1,767 research outputs found
Enhanced Biometrics-based Remote User Authentication Scheme Using Smart Cards
Authentication and key exchange are fundamental techniques for
enabling secure communication over mobile networks. In order to
reduce implementation complexity and achieve computation
efficiency, design issues for efficient and secure
biometrics-based remote user authentication scheme have been
extensively investigated by research community in these years.
Recently, two well-designed biometrics-based authentication
schemes using smart cards are introduced by Li and Hwang and Li et
al., respectively. Li and Hwang proposed an efficient
biometrics-based remote user authentication scheme using smart
card and Li et al. proposed an improvement. The authors of both
schemes claimed that their protocol delivers important security
features and system functionalities, such as without synchronized
clock, freely changes password, mutual authentication, as well as
low computation costs. However, these two schemes still have much
space for security enhancement. In this paper, we first
demonstrate a series of vulnerabilities on these two schemes.
Then, an enhanced scheme with corresponding remedies is proposed
to eliminate all identified security flaws in both schemes
An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards
With the recent proliferation of distributed systems and networking, remote
authentication has become a crucial task in many networking applications.
Various schemes have been proposed so far for the two-party remote
authentication; however, some of them have been proved to be insecure. In this
paper, we propose an efficient timestamp-based password authentication scheme
using smart cards. We show various types of forgery attacks against a
previously proposed timestamp-based password authentication scheme and improve
that scheme to ensure robust security for the remote authentication process,
keeping all the advantages that were present in that scheme. Our scheme
successfully defends the attacks that could be launched against other related
previous schemes. We present a detailed cryptanalysis of previously proposed
Shen et. al scheme and an analysis of the improved scheme to show its
improvements and efficiency.Comment: 6 page
Cryptanalysis of Yang-Wang-Chang's Password Authentication Scheme with Smart Cards
In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password
authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s
legendary timestamp-based remote authentication scheme using smart cards. After
analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that
their scheme is still insecure and vulnerable to four types of forgery attacks.
Hence, in this paper, we prove that, their claim that their scheme is
intractable is incorrect. Also, we show that even an attack based on Sun et
al._s attack could be launched against their scheme which they claimed to
resolve with their proposal.Comment: 3 Page
Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity
Dynamic ID-based remote user authentication schemes ensure efficient and
anonymous mutual authentication between entities. In 2013, Khan et al. proposed
an improved dynamic ID-based authentication scheme to overcome the security
flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that
Khan et al. does not satisfies the claim of the user's privacy and proposed an
efficient authentication scheme with user anonymity. The Sun and Cao's scheme
achieve improvement over Khan et al.'s scheme in both privacy and performance
point of view. Unfortunately, we identify that Sun and Cao's scheme does not
resist password guessing attack. Additionally, Sun and Cao's scheme does not
achieve forward secrecy
Cryptanalysis and improvement of chen-hsiang-shih's remote user authentication scheme using smart cards
Recently, Chen-Hsiang-Shih proposed a new dynamic ID-based remote user authentication scheme. The authors claimed that their scheme was more secure than previous works. However, this paper demonstrates that theirscheme is still unsecured against different kinds of attacks. In order to enhance the security of the scheme proposed by Chen-Hsiang-Shih, a new scheme is proposed. The scheme achieves the following security goals: without verification table, each user chooses and changes the password freely, each user keeps the password secret, mutual authentication, the scheme establishes a session key after successful authentication, and the scheme maintains the user's anonymity. Security analysis and comparison demonstrate that the proposed scheme is more secure than Das-Saxena-Gulati's scheme, Wang et al.'s scheme and Chen-Hsiang-Shih.Peer ReviewedPostprint (published version
Improvement of a security enhanced one-time two-factor authentication and key agreement scheme
AbstractIn 2010, Hölbl et al. showed that Shieh et al.’s mutual authentication and key agreement scheme is vulnerable to the smart card lost attack, not achieving perfect forward secrecy, and proposed a security enhanced scheme to eliminate these weaknesses. In this paper, we show that Hölbl et al.’s security enhancement is still vulnerable to the smart card lost attacks. In addition, their scheme cannot resist impersonation attacks and parallel session attacks. Seeing that the existing mutual authentication schemes using smart cards are almost vulnerable to the smart card lost attacks, we further propose a new one-time two-factor mutual authentication and key agreement scheme to eliminate these weaknesses
A review and cryptanalysis of similar timestamp-based password authentication schemes using smart cards
The intent of this paper is to review some timestampbased password authentication schemes using smart cards which have similar working principles. Many of the proposed timestampbased password authentication schemes were subsequently found to be insecure. Here, we investigate three schemes with similar working principles, show that they are vulnerable to tricky forgery attacks, and thus they fail to ensure the level of security that is needed for remote login procedure using smart cards. Though there are numerous works available in this field, to the best of our knowledge this is the first time we have found some critical flaws in these schemes that were not detected previously. Along with the proofs of their flaws and inefficiencies, we note down our solution which could surmount all sorts of known attacks and thus reduces the probability of intelligent forgery attacks. We provide a detailed literature review how the schemes have been developed and modified throughout years. We prove that some of the schemes which so far have been thought to be intractable are still flawed, in spite of their later improvements
State of Alaska Election Security Project Phase 2 Report
A laska’s election system is among the most secure in the country,
and it has a number of safeguards other states are now adopting. But
the technology Alaska uses to record and count votes could be improved—
and the state’s huge size, limited road system, and scattered communities
also create special challenges for insuring the integrity of the vote.
In this second phase of an ongoing study of Alaska’s election
security, we recommend ways of strengthening the system—not only the
technology but also the election procedures. The lieutenant governor
and the Division of Elections asked the University of Alaska Anchorage to
do this evaluation, which began in September 2007.Lieutenant Governor Sean Parnell.
State of Alaska Division of Elections.List of Appendices / Glossary / Study Team / Acknowledgments / Introduction / Summary of Recommendations / Part 1 Defense in Depth / Part 2 Fortification of Systems / Part 3 Confidence in Outcomes / Conclusions / Proposed Statement of Work for Phase 3: Implementation / Reference
- …