Authentication and authenticated key exchanges
Designs, Codes and Cryptography
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Password authentication with insecure communication
Communications of the ACM
Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
Vulnerabilities of Wu-Chieu's Improved Password Authentication Scheme Using Smart Cards
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Security enhancement for password authentication schemes with smart cards
TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
Security enhancement of a remote user authentication scheme using smart cards
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
A simple remote user authentication scheme
Mathematical and Computer Modelling: An International Journal
A new remote user authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
An efficient remote use authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
Cryptanalysis of a remote user authentication scheme using smart cards
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
| Hi-index | 0.01 |
Agent technology is emerging as a new software paradigm in the areas of distributed computing. The use of multiple agents is a common technique in agent-based systems. In distributed agent systems, for secure communication, the communicating agents should authenticate each other by using authentication protocols. A remote agent authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. This paper discusses the security of Yoon et al.'s remote agent authentication scheme making use of smart cards. Yoon et al.'s scheme was proposed to solve the security problem with Hwang et al.'s authentication scheme and was claimed to provide mutual authentication between the server and the remote agent. But, unlike the claim, in Yoon et al.'s scheme, if an attacker steals some agent's smart card and extracts the information stored in the smart card, he/she can violate the authentication goal of the scheme without knowing the agent's password. We show this by mounting two attacks, a agent impersonation attack and a sever impersonation attack, on Yoon et al's scheme. In addition, in Yoon et al.'s scheme, if an attacker steals some agent's smart card and extracts the information stored in the smart card and reads Ui's login massage, he/she can violate its fundamental goal of a password security. We show this by mounting a dictionary attack on Yoon et al.'s scheme and also figure out what has gone wrong with the scheme.