OPUS: preventing weak password choices
Computers and Security
Password authentication with insecure communication
Communications of the ACM
Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
Privacy Protection for Transactions of Digital Goods
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
An improved smart card based password authentication scheme with provable security
Computer Standards & Interfaces
Impact of restrictive composition policy on user password choices
Behaviour & Information Technology
Design and Implementation of an Electromagnetic Analysis System for Smart Cards
CIS '11 Proceedings of the 2011 Seventh International Conference on Computational Intelligence and Security
Secure dynamic identity-based remote user authentication scheme
ICDCIT'10 Proceedings of the 6th international conference on Distributed Computing and Internet Technology
Cryptanalysis and improvement of sood et al.'s dynamic ID-Based authentication scheme
ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
Mobile Privacy in Wireless Networks-Revisited
IEEE Transactions on Wireless Communications
On the security of public key protocols
IEEE Transactions on Information Theory
An efficient remote use authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
Security of two remote user authentication schemes using smart cards
IEEE Transactions on Consumer Electronics
IEEE Transactions on Consumer Electronics
Secure password-based remote user authentication scheme with non-tamper resistant smart cards
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Hi-index | 0.00 |
In 2005, Lee et al. proposed a secure smart card based remote user authentication scheme to improve the security of Chien et al.'s scheme. More recently, Sood et al. pointed out that Lee et al.'s scheme is still vulnerable to the reflection attack, off-line password guessing attack, user impersonation attack and fails to preserve user anonymity. Consequently, Sood et al. proposed a more secure remote user authentication scheme, which is an improvement over Lee et al.'s scheme to overcome their security drawbacks. In this study, however, we find that Sood et al.'s scheme still cannot achieve the claimed security and report its following flaws: (1) It fails to preserve user anonymity under their non-tamper resistance assumption of the smart card; (2) It cannot withstand stolen-verifier attack. The proposed cryptanalysis discourages any use of the scheme for practical applications.