Cryptanalysis on Tan-Zhu Remote Password Authentication Scheme
نویسندگان
چکیده
In 1999, Tan and Zhu proposed a remote password authentication scheme that is the first remote login scheme using smart cards based on cross product of matrixes. The scheme is efficient and flexible as compared with other matrix-based remote authentication schemes. However, Chien, Jan, and Tseng have shown that an attacker can impersonate a legitimate user to login the system in the scheme. This paper will present another possible attack on Tan-Zhu scheme and it may also threaten the security of the scheme. If the format checking for the identities of users is not sufficient in the authentication phase of the protocol, the proposed attack will be valid such that attackers can forge valid authentication messages for the users who have not registered with the system yet and then successfully login the system.
منابع مشابه
Cryptanalysis of Tan's Improvement on a Password Authentication Scheme for Multi-server Environments
Smart cards have been applied on password authentication in recent years. A user can input his/her identity and password to require services from the remote server. There are various attacks through an insecure network to obtain a user’s information. Therefore, many schemes are proposed to guarantee secure communication. However, a lot of schemes are not secure. Recently, Tan proposed an improv...
متن کاملCryptanalysis of Two ID Based Password Authentication Schemes for Multi-server Environments
Recently, Hsiang and Shih proposed a secure dynamic ID based remote user authentication scheme for multi-server environment. In this paper, we show that Hsiang and Shih's scheme is still vulnerable to off-line password guessing attacks, impersonation attacks and server spoofing attacks. And it cannot resist agai nst extracting secr et data by in tercepting th e authentication m essage. Chen , H...
متن کاملCryptanalysis of a Novel Remote User Authentication Scheme
In 2005, Manik et al. [5] propose a novel remote user authentication scheme using bilinear pairings which allows a valid user to login to the remote system but prohibits too many users to login with the same login-ID. It also provides a flexible password change function. In the same year Chou et al.’s [3] proposed an impersonation attack on their user authentication scheme and also proposed the...
متن کاملCryptanalysis of a User Authentication Protocol
Recently, Peyravin and Jeffries proposed a password-based practical authentication scheme using oneway collision-resistant hash functions. However, Shim and Munilla independently showed that the scheme is vulnerable to off-line guessing attacks. Hölbl, Welzer and Brumenn presented an improved password-based protocols. In the paper, we showed that the improved scheme still suffers from off-line ...
متن کاملCryptanalysis of Robust Three-Factor Remote User Authentication Scheme with Key Agreement for Multimedia System
A three-factor authentication combines biometrics information with user password and smart card to provide security-enhanced user authentication. An’s scheme provides more improved user authentication than Das’s scheme. But An’s scheme is not secure against denial of service attack in login phase, forgery attack. Li et al. pointed out them and proposed three-factor remote user authentication sc...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006