Security weaknesses in two multi-server password based authentication protocols

In 2004 and 2005, Tsaur et al. proposed a smart card based password authentication schemes for multi-server environments, respectively. They claimed that their protocols are safe and can withstand various kinds of attacks. However, after analysis, we found their schemes each have some secure loopholes. In this article, we will show the security flaws in these two protocols.

[1]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[2]  Chi-Kwong Chan,et al.  Cryptanalysis of a modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[3]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[4]  Daniel Gooch,et al.  Communications of the ACM , 2011, XRDS.

[5]  Anthony Vetro,et al.  IEEE TRANSACTIONS ON CONSUMER ELECTRONICS , 2008 .

[6]  Wei-Bin Lee,et al.  An enhanced user authentication scheme for multi-server Internet services , 2005, Appl. Math. Comput..

[7]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[8]  HwangMin-Shiang,et al.  A modified remote user authentication scheme using smart cards , 2003 .

[9]  Wei-Bin Lee,et al.  A smart card-based remote scheme for password authentication in multi-server Internet services , 2004, Comput. Stand. Interfaces.

[10]  Tzonelih Hwang,et al.  Non-interactive password authentications without password tables , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.

[11]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[12]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[13]  Chun-I Fan,et al.  Remote Password Authentication Scheme with Smart Cards and Biometrics 12 , 2006 .

[14]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.