Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments

Authors:
Hao-Rung Chung;Wei-Chi Ku;Maw-Jinn Tsaur
Affiliations:
Department of Computer Science and Information Engineering, Fu Jen Catholic University, Taipei, Taiwan, ROC;Department of Computer and Information Science, National Taichung University, Taichung, Taiwan, ROC;Graduate Institute of Applied Science and Engineering, Fu Jen Catholic University, Taipei, Taiwan, ROC
Venue:
Computer Standards & Interfaces
Year:
2009

Citing 16
Cited 2

Authentication and authenticated key exchanges

Designs, Codes and Cryptography
Password authentication with insecure communication

Communications of the ACM
Examining Smart-Card Security under the Threat of Power Analysis Attacks

IEEE Transactions on Computers
Improving the security of 'a flexible biometrics remote user authentication scheme'

Computer Standards & Interfaces
Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards

Computer Standards & Interfaces
A new method for using hash functions to solve remote user authentication

Computers and Electrical Engineering
A new mutual authentication scheme based on nonce and smart cards

Computer Communications
Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards

Informatica
An improved bilinear pairing based remote user authentication scheme

Computer Standards & Interfaces
A secure dynamic ID based remote user authentication scheme for multi-server environment

Computer Standards & Interfaces
A public key cryptosystem and a signature scheme based on discrete logarithms

IEEE Transactions on Information Theory
A new remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
An efficient remote use authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
Cryptanalysis of a remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
Further improvement of an efficient password based remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics

A secure remote authentication scheme preserving user anonymity with non-tamper resistant smart cards

WSEAS Transactions on Information Science and Applications
A new dynamic ID-Based remote user authentication scheme with forward secrecy

APWeb'12 Proceedings of the 14th international conference on Web Technologies and Applications

Quantified Score

Hi-index	0.01

Visualization

Abstract

Recently, Wang et al. showed that two new verifier-free remote user password authentication schemes, Ku-Chen's scheme and Yoon et al.'s scheme, are vulnerable to an off-line password guessing attack, a forgery attack, and a denial-of-service attack, and then proposed an improved scheme for the real application in resource-limited environments. Unfortunately, we find that Wang et al.'s scheme is still vulnerable to an impersonation attack and an off-line password guessing attack. In addition, Wang et al.'s scheme is not easily reparable and is unable to provide perfect forward secrecy. Finally, we propose an improved scheme with better security strength.