Weaknesses and drawbacks of a password authentication scheme using neural networks for multiserver architecture

In 2001, Li et al. proposed a password authentication scheme for the multiserver architecture by using a pattern classification system based on neural networks. Herein, we demonstrate that Li et al.'s scheme is vulnerable to an offline password guessing attack and a privileged insider's attack, and is not reparable. Additionally, we show that Li et al.'s scheme has several drawbacks in practice.

[1]  葉禾田,et al.  Further Cryptanalysis of password authentication schemes with smart cards , 2003 .

[2]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[3]  Chin-Chen Chang,et al.  Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards , 2003, Informatica.

[4]  Kefei Chen,et al.  Cryptanalysis of a timestamp-based password authentication scheme , 2004, IACR Cryptol. ePrint Arch..

[5]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[6]  Tzonelih Hwang,et al.  Non-interactive password authentications without password tables , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.

[7]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[8]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[9]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[10]  Lee-Ming Cheng,et al.  Cryptanalysis of a Timestamp-Based Password Authentication Scheme , 2002, Comput. Secur..

[11]  Lei Fan,et al.  An enhancement of timestamp-based password authentication scheme , 2002, Comput. Secur..

[12]  Hung-Min Sun,et al.  Security of a Remote User Authentication Scheme Using Smart Cards(Internet) , 2004 .

[13]  Tzonelih Hwang,et al.  Reparable key distribution protocols for Internet environments , 1995, IEEE Trans. Commun..

[14]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[15]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[16]  Marco Russo,et al.  Genetic fuzzy learning , 2000, IEEE Trans. Evol. Comput..

[17]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[18]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..