| Weaknesses of a Forward-Secure User Authentication Scheme with Smart Cards | |
|---|---|
| 學年 | 96 |
| 學期 | 2 |
| 發表日期 | 2008-05-16 |
| 作品名稱 | Weaknesses of a Forward-Secure User Authentication Scheme with Smart Cards |
| 作品名稱(其他語言) | |
| 著者 | Horng, Wen-Bing; Lee, Cheng-Ping |
| 作品所屬單位 | 淡江大學資訊工程學系 |
| 出版者 | |
| 會議名稱 | ICIM 2008第十九屆國際資訊管理學術研討會 |
| 會議地點 | 臺北市, 臺灣 |
| 摘要 | Remote user authentication is a mechanism for validating users' legitimacy to access the services provided by remote systems over an insecure network. In 1981, Lamport proposed a one-time password remote authentication scheme. However, this scheme needs to maintain a verification table in the remote server. Thus, it is vulnerable to the stolen-verifier attack and the modification attack. To cope with these drawbacks, in 2000, Hwang and Li proposed a novel remote user authentication scheme using smart cards based on the ElGamal public key cryptosystems. Later, Chan and Cheng pointed out that Hwang-Li's scheme is vulnerable to the impersonation attack. In 2003, Chang and Hwang first illustrated that Chan-Cheng's attack might fail under some conditions and then presented enhanced attacks on Hwang-Li's scheme. Later, Shen et al. also provided a different forgery attack on Hwang-Li's scheme and proposed an improvement over the registration phase of Hwang-Li's scheme to cope with the impersonation attack. However, Leng et al. further showed that the improved scheme is still vulnerable to the forgery attack. In 2004, Yoon et al. proposed an enhancement over Hwang-Li's scheme based on the generalized ElGamal signature scheme. This improved scheme also allows users to freely choose and change their passwords. In addition, it also provides session key exchange capability. Recently, in 2006, Wang and Li demonstrated that Yoon et al.'s scheme does not offer the property of perfect forward secrecy; once the long-term secret key of the remote server has been compromised, all previous session keys will be broken. They then presented an improved scheme to provide perfect forward secrecy. In this paper, we show that Wang-Li's scheme is vulnerable to the offline password guessing attack, the parallel session attack, the reflection attack, and the insider attack. Besides, we also indicate that the first and the last attacks occur in Yoon et al.'s scheme as well. |
| 關鍵字 | Cryptanalysis;Remote user authentication;Smart card |
| 語言 | en |
| 收錄於 | |
| 會議性質 | 國際 |
| 校內研討會地點 | |
| 研討會時間 | 20080516~20080517 |
| 通訊作者 | |
| 國別 | TWN |
| 公開徵稿 | Y |
| 出版型式 | 紙本 |
| 出處 | ICIM 2008第十九屆國際資訊管理學術研討會論文集,6頁 |
| 相關連結 |
機構典藏連結 ( http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/37474 ) |
GoogleAnalytics