4,640 research outputs found
Enhanced Biometrics-based Remote User Authentication Scheme Using Smart Cards
Authentication and key exchange are fundamental techniques for
enabling secure communication over mobile networks. In order to
reduce implementation complexity and achieve computation
efficiency, design issues for efficient and secure
biometrics-based remote user authentication scheme have been
extensively investigated by research community in these years.
Recently, two well-designed biometrics-based authentication
schemes using smart cards are introduced by Li and Hwang and Li et
al., respectively. Li and Hwang proposed an efficient
biometrics-based remote user authentication scheme using smart
card and Li et al. proposed an improvement. The authors of both
schemes claimed that their protocol delivers important security
features and system functionalities, such as without synchronized
clock, freely changes password, mutual authentication, as well as
low computation costs. However, these two schemes still have much
space for security enhancement. In this paper, we first
demonstrate a series of vulnerabilities on these two schemes.
Then, an enhanced scheme with corresponding remedies is proposed
to eliminate all identified security flaws in both schemes
Cryptanalysis of Yang-Wang-Chang's Password Authentication Scheme with Smart Cards
In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password
authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s
legendary timestamp-based remote authentication scheme using smart cards. After
analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that
their scheme is still insecure and vulnerable to four types of forgery attacks.
Hence, in this paper, we prove that, their claim that their scheme is
intractable is incorrect. Also, we show that even an attack based on Sun et
al._s attack could be launched against their scheme which they claimed to
resolve with their proposal.Comment: 3 Page
Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity
Dynamic ID-based remote user authentication schemes ensure efficient and
anonymous mutual authentication between entities. In 2013, Khan et al. proposed
an improved dynamic ID-based authentication scheme to overcome the security
flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that
Khan et al. does not satisfies the claim of the user's privacy and proposed an
efficient authentication scheme with user anonymity. The Sun and Cao's scheme
achieve improvement over Khan et al.'s scheme in both privacy and performance
point of view. Unfortunately, we identify that Sun and Cao's scheme does not
resist password guessing attack. Additionally, Sun and Cao's scheme does not
achieve forward secrecy
An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards
With the recent proliferation of distributed systems and networking, remote
authentication has become a crucial task in many networking applications.
Various schemes have been proposed so far for the two-party remote
authentication; however, some of them have been proved to be insecure. In this
paper, we propose an efficient timestamp-based password authentication scheme
using smart cards. We show various types of forgery attacks against a
previously proposed timestamp-based password authentication scheme and improve
that scheme to ensure robust security for the remote authentication process,
keeping all the advantages that were present in that scheme. Our scheme
successfully defends the attacks that could be launched against other related
previous schemes. We present a detailed cryptanalysis of previously proposed
Shen et. al scheme and an analysis of the improved scheme to show its
improvements and efficiency.Comment: 6 page
- โฆ