to it, this paper analyzes fe...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Computers & Security

دوره 21  شماره 

صفحات  -

تاریخ انتشار 2002