Authentication and authenticated key exchanges
Designs, Codes and Cryptography
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Security enhancement for Optimal Strong-Password Authentication protocol
ACM SIGOPS Operating Systems Review
A novel key agreement scheme in a multiple server environment
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
A new remote user authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
An efficient remote use authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
| Hi-index | 0.00 |
A password based remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. This paper discusses the security of Chen et al.'s remote user authentication scheme making use of smart cards. They have recently presented an improved version of Lin, Shen, and Hwang's scheme. But, unlike their claims, in Chen et al.'s scheme, if an attacker gains access to some user's smart card and extracts the information stored in the smart card, he/she can easily find out the user's password. We show this by mounting a dictionary attack on the scheme. In addition, Chen et al.'s scheme does not support its main security goal of authenticating between a remote individual and the server. This is shown via a sever impersonation attack on the scheme. Motivated by these security flaws, we propose a more secure remote user authentication scheme that achieves both two-factor security and mutual authentication.