English  |  正體中文  |  简体中文  |  Items with full text/Total items : 56378/90242 (62%)
Visitors : 11684340      Online Users : 40
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/37474

    Title: Weaknesses of a Forward-Secure User Authentication Scheme with Smart Cards
    Authors: Horng, Wen-Bing;Lee, Cheng-Ping
    Contributors: 淡江大學資訊工程學系
    Keywords: Cryptanalysis;Remote user authentication;Smart card
    Date: 2008-05
    Issue Date: 2010-01-11 13:32:15 (UTC+8)
    Abstract: Remote user authentication is a mechanism for validating users' legitimacy to access the services provided by remote systems over an insecure network. In 1981, Lamport proposed a one-time password remote authentication scheme. However, this scheme needs to maintain a verification table in the remote server. Thus, it is vulnerable to the stolen-verifier attack and the modification attack. To cope with these drawbacks, in 2000, Hwang and Li proposed a novel remote user authentication scheme using smart cards based on the ElGamal public key cryptosystems. Later, Chan and Cheng pointed out that Hwang-Li's scheme is vulnerable to the impersonation attack. In 2003, Chang and Hwang first illustrated that Chan-Cheng's attack might fail under some conditions and then presented enhanced attacks on Hwang-Li's scheme. Later, Shen et al. also provided a different forgery attack on Hwang-Li's scheme and proposed an improvement over the registration phase of Hwang-Li's scheme to cope with the impersonation attack. However, Leng et al. further showed that the improved scheme is still vulnerable to the forgery attack. In 2004, Yoon et al. proposed an enhancement over Hwang-Li's scheme based on the generalized ElGamal signature scheme. This improved scheme also allows users to freely choose and change their passwords. In addition, it also provides session key exchange capability. Recently, in 2006, Wang and Li demonstrated that Yoon et al.'s scheme does not offer the property of perfect forward secrecy; once the long-term secret key of the remote server has been compromised, all previous session keys will be broken. They then presented an improved scheme to provide perfect forward secrecy. In this paper, we show that Wang-Li's scheme is vulnerable to the offline password guessing attack, the parallel session attack, the reflection attack, and the insider attack. Besides, we also indicate that the first and the last attacks occur in Yoon et al.'s scheme as well.
    Relation: ICIM 2008第十九屆國際資訊管理學術研討會論文集,6頁
    Appears in Collections:[Graduate Institute & Department of Computer Science and Information Engineering] Proceeding

    Files in This Item:

    File Description SizeFormat
    Weaknesses+of+a+Forward-Secure+User+Authentication+Scheme+with+Smart+Cards_英文摘要.pdf60KbAdobe PDF68View/Open

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback