16,164 research outputs found
Cryptanalysis and Improvement on Robust Three-Factor Remote User Authentication Scheme with Key Agreement for Multimedia System
A three-factor authentication combines biometrics information with user password and smart card to provide security-enhanced user authentication. An proposed user authentication scheme improved Das’s scheme. But An’s scheme is not secure against denial of service attack in login phase, forgery attack. Li et al. pointed out them and proposed three-factor remote user authentication scheme with key agreement. However, Li et al’s scheme still has some security problem. In this paper, we present a cryptanalysis and improvement of Li et al.’s remote user authentication scheme
Enhanced Biometrics-based Remote User Authentication Scheme Using Smart Cards
Authentication and key exchange are fundamental techniques for
enabling secure communication over mobile networks. In order to
reduce implementation complexity and achieve computation
efficiency, design issues for efficient and secure
biometrics-based remote user authentication scheme have been
extensively investigated by research community in these years.
Recently, two well-designed biometrics-based authentication
schemes using smart cards are introduced by Li and Hwang and Li et
al., respectively. Li and Hwang proposed an efficient
biometrics-based remote user authentication scheme using smart
card and Li et al. proposed an improvement. The authors of both
schemes claimed that their protocol delivers important security
features and system functionalities, such as without synchronized
clock, freely changes password, mutual authentication, as well as
low computation costs. However, these two schemes still have much
space for security enhancement. In this paper, we first
demonstrate a series of vulnerabilities on these two schemes.
Then, an enhanced scheme with corresponding remedies is proposed
to eliminate all identified security flaws in both schemes
AN ENHANCED BIOMETRIC BASED REMOTE USER AUTHENTICATION SCHEME USING SMART CARD
In remote authentication scheme, a remote user can communicate with server over open networks even though the physical distance is much far. Before interaction, they require to establish common session key by authenticating each other. Recently in 2014, Kumari et al. proposed the efficient scheme for remote user authentication. However in this paper, we show that the Kumari et al.’s scheme is vulnerably susceptible to the Insider Attack, Stolen Verifier Attack, Session Key Disclosure Attack, Password Guessing Attack, Modification Attack, User Impersonation Attack, Replay Attack, Shoulder Surfing Attack and Denial of Service Attack. Afterwards, we have proposed an improved remote user authentication scheme to deal with these attacks and other attacks
An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards
With the recent proliferation of distributed systems and networking, remote
authentication has become a crucial task in many networking applications.
Various schemes have been proposed so far for the two-party remote
authentication; however, some of them have been proved to be insecure. In this
paper, we propose an efficient timestamp-based password authentication scheme
using smart cards. We show various types of forgery attacks against a
previously proposed timestamp-based password authentication scheme and improve
that scheme to ensure robust security for the remote authentication process,
keeping all the advantages that were present in that scheme. Our scheme
successfully defends the attacks that could be launched against other related
previous schemes. We present a detailed cryptanalysis of previously proposed
Shen et. al scheme and an analysis of the improved scheme to show its
improvements and efficiency.Comment: 6 page
Cryptanalysis of Yang-Wang-Chang's Password Authentication Scheme with Smart Cards
In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password
authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s
legendary timestamp-based remote authentication scheme using smart cards. After
analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that
their scheme is still insecure and vulnerable to four types of forgery attacks.
Hence, in this paper, we prove that, their claim that their scheme is
intractable is incorrect. Also, we show that even an attack based on Sun et
al._s attack could be launched against their scheme which they claimed to
resolve with their proposal.Comment: 3 Page
- …