论文信息 - Cryptanalysis of Multiple-Server Password-Authenticated Key Agreement Schemes Using Smart Cards

Cryptanalysis of Multiple-Server Password-Authenticated Key Agreement Schemes Using Smart Cards

Password-based user-authentication schemes have been widely used when users access a server to avail internet services. Multiserver password-authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. In 2008, Jia-Lun Tsai proposed an improved and efficient password-authenticated key agreement scheme for a multiserver architecture based on Chang-Lee"s scheme proposed in 2004. However, we found that Tsai"s scheme does not provide forward secrecy and is weak to insider impersonation and denial of service attacks. In this article, we describe the drawbacks of Tsai"s scheme and provide a countermeasure to satisfy the forward secrecy property.

Sang-Gon Lee | Sanggon Lee

[1] Yixian Yang,et al. An Efficient Multi-server Password Authenticated Key Agreement Scheme Using Smart Cards , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[2] Min Hong,et al. A Study on the Context-Aware Reasoning Filtering Mechanism in USN , 2011, J. Inform. and Commun. Convergence Engineering.

[3] Jin-Deog Kim,et al. A Method for Improving Accuracy of Image Matching Algorithm for Car Navigation System , 2011, J. Inform. and Commun. Convergence Engineering.

[4] Jia-Lun Tsai,et al. Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[5] I. C. Lin,et al. (IEEE Transactions on Neural Networks,12(6):1498-1504)A Remote Password Authentication Scheme for Multi-Server Architecture Using Neural Network , 2001 .

[6] Wen-Shenq Juang,et al. Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[7] Chin-Chen Chang,et al. An efficient and secure multi-server password authentication scheme using smart cards , 2004, 2004 International Conference on Cyberworlds.

[8] Min-Shiang Hwang,et al. A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..