English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 55184/89457 (62%)
造訪人次 : 10668307      線上人數 : 65
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/37474

    題名: Weaknesses of a Forward-Secure User Authentication Scheme with Smart Cards
    作者: Horng, Wen-Bing;Lee, Cheng-Ping
    貢獻者: 淡江大學資訊工程學系
    關鍵詞: Cryptanalysis;Remote user authentication;Smart card
    日期: 2008-05
    上傳時間: 2010-01-11 13:32:15 (UTC+8)
    摘要: Remote user authentication is a mechanism for validating users' legitimacy to access the services provided by remote systems over an insecure network. In 1981, Lamport proposed a one-time password remote authentication scheme. However, this scheme needs to maintain a verification table in the remote server. Thus, it is vulnerable to the stolen-verifier attack and the modification attack. To cope with these drawbacks, in 2000, Hwang and Li proposed a novel remote user authentication scheme using smart cards based on the ElGamal public key cryptosystems. Later, Chan and Cheng pointed out that Hwang-Li's scheme is vulnerable to the impersonation attack. In 2003, Chang and Hwang first illustrated that Chan-Cheng's attack might fail under some conditions and then presented enhanced attacks on Hwang-Li's scheme. Later, Shen et al. also provided a different forgery attack on Hwang-Li's scheme and proposed an improvement over the registration phase of Hwang-Li's scheme to cope with the impersonation attack. However, Leng et al. further showed that the improved scheme is still vulnerable to the forgery attack. In 2004, Yoon et al. proposed an enhancement over Hwang-Li's scheme based on the generalized ElGamal signature scheme. This improved scheme also allows users to freely choose and change their passwords. In addition, it also provides session key exchange capability. Recently, in 2006, Wang and Li demonstrated that Yoon et al.'s scheme does not offer the property of perfect forward secrecy; once the long-term secret key of the remote server has been compromised, all previous session keys will be broken. They then presented an improved scheme to provide perfect forward secrecy. In this paper, we show that Wang-Li's scheme is vulnerable to the offline password guessing attack, the parallel session attack, the reflection attack, and the insider attack. Besides, we also indicate that the first and the last attacks occur in Yoon et al.'s scheme as well.
    關聯: ICIM 2008第十九屆國際資訊管理學術研討會論文集,6頁
    顯示於類別:[資訊工程學系暨研究所] 會議論文


    檔案 描述 大小格式瀏覽次數
    Weaknesses+of+a+Forward-Secure+User+Authentication+Scheme+with+Smart+Cards_英文摘要.pdf60KbAdobe PDF66檢視/開啟



    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋