Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Password authentication with insecure communication
Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Security enhancement for password authentication schemes with smart cards
TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
A new remote user authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
IEEE Transactions on Consumer Electronics
Hi-index | 0.00 |
Password authentication is an important mechanism for remote login systems, where only authorized users can be authenticated via using their passwords and/or some similar secrets. In 1999, Yang and Shieh [14] proposed two password authentication schemes using smart cards. Their schemes are not only very efficient, but also allow users to change their passwords freely and the server has no need to maintain a verification table for authenticating users. However, their schemes are later identified to be flawed. To overcome those security flaws, Shen et al. [9] and Yoon et al. [17] proposed further improvements and claimed their new schemes are secure. In this paper, we first point out that Yang et al.'s attack [15] against Shen et al.'s scheme is actually invalid, since we can show that in a real implementation it is extremely difficult to find two hash values such that one is divisible by the other. After that, we show that both of Shen et al.' scheme and Yoon et al.'s scheme are insecure by identifying several effective impersonation attacks. Those attacks enable an outsider to be successfully authenticated and then enjoy the resources and/or services provided by the server.