4 research outputs found
Comments on Five Smart Card Based Password Authentication Protocols
In this paper, we use the ten security requirements proposed by Liao et al.
for a smart card based authentication protocol to examine five recent work in
this area. After analyses, we found that the protocols of Juang et al.'s ,
Hsiang et al.'s, Kim et al.'s, and Li et al.'s all suffer from offline password
guessing attack if the smart card is lost, and the protocol of Xu et al.'s is
subjected to an insider impersonation attack.Comment: 4 pages
Improvement of a security enhanced one-time two-factor authentication and key agreement scheme
AbstractIn 2010, Hölbl et al. showed that Shieh et al.’s mutual authentication and key agreement scheme is vulnerable to the smart card lost attack, not achieving perfect forward secrecy, and proposed a security enhanced scheme to eliminate these weaknesses. In this paper, we show that Hölbl et al.’s security enhancement is still vulnerable to the smart card lost attacks. In addition, their scheme cannot resist impersonation attacks and parallel session attacks. Seeing that the existing mutual authentication schemes using smart cards are almost vulnerable to the smart card lost attacks, we further propose a new one-time two-factor mutual authentication and key agreement scheme to eliminate these weaknesses
Efficient Two-Pass Anonymous Identity Authentication Using Smart Card
Recently, Khan et al. proposed an enhancement on a remote authentication scheme designed by Wang et al. which emphasizes on using dynamic identity. They claim that their improvement can avoid insider attack. However, we found the scheme lacks the anonymity property. Moreover, R. Madhusudhan et al. indicate their scheme also suffers the insider attack. Due to these observations, in this paper we propose a novel one which not only anonymously authenticates the remote user by using only two passes but also satisfies the ten requirements of an authentication scheme using smart card mentioned by Liao et al.