The Password Change Phase is Still Insecure

In 2004, W. C. Ku and S. M. Chen proposed an efficient remote user authentication scheme using smart cards to solve the security problems of Chien et al.'s scheme. Recently, Hsu and Yoon et al. pointed out the security weaknesses of the Ku and Chen's scheme Furthermore, Yoon et al. also proposed a new efficient remote user authentication scheme using smart cards. Yoon et al. also modified the password change phase of Ku and Chen's scheme. This paper analyzes that password change phase of Yoon et al's modified scheme is still insecure.

[1]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[2]  Manoj Kumar,et al.  Some remarks on a remote user authentication scheme using smart cards with forward secrecy , 2004, IEEE Transactions on Consumer Electronics.

[3]  Tzonelih Hwang,et al.  Reparable key distribution protocols for Internet environments , 1995, IEEE Trans. Commun..

[4]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[5]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[6]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[7]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[8]  Chris J. Mitchell,et al.  Limitations of challenge-response entity authentication , 1989 .

[9]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[10]  Chien-Ming Chen,et al.  Cryptanalysis of a Variant of Peyravian-Zunic's Password Authentication Scheme , 2003 .

[11]  Stephen M. Matyas,et al.  Cryptographic Authentication of Time-Invariant Quantities , 1981, IEEE Trans. Commun..

[12]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[13]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[14]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[15]  Cheng-Chi Lee,et al.  A remote user authentication scheme using hash functions , 2002, OPSR.

[16]  Cheng-Chi Lee,et al.  A simple remote user authentication scheme , 2002 .

[17]  Chin-Chen Chang,et al.  Using smart cards to authenticate remote passwords , 1993 .

[18]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[19]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[20]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[21]  Lee-Ming Cheng,et al.  Cryptanalysis of a remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[22]  Shiuh-Jeng Wang,et al.  Yet another log-in authentication using n-dimensional construction based on circle property , 2003, IEEE Trans. Consumer Electron..

[23]  Sung-Ming Yen,et al.  Shared Authentication Token Secure Against Replay and Weak Key Attacks , 1997, Inf. Process. Lett..

[24]  Tzong-Chen Wu,et al.  Remote login authentication scheme based on a geometric approach , 1995, Comput. Commun..

[25]  Chris J. Mitchell,et al.  Comments on the S/KEY user authentication scheme , 1996, OPSR.

[26]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[27]  Udi Manber,et al.  A simple scheme to make passwords based on one-way functions much harder to crack , 1996, Comput. Secur..

[28]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[29]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.