Journal ArticleDOI
Cryptanalysis of Hsiang-Shih's authentication scheme for multi-server architecture
TLDR
In this article, a well-designed password-based authentication protocol for multi-server communication environment, introduced by Hsiang and Shih, is evaluated and security analysis indicates that their scheme is insecure against session key disclosure, server spoofing attack, and replay attack and behavior denial.Abstract:
From user point of view, password-based remote user authentication technique is one of the most convenient and easy-to-use mechanisms to provide necessary security on system access. As the number of computer crimes in modern cyberspace has increased dramatically, the robustness of password-based authentication schemes has been investigated by industries and organizations in recent years. In this paper, a well-designed password-based authentication protocol for multi-server communication environment, introduced by Hsiang and Shih, is evaluated. Our security analysis indicates that their scheme is insecure against session key disclosure, server spoofing attack, and replay attack and behavior denial. Copyright © 2010 John Wiley & Sons, Ltd.read more
Citations
More filters
Journal ArticleDOI
An enhanced smart card based remote user password authentication scheme
TL;DR: A modified smart card based remote user password authentication scheme to overcome the weaknesses of Chen et al.'s scheme and shows that it is user friendly and more secure than other related schemes.
Journal ArticleDOI
An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics
Ming-Chin Chuang,Meng Chang Chen +1 more
TL;DR: This paper proposes an anonymous multi-server authenticating key agreement scheme based on trust computing using smart cards, password, and biometrics which can be seen to resist several kinds of attacks, and to have more security properties than other comparable schemes.
Journal ArticleDOI
Robust smart-card-based remote user password authenticationscheme
TL;DR: An improved and efficient smart‐card‐based password authentication and key agreement scheme that not only maintains the original secret requirement but also achieves mutual authentication and withstands the stolen‐smart‐card attack.
Journal ArticleDOI
Security flaws in two improved remote user authentication schemes using smart cards
TL;DR: The cryptanalysis results discourage any practical use of the two investigated schemes and are important for security engineers to make their choices correctly, whereas the proposed three principles are valuable to protocol designers for advancing more robust schemes.
Journal ArticleDOI
Improvement of robust smart-card-based password authentication scheme
TL;DR: This work proposes an improved authentication protocol, which inherits the merits of the scheme of Chen et al. and is free from the security flaw of their scheme, and provides more security guarantees while keeping efficiency.
References
More filters
Book ChapterDOI
Authenticated key exchange secure against dictionary attacks
TL;DR: Correctness for the idea at the center of the Encrypted Key-Exchange protocol of Bellovin and Merritt is proved: it is proved security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.
Proceedings ArticleDOI
Provably secure session key distribution: the three party case
Mihir Bellare,Phillip Rogaway +1 more
TL;DR: This paper provides the first treatment of session key distribution in the three-party setting of Needham and Schroeder in the complexity-theoretic framework of modern cryptography, assuming the (minimal) assumption of a pseudorandom function.
Journal ArticleDOI
A dynamic ID-based remote user authentication scheme
TL;DR: This paper presents a dynamic ID-based remote user authentication scheme using smart cards that allows the users to choose and change their passwords freely, and do not maintain any verifier table.
Journal ArticleDOI
A secure dynamic ID based remote user authentication scheme for multi-server environment
Yi-Pin Liao,Shuenn-Shyang Wang +1 more
TL;DR: The proposed scheme only uses hashing functions to implement a robust authentication scheme for the multi-server environment and provides a secure method to update password without the help of third trusted party.
Journal ArticleDOI
A remote password authentication scheme for multiserver architecture using neural networks
TL;DR: This work presents a remote password authentication scheme for multiserver environments that is a pattern classification system based on an artificial neural network that can withstand the replay attack.