Further cryptanalysis of ‘A remote authentication scheme using mobile device’

In 2008, Khan et al. proposed a remote user authentication scheme on mobile device, using hash-function and fingerprint biometric. In 2010, Chen et al. discussed some security weaknesses of Khan et al.'s scheme and subsequently proposed an improved scheme. Recently, Truong et al. have demonstrated that in Chen et al.'s scheme, an adversary can successfully replay an intercepted login request. They also showed how an adversary can cheat both the legal participants, by taking advantage of the fact that the scheme does not provide anonymity to the user. In this paper, we show that Chen et al.'s scheme suffers from some additional drawbacks which were not presented by Truong et al. in its analysis.

[1]  Chien-Lung Hsu Security of Chien et al.'s remote user authentication scheme using smart cards , 2004, Comput. Stand. Interfaces.

[2]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[3]  Dong Hoon Lee,et al.  A remote user authentication scheme without using smart cards , 2009, Comput. Stand. Interfaces.

[4]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[5]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[6]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[7]  Chris J. Mitchell,et al.  Comments on the S/KEY user authentication scheme , 1996, OPSR.

[8]  Anh Duc Duong,et al.  Robust Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme , 2012, 2012 IEEE 26th International Conference on Advanced Information Networking and Applications.

[9]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[10]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[11]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[12]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[13]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[14]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[15]  Cheng-Chi Lee,et al.  Mobile device integration of a fingerprint biometric remote authentication scheme , 2012, Int. J. Commun. Syst..

[16]  Manoj Kumar,et al.  Cryptanalysis and security enhancement of Chen et al.’s remote user authentication scheme using smart card , 2012, Central European Journal of Computer Science.

[17]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[18]  Yu-Yi Chen,et al.  "Paramita wisdom" password authentication scheme without verification tables , 1998, J. Syst. Softw..

[19]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[20]  Kwok-Wo Wong,et al.  Cryptanalysis of a password authentication scheme over insecure networks , 2008, J. Comput. Syst. Sci..

[21]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.