Cryptanalysis of a Markov Chain Based User Authentication Scheme
نویسندگان
چکیده
Session key agreement protocol using smart card is extremely popular in clientserver environment for secure communication. Remote user authentication protocol plays a crucial role in our daily life such as e-banking, bill-pay, online games, e-recharge, wireless sensor network, medical system, ubiquitous devices etc. Recently, Djellali et al. proposed a session key agreement protocol using smart card for ubiquitous devices. The main focus of this paper is to analyze security pitfalls of smart card and password based user authentication scheme. We have carefully reviewed Djellali et al.’s scheme and found that the same scheme suffers from several security weaknesses such as off-line password guessing attack, privileged insider attack. Moreover, we demonstrated that the Djellali et al.’s scheme does not provide proper security protection on the secret key of the server and presents inefficient password change phase.
منابع مشابه
Game-Based Cryptanalysis of a Lightweight CRC-Based Authentication Protocol for EPC Tags
The term "Internet of Things (IoT)" expresses a huge network of smart and connected objects which can interact with other devices without our interposition. Radio frequency identification (RFID) is a great technology and an interesting candidate to provide communications for IoT networks, but numerous security and privacy issues need to be considered. In this paper, we analyze the security and ...
متن کاملMHIDCA: Multi Level Hybrid Intrusion Detection and Continuous Authentication for MANET Security
Mobile ad-hoc networks have attracted a great deal of attentions over the past few years. Considering their applications, the security issue has a great significance in them. Security scheme utilization that includes prevention and detection has the worth of consideration. In this paper, a method is presented that includes a multi-level security scheme to identify intrusion by sensors and authe...
متن کاملCryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity
Dynamic ID-based remote user authentication schemes ensure efficient and anonymous mutual authentication between entities. In 2013, Khan et al. proposed an improved dynamic ID-based authentication scheme to overcome the security flaws of Wang et al.’s authentication scheme. Recently, Sun and Cao showed that Khan et al. does not satisfies the claim of the user’s privacy. Moreover, They proposed ...
متن کاملCryptanalysis of A Dynamic Password Based User Authentication Scheme for HWSNs
Recently, Das, Sharma, Chatterjee and Sing proposed a dynamic password-based user authentication scheme for hierarchical wireless sensor networks (HWSNs). Authors claimed that their authentication scheme can achieve better security and efficiency as compared to those for other related password-based authentication methods. However, in this paper, we found their scheme is insecure and any dishon...
متن کاملCryptanalysis of a User Authentication Protocol
Recently, Peyravin and Jeffries proposed a password-based practical authentication scheme using oneway collision-resistant hash functions. However, Shim and Munilla independently showed that the scheme is vulnerable to off-line guessing attacks. Hölbl, Welzer and Brumenn presented an improved password-based protocols. In the paper, we showed that the improved scheme still suffers from off-line ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015