A security risk of depending on synchronized clocks
ACM SIGOPS Operating Systems Review
Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
An improved smart card based password authentication scheme with provable security
Computer Standards & Interfaces
Coupling-Based Internal Clock Synchronization for Large-Scale Dynamic Distributed Systems
IEEE Transactions on Parallel and Distributed Systems
An Advanced ECC Dynamic ID-Based Remote Mutual Authentication Scheme for Cloud Computing
MUE '11 Proceedings of the 2011 Fifth FTRA International Conference on Multimedia and Ubiquitous Engineering
Formal analysis and systematic construction of two-factor authentication scheme (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Cloud computing and security challenges
Proceedings of the 50th Annual Southeast Regional Conference
Cryptanalysis and improvement of sood et al.'s dynamic ID-Based authentication scheme
ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
Side-channel analysis of cryptographic RFIDs with analog demodulation
RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
Secure password-based remote user authentication scheme with non-tamper resistant smart cards
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Hi-index | 0.00 |
The design of secure remote user authentication schemes for mobile devices in Cloud Computing is still an open and quite challenging problem, though many such schemes have been published lately. Recently, Chen et al. pointed out that Yang and Chang's ID-based authentication scheme based on elliptic curve cryptography (ECC) is vulnerable to various attacks, and then presented an improved password based authentication scheme using ECC to overcome the drawbacks. Based on heuristic security analysis, Chen et al. claimed that their scheme is more secure and can withstand all related attacks. In this paper, however, we show that Chen et al.'s scheme cannot achieve the claimed security goals and report its flaws: (1) It is vulnerable to offline password guessing attack; (2) It fails to preserve user anonymity; (3) It is prone to key compromise impersonation attack; (4) It suffers from the clock synchronization problem. The cryptanalysis demonstrates that the scheme under study is unfit for practical use in Cloud Computing environment.