论文信息 - Cryptanalysis of a more secure remote user authentication scheme

Cryptanalysis of a more secure remote user authentication scheme

Recently, Kim and Chung proposed a more secure remote user authentication scheme, which is an improvement over Yoon-Yoo's scheme to remedy their security flaws, such as leak of password and vulnerabilities to the masquerading user attack, the masquerading server attack, and the stolen-verifier attack. In this paper, we will show that Kim-Chung's improved scheme is vulnerable to the offline password guessing attack. In addition, the scheme does not possess the feature of secret key forward secrecy as they claimed. Hence, Kim-Chung's scheme is also subject to the masquerading user attack and the masquerading server attack as well. Moreover, their scheme does not generate session keys for secure communications.

Wen-Bing Horng | Jian-Wen Peng | Cheng-Ping Lee

[1] Chien-Lung Hsu. Security of two remote user authentication schemes using smart cards , 2003, IEEE Trans. Consumer Electron..

[2] Eun-Jun Yoon,et al. More Efficient and Secure Remote User Authentication Scheme using Smart Cards , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[3] Kee-Young Yoo,et al. Improved efficient remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[4] Hung-Yu Chien,et al. An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[5] Kee-Young Yoo,et al. Improvement of Chien et al.'s remote user authentication scheme using smart cards , 2005, Comput. Stand. Interfaces.

[6] Chien-Lung Hsu. Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[7] Siva Sai Yerubandi,et al. Differential Power Analysis , 2002 .

[8] Robert H. Sloan,et al. Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[9] Leslie Lamport,et al. Password authentication with insecure communication , 1981, CACM.

[10] Min Gyo Chung,et al. More secure remote user authentication scheme , 2009, Comput. Commun..