Cryptanalysis to a remote user authentication scheme using smart cards for multi-server environment

Authors:
Youngsook Lee;Jeeyeon Kim;Dongho Won
Affiliations:
Department of Cyber Investigation Police, Howon University, Korea;Department of Computer Engineering, Sungkyunkwan University, Korea;Department of Computer Engineering, Sungkyunkwan University, Korea
Venue:
HI'11 Proceedings of the 2011 international conference on Human interface and the management of information - Volume Part I
Year:
2011

Citing 8
Cited 3

Examining Smart-Card Security under the Threat of Power Analysis Attacks

IEEE Transactions on Computers
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Flexible User Authentication Scheme for Multi-server Internet Services

ICN '01 Proceedings of the First International Conference on Networking-Part 1
An Efficient and Secure Multi-Server Password Authentication Scheme using Smart Cards

CW '04 Proceedings of the 2004 International Conference on Cyberworlds
A secure dynamic ID based remote user authentication scheme for multi-server environment

Computer Standards & Interfaces
Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment

Computer Standards & Interfaces
Efficient multi-server password authenticated key agreement using smart cards

IEEE Transactions on Consumer Electronics
A remote password authentication scheme for multiserver architecture using neural networks

IEEE Transactions on Neural Networks

On the security of an novel protocol for downloadable CAS

Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
An enhanced remote user authentication scheme using smart card

Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
Robust Smart Card Authentication Scheme for Multi-server Architecture

Wireless Personal Communications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, Hsiang et al. proposed a remote user authentication scheme suited for multi-server environment, in which users can be authenticated anonymously using a smart card. This work reviews Hsiang et al.'s scheme and provides a security analysis on the scheme. Our analysis shows that Hsiang et al.'s scheme does not achieve its fundamental goal of not only any kind of authentication, either server-touser authentication or user-to-server authentication but also password security. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Hsiang et al.'s scheme. In addition, we demonstrate that their scheme is vulnerable to two-factor security which guarantees the security of the scheme when either the user's smart card or its password is stolen, but not both by employing the off-line dictionary attack.