Comments on Five Smart Card Based Password Authentication Protocols
نویسندگان
چکیده
In this paper, we use the ten security requirements proposed by Liao et al. for a smart card based authentication protocol to examine five recent work in this area. After analyses, we found that the protocols of Juang et al.¡s , Hsiang et al.¡s, Kim et al.¡s, and Li et al.¡s all suffer from offline password guessing attack if the smart card is lost, and the protocol of Xu et al.¡s is subjected to an insider impersonation attack. Keywordspassword authentication protocol; insider attack; smart card loss problem; password guessing attack
منابع مشابه
Password Protected Smart Card and Memory Stick Authentication against Off-Line Dictionary Attacks
We study the security requirements for remote authentication with password protected smart card. In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols are used for the protection of password based authentication between a client and a remote server. In this paper, we will focus on the password based authentication between a smart ca...
متن کاملComments on Three Multi-Server Authentication Protocols
Recently, Tsai et al., Liao et al. and Li et al. each proposed a multi-server authentication protocol. They claimed their protocols are secure and can withstand various attacks. However, we found some security loopholes in each of their schemes, for example, both Tsai et al.’s and Liao et al.‘s schemes suffers from server spoofing attack by an insider server. Li et al.s’ suffers from the lost s...
متن کاملA Password and Smart Card Based User Authentication Mechanism for Multi-Server Environments
Secure user authentication without repeating registration is one of the important issues in multi-server networks that needs to be adequately addressed. Recently, two-factor (smart card and password) based remote user authentication protocols have been widely introduced due to their low constructional cost and convenient usability for the authentication purpose. In 2011, Chang and Cheng propose...
متن کاملSecurity Weaknesses of Dynamic ID-based Remote User Authentication Protocol
Recently, with the appearance of smart cards, many user authentication protocols using smart card have been proposed to mitigate the vulnerabilities in user authentication process. In 2004, Das et al. proposed a ID-based user authentication protocol that is secure against ID-theft and replay attack using smart card. In 2009, Wang et al. showed that Das et al.’s protocol is not secure to randoml...
متن کاملTwo Improved Multi-server Authentication Protocols Based on Hash Function and Smart Card
To use the network services provided by multiple servers in mobile wireless network, recently, Tsai proposed a hash function and smart card based multi-server authentication protocol. Chen et al. showed that Tsai’s scheme cannot resist the server spoofing attack, and proposed a novel one. In this paper, we show that Chen et al.’s protocol cannot resist off-line password guessing attacks, and pr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2010 شماره
صفحات -
تاریخ انتشار 2010