Cryptanalysis of a Timestamp-Based Password Authentication Scheme
نویسندگان
چکیده
Recently, J.-J. Shen, C.-W. Lin and M.-S. Hwang (Computers & Security, Vol 22, No 7, pp 591-595, 2003) proposed a modified Yang-Shieh scheme to enhance security. They claimed that their modified scheme can withstand the forged login attack and also provide a mutual authentication method to prevent the forged server attack. In this paper, we show that the Shen-Lin-Hwang scheme cannot resist the forged login attack either. The intruder is able to forge a valid forge request of a legitimate user Ui and then successfully impersonate him by intercepting a login request sent by Ui and registering a smart card.
منابع مشابه
An Efficient Password Authentication Scheme for Smart Card
Yang-Wang-Chang proposed an improved timestamp associated password authentication scheme based on YangShieh, who had earlier proposed timestamp-based remote authentication scheme using smart cards. In this paper, we propose an efficient password authentication scheme with smart card applying RSA. The proposed scheme withstands most of the attacks with minimum computational cost.
متن کاملAn improvement of the Yang-Shieh password authentication schemes
Recently, Yang and Shieh proposed two password authentication schemes by employing smart cards. One is a timestamp-based password authentication scheme and the other is a nonce-based password authentication scheme. In 2002, Chan and Cheng pointed out that Yang and Shieh’s timestamp-based password authentication scheme was vulnerable to the forgery attack. However, in 2003, Sun and Yeh pointed o...
متن کاملA Robust and Efficient Timestamp-based Remote User Authentication Scheme with Smart Card Lost Attack Resistance
Password-based authentication scheme with smart card is an important part of security for accessing remote servers. In 2011, Awasthi et al. proposed an improved timestampbased remote user authentication scheme to eliminate the attacks in Shen et al.’s. However, we find that their scheme is vulnerable to the privileged insider, the lost smart card, the password guessing, the replay, the modifica...
متن کاملCryptanalysis of Timestamp-Based Password Authentication Schemes Using Smart Cards
Password authentication is an important mechanism for remote login systems, where only authorized users can be authenticated via using their passwords and/or some similar secrets. In 1999, Yang and Shieh [14] proposed two password authentication schemes using smart cards. Their schemes are not only very efficient, but also allow users to change their passwords freely and the server has no need ...
متن کاملAn Improved Timestamp-Based Password Remote User Authentication Scheme
In 2003, Shen et al [4] proposed a timestamp-based password authentication scheme in which remote server does not need to store the passwords or verification table for users authentication. Unfortunately Wang and Li[6], E.J.Yoon [8], Lieu et al.[3], analyzed independently the Shen Lin Scheme [4] and was found to be vulnerable to some deadly attacks. In continuation to it, this paper analyzes fe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computers & Security
دوره 21 شماره
صفحات -
تاریخ انتشار 2002