5,784 research outputs found
Security Weaknesses of Song's Advanced Smart Card Based Password Authentication Protocol
[[abstract]]Password based authentication with smart cards has been adopted as a more secure means in insecure networks to validate the legitimacy of users. Traditional authentication schemes are based on the tamper-resistant smart card; that is, the data stored in the smart card cannot be revealed. However, it is a challenging problem for considering non-tamper-resistant smart cards used in user authentication. Very recently, in 2010, Song proposed an efficient authentication scheme with such non-tamper resistant smart cards based on symmetric key cryptosystems as well as modular exponentiations. In this paper, we will show that Song's scheme is vulnerable to the offline password guessing attack and the insider attack. Besides, this scheme does not provide perfect forward secrecy and does not preserve user anonymity.[[conferencetype]]國際[[conferencelocation]]Shanghai, Chin
Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity
Dynamic ID-based remote user authentication schemes ensure efficient and
anonymous mutual authentication between entities. In 2013, Khan et al. proposed
an improved dynamic ID-based authentication scheme to overcome the security
flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that
Khan et al. does not satisfies the claim of the user's privacy and proposed an
efficient authentication scheme with user anonymity. The Sun and Cao's scheme
achieve improvement over Khan et al.'s scheme in both privacy and performance
point of view. Unfortunately, we identify that Sun and Cao's scheme does not
resist password guessing attack. Additionally, Sun and Cao's scheme does not
achieve forward secrecy
- …