Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards

被引:45
作者
Hsiang, Han-Cheng [1 ,2 ]
Shih, Wei-Kuan [1 ]
机构
[1] Natl Tsing Hua Univ, Dept Comp Sci, Hsingchu 300, Taiwan
[2] Vanung Univ Sci & Technol, Dept Informat Management, Chungli 320, Taiwan
来源
COMPUTER COMMUNICATIONS | 2009年 / 32卷 / 04期
关键词
Authentication; Cryptography; Password guessing attack; Parallel session attack; PASSWORD AUTHENTICATION; EFFICIENT; SECURITY;
D O I
10.1016/j.comcom.2008.11.019
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Remote user authentication scheme is a procedure which allows a server to authenticate a remote user through insecure channel. Recently, Yoon, Ryu and Yoo made an enhancement based on Ku-Chen's remote user authentication scheme by using smart cards. The scheme has the merits of providing mutual authentication, no verification table, freely choosing password, involving only few hashing operations and parallel session attack resistance. In this paper, we point out security flaws of Yoon-Ryu-Yoo's protocols against masquerading attack, off-line password guessing attacks and parallel session attack. An improvement to enhance Yoon-Ryu-Yoo's security scheme is proposed. Crown Copyright (C) 2008 Published by Elsevier B.V. All rights reserved.
引用
收藏
页码:649 / 652
页数:4
相关论文
共 13 条
[1]  
[Anonymous], INFORM PROCESSING LE
[2]   An efficient and practical solution to remote authentication: Smart card [J].
Chien, HY ;
Jan, JK ;
Tseng, YM .
COMPUTERS & SECURITY, 2002, 21 (04) :372-375
[3]   Security improvement on Chien et al.'s remote user authentication scheme using smart cards [J].
Duan, Xiaoyi ;
Liu, JianWei ;
Zhang, Qishan .
2006 INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY, PTS 1 AND 2, PROCEEDINGS, 2006, :1133-1135
[4]  
Hsu CL, 2004, COMP STAND INTER, V26, P167, DOI [10.1016/S0920-5489(03)00094-1, 10.1016/s0920-5489(03)00094-1]
[5]   A new remote user authentication scheme using smart cards [J].
Hwang, MS ;
Li, LH .
IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, 2000, 46 (01) :28-30
[6]  
Kocher P., 1999, Advances in Cryptology - CRYPTO'99. 19th Annual International Cryptology Conference. Proceedings, P388
[7]   Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards [J].
Ku, WC ;
Chen, SM .
IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, 2004, 50 (01) :204-207
[8]  
Ku WC, 2003, IEICE T COMMUN, VE86B, P1682
[9]   PASSWORD AUTHENTICATION WITH INSECURE COMMUNICATION [J].
LAMPORT, L .
COMMUNICATIONS OF THE ACM, 1981, 24 (11) :770-772
[10]   CRYPTOGRAPHIC AUTHENTICATION OF TIME-INVARIANT QUANTITIES [J].
LENNON, RE ;
MATYAS, SM ;
MEYER, CH .
IEEE TRANSACTIONS ON COMMUNICATIONS, 1981, 29 (06) :773-777
12