Attacks on the (enhanced) Yang-Shieh authentication
نویسندگان
چکیده
The Yang-Shieh authentication is a timestamp based password authentication scheme that uses smart cards [1]. In [2,3], various attacks on this scheme are described. However, an enhancement of the scheme is proposed in [3] and enables the scheme to resist these existing attacks. In this paper, we show two new attack that can break the enhanced scheme. We further point out that the fundamental computational assumption of the Yang-Shieh authentication scheme is incorrect.
منابع مشابه
Formal analysis of Jan–Chen, Yang–Shen–Shieh, Kim–Huh–Hwang– Lee, Lin–Sun–Hwang, and Yeh–Sun protocols
Despite the importance of proofs in assuring protocol implementers about the security properties of key establishment protocols, many protocol designers fail to provide any proof of security. Flaws detected long after the publication and/or implementation of protocols will erode the credibility of key establishment protocols. We revisit recent work of Choo, Boyd, Hitchcock, Maitland where they ...
متن کاملAn improvement of the Yang-Shieh password authentication schemes
Recently, Yang and Shieh proposed two password authentication schemes by employing smart cards. One is a timestamp-based password authentication scheme and the other is a nonce-based password authentication scheme. In 2002, Chan and Cheng pointed out that Yang and Shieh’s timestamp-based password authentication scheme was vulnerable to the forgery attack. However, in 2003, Sun and Yeh pointed o...
متن کاملCryptanalysis of Timestamp-Based Password Authentication Schemes Using Smart Cards
Password authentication is an important mechanism for remote login systems, where only authorized users can be authenticated via using their passwords and/or some similar secrets. In 1999, Yang and Shieh [14] proposed two password authentication schemes using smart cards. Their schemes are not only very efficient, but also allow users to change their passwords freely and the server has no need ...
متن کاملPassword authentication schemes with smart cards
In this paper, two password authentication schemes with smart cards are proposed. In the schemes, users can change their passwords freely, and the remote system does not need the directory of passwords or verification tables to authenticate users. Once the secure network environment is set up, authentication can be handled solely by the two parties involved. For a network without synchronized c...
متن کاملHMAC-Based Authentication Protocol: Attacks and Improvements
As a response to a growing interest in RFID systems such as Internet of Things technology along with satisfying the security of these networks, proposing secure authentication protocols are indispensable part of the system design. Hence, authentication protocols to increase security and privacy in RFID applications have gained much attention in the literature. In this study, security and privac...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Computers & Security
دوره 22 شماره
صفحات -
تاریخ انتشار 2003