论文信息 - New Cryptanalysis Paradigm on a Nonce-based Mutual Authentication Scheme

New Cryptanalysis Paradigm on a Nonce-based Mutual Authentication Scheme

In 2005, Lee, Kim, and Yoo proposed a nonce-based mutual authentication scheme using smart cards. However, this paper demonstrates that Lee-Kim-Yoo's scheme is vulnerable to an impersonation attack that the attacker without knowing the remote user's any secret can masquerade as him by obtaining the valid authentication message from any normal session between the remote user and the system. Our purpose is to emphasize that it is dangerous that the remote user and the system separately implement their authentication operations without any logical relation to achieve the mutual authentication. Furthermore, we suggest that the tool of matching conversations would be useful as a sanity check to find this kind of the security breach.

Da-Zhi Sun | Zhen-Fu Cao

[1] Zhenfu Cao,et al. Efficient remote user authentication scheme using smart card , 2005, Comput. Networks.

[2] Min-Shiang Hwang,et al. A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[3] Hung-Yu Chien,et al. An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[4] Kee-Young Yoo,et al. Efficient nonce-based remote user authentication scheme using smart cards , 2005, Appl. Math. Comput..

[5] Chien-Lung Hsu. Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[6] Paul C. van Oorschot,et al. Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[7] Wei-Chi Ku,et al. Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[8] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[9] Hung-Min Sun,et al. An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[10] Mihir Bellare,et al. Entity Authentication and Key Distribution , 1993, CRYPTO.

[11] Shiuh-Pyng Shieh,et al. Password authentication schemes with smart cards , 1999, Comput. Secur..

[12] Cheng-Chi Lee,et al. A simple remote user authentication scheme , 2002 .