Security Analysis of A Remote User Authentication Protocol by Liao and Wang
نویسندگان
چکیده
In Elsevier’s journal of Computer Standards & Interfaces, 2007, Liao and Wang proposed an authentication protocol using smart card and claimed that their protocol provides security against replay attacks, active attacks and insider attacks. In addition, they argued that user anonymity is guaranteed. In this paper, we point out that Liao-Wang protocol is vulnerable to an insider attack by presenting a simple method for a malicious server to impersonate any user authenticating to the server. We also demonstrate that user anonymity can be violated as colluding servers can easily track activities of users.
منابع مشابه
A Mutual Authentication Method for Internet of Things
Today, we are witnessing the expansion of various Internet of Things (IoT) applications and services such as surveillance and health. These services are delivered to users via smart devices anywhere and anytime. Forecasts show that the IoT, which is controlled online in the user environment, will reach 25 billion devices worldwide by 2020. Data security is one of the main concerns in the IoT. ...
متن کاملBiometric Authentication of Fingerprint for Banking Users, Using Stream Cipher Algorithm
Providing banking services, especially online banking and electronic payment systems, has always been associated with high concerns about security risks. In this paper, customer authentication for their transactions in electronic banking has been discussed, and a more appropriate way of using biometric fingerprint data, as well as encrypting those data in a different way, has been suggest...
متن کاملSecurity Analysis of Lightweight Authentication Scheme with Key Agreement using Wireless Sensor Network for Agricultural Monitoring System
Wireless sensor networks have many applications in the real world and have been developed in various environments. But the limitations of these networks, including the limitations on the energy and processing power of the sensors, have posed many challenges to researchers. One of the major challenges is the security of these networks, and in particular the issue of authentication in the wireles...
متن کاملWeaknesses of a Secure Dynamic ID Based Remote User Authentication Scheme
In 2009, Liao and Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environments. They achieved user anonymity by using secure dynamic IDs instead of static IDs. Recently, Hsiang and Shih proposed an improved scheme to fix the security flaws found in Liao-Wang’s scheme. Hsiang and Shih claimed that their scheme maintains the benefits and increases the se...
متن کاملDynamic Identity Based Authentication Protocol for Two-Server Architecture
Most of the password based authentication protocols make use of the single authentication server for user’s authentication. User’s verifier information stored on the single server is a main point of susceptibility and remains an attractive target for the attacker. On the other hand, multi-server architecture based authentication protocols make it difficult for the attacker to find out any signi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009