Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards

被引:86
作者
Ku, WC [1 ]
Chang, ST [1 ]
机构
[1] Fu Jen Catholic Univ, Dept Comp Sci & Informat Engn, Taipei 242, Taiwan
来源
IEICE TRANSACTIONS ON COMMUNICATIONS | 2005年 / E88B卷 / 05期
关键词
dynamic ID; impersonation attack; password authentication; reparability; smart card;
D O I
10.1093/ietcom/e88-b.5.2165
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
Recently, Das et al. proposed a dynamic ID-based verifier-free password authentication scheme using smart cards. To resist the ID-theft attack, the user's login ID is dynamically generated and one-time used. Herein, we demonstrate that Das et al.'s scheme is vulnerable to an impersonation attack, in which the adversary can easily impersonate any user to login the server at any time. Furthermore, we also show several minor weaknesses of Das et al.'s scheme.
引用
收藏
页码:2165 / 2167
页数:3
相关论文
共 18 条
[1]   REMOTE PASSWORD AUTHENTICATION WITH SMART CARDS [J].
CHANG, CC ;
WU, TC .
IEE PROCEEDINGS-E COMPUTERS AND DIGITAL TECHNIQUES, 1991, 138 (03) :165-168
[2]  
Cheng-Chi Lee, 2002, Operating Systems Review, V36, P46, DOI 10.1145/567331.567335
[3]   An efficient and practical solution to remote authentication: Smart card [J].
Chien, HY ;
Jan, JK ;
Tseng, YM .
COMPUTERS & SECURITY, 2002, 21 (04) :372-375
[4]   A modified remote login authentication scheme based on geometric approach [J].
Chien, HY ;
Jan, JK ;
Tseng, YM .
JOURNAL OF SYSTEMS AND SOFTWARE, 2001, 55 (03) :287-290
[5]   A dynamic ID-based remote user authentication scheme [J].
Das, ML ;
Saxena, A ;
Gulati, VP .
IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, 2004, 50 (02) :629-631
[6]   An enhancement of timestamp-based password authentication scheme [J].
Fan, L ;
Li, JH ;
Zhu, HW .
COMPUTERS & SECURITY, 2002, 21 (07) :665-667
[7]   A new remote user authentication scheme using smart cards [J].
Hwang, MS ;
Li, LH .
IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, 2000, 46 (01) :28-30
[8]  
Hwang Tzonelih, 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems (Cat. No.90CH2866-2), P429, DOI 10.1109/TENCON.1990.152647
[9]  
HWANG T, 1995, IEEE T COMMUN, V43, P1947
[10]  
Kocher P., 1999, Advances in Cryptology - CRYPTO'99. 19th Annual International Cryptology Conference. Proceedings, P388
12