scispace - formally typeset
Search or ask a question

Further Cryptanalysis of password authentication schemes with smart cards

About: The article was published on 2003-04-01 and is currently open access. It has received 46 citations till now. The article focuses on the topics: S/KEY & Password strength.
Citations
More filters
Journal ArticleDOI
TL;DR: A survey through all currently available password-authentication-related schemes and gets them classified in terms of several crucial criteria to see how different password authentication schemes compare in different situations.
Abstract: Password authentication is one of the simplest and the most convenient authentication mechanisms to deal with secret data over insecure networks. It is more frequently required in areas such as computer networks, wireless networks, remote login systems, operation systems, and database management systems. In this paper, we shall present the result of our survey through all currently available password-authentication-related schemes and get them classified in terms of several crucial criteria. To be critical, most of the existing schemes are vulnerable to various attacks and fail to serve all the purposes an ideal password authentication scheme should. In order to see how different password authentication schemes compare in different situations, we define all possible attacks and goals that an ideal password authentication scheme should withstand and achieve. We should hope that the attacks and goals we offer here can also help future researchers develop better schemes.

168 citations

Proceedings ArticleDOI
24 Sep 2009
TL;DR: This paper gives a cryptanalysis of the Liaw et al. remote user authentication scheme and presents that the scheme is vulnerable and insecure against at least four kinds of attack, including the offline password guessing attack, two impersonation attacks, the intruder-in-the-middle attack and the denial-of-service attack.
Abstract: With the popularity of computer network, smart card based remote user authentication is receiving more and more attention than ever. Recently, Liaw et al. proposed an efficient and complete remote user authentication scheme using smart cards. Its security depends on the one-way hash function and is nonce-based. They claim that it achieves more functionality and satisfies all criteria and can withstand the replay attack. Nevertheless, there still exist several security flaws in their scheme. In this paper, we give a cryptanalysis of the scheme and present that the scheme is vulnerable and insecure against at least four kinds of attack, including the offline password guessing attack, two impersonation attacks, the intruder-in-the-middle attack and the denial-of-service attack.

97 citations

Journal ArticleDOI
TL;DR: This paper proposes a practical and secure user authentication scheme, capable of supporting the use of the common storage device, which retains all the advantages of schemes using smart cards.

77 citations

Proceedings ArticleDOI
07 Jan 2008
TL;DR: The proposed authentication protocol is designed to accept the existing home networks based on the one-time password protocol and is quite satisfactory in terms of the security requirements of home networks, because of requiring low computation by performing simple operations using one-way hash functions.
Abstract: In this paper, we propose a new user authentication (UA) scheme based on one-time password (OTP) protocol using smart cards for home networks. The proposed scheme is to authenticate home users who uses home devices. Several techniques using technology based on biometrics, passwords, certificates, and smart cards can be used for user authentication in the similar environments. However, such user authentication techniques must be examined before being employed in an environment where home devices have low efficiency and performance. Here, we present the important security functions of home networks. The proposed authentication protocol is designed to accept the existing home networks based on the one-time password protocol. Also, it is a well suited solution and is quite satisfactory in terms of the security requirements of home networks, because of requiring low computation by performing simple operations using one-way hash functions. Our proposed scheme can protect against illegal access for home services and devices and does not allow unnecessary service access by legitimate users. Therefore, it allows the user to provide real-time privilege control and good implementation in secure home networks.

70 citations

Journal ArticleDOI
TL;DR: This paper proposes an efficient and complete remote user authentication scheme using smart cards that achieves more functionality and does not require a timestamp to solve the serious time synchronization problem.

52 citations

References
More filters
Journal ArticleDOI
TL;DR: A survey through all currently available password-authentication-related schemes and gets them classified in terms of several crucial criteria to see how different password authentication schemes compare in different situations.
Abstract: Password authentication is one of the simplest and the most convenient authentication mechanisms to deal with secret data over insecure networks. It is more frequently required in areas such as computer networks, wireless networks, remote login systems, operation systems, and database management systems. In this paper, we shall present the result of our survey through all currently available password-authentication-related schemes and get them classified in terms of several crucial criteria. To be critical, most of the existing schemes are vulnerable to various attacks and fail to serve all the purposes an ideal password authentication scheme should. In order to see how different password authentication schemes compare in different situations, we define all possible attacks and goals that an ideal password authentication scheme should withstand and achieve. We should hope that the attacks and goals we offer here can also help future researchers develop better schemes.

168 citations

Proceedings ArticleDOI
24 Sep 2009
TL;DR: This paper gives a cryptanalysis of the Liaw et al. remote user authentication scheme and presents that the scheme is vulnerable and insecure against at least four kinds of attack, including the offline password guessing attack, two impersonation attacks, the intruder-in-the-middle attack and the denial-of-service attack.
Abstract: With the popularity of computer network, smart card based remote user authentication is receiving more and more attention than ever. Recently, Liaw et al. proposed an efficient and complete remote user authentication scheme using smart cards. Its security depends on the one-way hash function and is nonce-based. They claim that it achieves more functionality and satisfies all criteria and can withstand the replay attack. Nevertheless, there still exist several security flaws in their scheme. In this paper, we give a cryptanalysis of the scheme and present that the scheme is vulnerable and insecure against at least four kinds of attack, including the offline password guessing attack, two impersonation attacks, the intruder-in-the-middle attack and the denial-of-service attack.

97 citations

Journal ArticleDOI
TL;DR: This paper proposes a practical and secure user authentication scheme, capable of supporting the use of the common storage device, which retains all the advantages of schemes using smart cards.

77 citations

Proceedings ArticleDOI
07 Jan 2008
TL;DR: The proposed authentication protocol is designed to accept the existing home networks based on the one-time password protocol and is quite satisfactory in terms of the security requirements of home networks, because of requiring low computation by performing simple operations using one-way hash functions.
Abstract: In this paper, we propose a new user authentication (UA) scheme based on one-time password (OTP) protocol using smart cards for home networks. The proposed scheme is to authenticate home users who uses home devices. Several techniques using technology based on biometrics, passwords, certificates, and smart cards can be used for user authentication in the similar environments. However, such user authentication techniques must be examined before being employed in an environment where home devices have low efficiency and performance. Here, we present the important security functions of home networks. The proposed authentication protocol is designed to accept the existing home networks based on the one-time password protocol. Also, it is a well suited solution and is quite satisfactory in terms of the security requirements of home networks, because of requiring low computation by performing simple operations using one-way hash functions. Our proposed scheme can protect against illegal access for home services and devices and does not allow unnecessary service access by legitimate users. Therefore, it allows the user to provide real-time privilege control and good implementation in secure home networks.

70 citations

Journal ArticleDOI
TL;DR: This paper proposes an efficient and complete remote user authentication scheme using smart cards that achieves more functionality and does not require a timestamp to solve the serious time synchronization problem.

52 citations