摘要: | Remote user authentication is a mechanism for validating users' legitimacy to access the services provided by remote systems over an insecure network. In 1981, Lamport proposed a one-time password remote authentication scheme. However, this scheme needs to maintain a verification table in the remote server. Thus, it is vulnerable to the stolen-verifier attack and the modification attack. To cope with these drawbacks, in 2000, Hwang and Li proposed a novel remote user authentication scheme using smart cards based on the ElGamal public key cryptosystems. Later, Chan and Cheng pointed out that Hwang-Li's scheme is vulnerable to the impersonation attack. In 2003, Chang and Hwang first illustrated that Chan-Cheng's attack might fail under some conditions and then presented enhanced attacks on Hwang-Li's scheme. Later, Shen et al. also provided a different forgery attack on Hwang-Li's scheme and proposed an improvement over the registration phase of Hwang-Li's scheme to cope with the impersonation attack. However, Leng et al. further showed that the improved scheme is still vulnerable to the forgery attack. In 2004, Yoon et al. proposed an enhancement over Hwang-Li's scheme based on the generalized ElGamal signature scheme. This improved scheme also allows users to freely choose and change their passwords. In addition, it also provides session key exchange capability. Recently, in 2006, Wang and Li demonstrated that Yoon et al.'s scheme does not offer the property of perfect forward secrecy; once the long-term secret key of the remote server has been compromised, all previous session keys will be broken. They then presented an improved scheme to provide perfect forward secrecy. In this paper, we show that Wang-Li's scheme is vulnerable to the offline password guessing attack, the parallel session attack, the reflection attack, and the insider attack. Besides, we also indicate that the first and the last attacks occur in Yoon et al.'s scheme as well. |