Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Flexible User Authentication Scheme for Multi-server Internet Services
ICN '01 Proceedings of the First International Conference on Networking-Part 1
An Efficient and Secure Multi-Server Password Authentication Scheme using Smart Cards
CW '04 Proceedings of the 2004 International Conference on Cyberworlds
A secure dynamic ID based remote user authentication scheme for multi-server environment
Computer Standards & Interfaces
Computer Standards & Interfaces
Efficient multi-server password authenticated key agreement using smart cards
IEEE Transactions on Consumer Electronics
A remote password authentication scheme for multiserver architecture using neural networks
IEEE Transactions on Neural Networks
On the security of an novel protocol for downloadable CAS
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
An enhanced remote user authentication scheme using smart card
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
Robust Smart Card Authentication Scheme for Multi-server Architecture
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Recently, Hsiang et al. proposed a remote user authentication scheme suited for multi-server environment, in which users can be authenticated anonymously using a smart card. This work reviews Hsiang et al.'s scheme and provides a security analysis on the scheme. Our analysis shows that Hsiang et al.'s scheme does not achieve its fundamental goal of not only any kind of authentication, either server-touser authentication or user-to-server authentication but also password security. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Hsiang et al.'s scheme. In addition, we demonstrate that their scheme is vulnerable to two-factor security which guarantees the security of the scheme when either the user's smart card or its password is stolen, but not both by employing the off-line dictionary attack.