Weakness and improvement on Wang-Li-Tie's user-friendly remote authentication scheme
نویسندگان
چکیده
In an open network environment, the remote authentication scheme using smart cards is a very practical solution to validate the legitimacy of a remote user. In 2003, Wu and Chieu presented a user-friendly remote authentication scheme using smart cards. Recently, Wang, Li, and Tie found that Wu–Chieu s scheme is vulnerable to the forged login attack, and then presented an improvement to eliminate this vulnerability. In our opinion, the smart card plays an important role in those schemes. Therefore, we demonstrate that Wang–Li–Tie s scheme is not secure under the smart card loss assumption. If an adversary obtains a legal user s smart card even without the user s corresponding password, he can easily use it to impersonate the user to pass the server s authentication. We further propose an improved scheme to overcome this abuse of the smart card. 2005 Elsevier Inc. All rights reserved. 0096-3003/$ see front matter 2005 Elsevier Inc. All rights reserved. doi:10.1016/j.amc.2005.01.013 * Corresponding author. E-mail addresses: [email protected] (D.-Z. Sun), [email protected] (J.-D. Zhong), [email protected] (Y. Sun). 1186 D.-Z. Sun et al. / Appl. Math. Comput. 170 (2005) 1185–1193
منابع مشابه
An enhanced biometrics-based remote user authentication scheme using mobile devices
Remote user authentication is a mechanism, in which the remote server verifies the legitimacy of a user over an insecure communication channel. Recently, Wang and Li proposed a fingerprint-based remote user authentication scheme using mobile devices. We demonstrate that their scheme is vulnerable and susceptible to many attacks and has some practical pitfalls. To solve these problems, we propos...
متن کاملImprovement of Li-Hwang’s Biometrics-based Remote User Authentication Scheme using Smart Cards
Recently, Li and Hwang proposed an efficient biometrics-based remote user authentication scheme without storing the password tables. Their scheme uses random numbers to solve the problem of synchronized clocks. It also enables the user to freely choose or change their passwords. At the same time, they claimed that their scheme provides security, reliability and efficiency. However, we found tha...
متن کاملAn Improved Remote User Password Authentication Scheme Using Smart Card with Session Key Agreement
Remote user authentication is a mechanism, in which the remote server verifies the legitimacy of a user over an insecure communication. Password authentication based on smart cards is one of the simplest and most efficient authentication methods and is a commonly deployed to authenticate the legitimacy of remote users. Based on cryptographic techniques, several password authentication schemes h...
متن کاملCryptanalysis and Improvement on Robust Three-Factor Remote User Authentication Scheme with Key Agreement for Multimedia System
A three-factor authentication combines biometrics information with user password and smart card to provide security-enhanced user authentication. An proposed user authentication scheme improved Das’s scheme. But An’s scheme is not secure against denial of service attack in login phase, forgery attack. Li et al. pointed out them and proposed three-factor remote user authentication scheme with ke...
متن کاملCryptanalysis of a user friendly remote authentication scheme with smart cards
Recently, Wu-Chieu proposed an efficient and friendly remote authentication scheme with smart card. This scheme is very elaborate since no password table in the remote system and could keep as well as low communication and low computation costs. In addition, freely choosing and changing password is very friendly for users. However, their scheme could not withstand the forged attack. Flaw is pro...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Applied Mathematics and Computation
دوره 170 شماره
صفحات -
تاریخ انتشار 2005