New Cryptanalysis Paradigm on a Nonce-based Mutual Authentication Scheme
نویسندگان
چکیده
In 2005, Lee, Kim, and Yoo proposed a nonce-based mutual authentication scheme using smart cards. However, this paper demonstrates that Lee-Kim-Yoo’s scheme is vulnerable to an impersonation attack that the attacker without knowing the remote user’s any secret can masquerade as him by obtaining the valid authentication message from any normal session between the remote user and the system. Our purpose is to emphasize that it is dangerous that the remote user and the system separately implement their authentication operations without any logical relation to achieve the mutual authentication. Furthermore, we suggest that the tool of matching conversations would be useful as a sanity check to find this kind of the security breach.
منابع مشابه
Game-Based Cryptanalysis of a Lightweight CRC-Based Authentication Protocol for EPC Tags
The term "Internet of Things (IoT)" expresses a huge network of smart and connected objects which can interact with other devices without our interposition. Radio frequency identification (RFID) is a great technology and an interesting candidate to provide communications for IoT networks, but numerous security and privacy issues need to be considered. In this paper, we analyze the security and ...
متن کاملAn ECC-Based Mutual Authentication Scheme with One Time Signature (OTS) in Advanced Metering Infrastructure
Advanced metering infrastructure (AMI) is a key part of the smart grid; thus, one of the most important concerns is to offer a secure mutual authentication. This study focuses on communication between a smart meter and a server on the utility side. Hence, a mutual authentication mechanism in AMI is presented based on the elliptic curve cryptography (ECC) and one time signature (OTS) consists o...
متن کاملA nonce-based mutual authentication system with smart card
User authentication is an important security mechanism for recognizing legal remote users. We propose an available and secure authentication scheme for service provider to verify users without using verification table. It can resist most of the attacks by improving nonce-based mutual authentication mechanism, and ensure the security by dynamic session key. User may change his password freely. O...
متن کاملAn Improved Securer and Efficient Nonce-Based Authentication Scheme with Token-Update
In this paper, we propose a mutual authentication scheme using nonce variable instead of Mac address and accompanying with token updates to improve the functionality. Lee et al. (2005a) and Shi et al. (2006) proposed the site authentication schemes by using the generating random numbers. The site authentication can identify a personal computer using LAN card’s Mac address, but the Mac address i...
متن کاملArtemia: a family of provably secure authenticated encryption schemes
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the in...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 6 شماره
صفحات -
تاریخ انتشار 2008