1-6hit |
Recently, Shao et al. [M. Shao and Y. Chin, A privacy-preserving dynamic id-based remote user authentication scheme with access control for multi-server environment, IEICE Transactions on Information and Systems, vol.E95-D, no.1, pp.161–168, 2012] proposed a dynamic ID-based remote user authentication scheme with access control for multi-server environments. They claimed that their scheme could withstand various attacks and provide anonymity. However, in this letter, we will point out that Shao et al.'s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme is vulnerable to two kinds of attacks and cannot provide anonymity.
Recently, Lee et al. [Y. Lee, E. Kim, S. Seok, and M. Jung, A smartcard-based user authentication scheme to ensure the PFS in multi-server environments, IEICE Transactions on Communications, vol.E95-B, no.2, pp.619–622, 2012] proposed a smartcard-based user authentication scheme for multi-server environments. They claimed that their scheme could withstand various attacks and provide the perfect forward secrecy (PFS). However, in this letter, we will point out that their scheme is vulnerable to three kinds of attacks and cannot provide the PFS.
Junghyun NAM Seungjoo KIM Sangjoon PARK Dongho WON
A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.
Yeh, Shen, and Hwang recently proposed a secure one-time password authentication scheme using smart cards. They modified the famous S/KEY scheme to achieve security against preplay attacks and off-line dictionary attacks. However, this article shows that their scheme is vulnerable to preplay attacks.
In this letter, we show that some stream authentication schemes using hash chaining are highly vulnerable to denial of service (DoS) attacks. An adversary can disrupt all receivers of group by making use of modifying a few packets in those schemes.
Goichiro HANAOKA Junji SHIKATA Yuliang ZHENG Hideki IMAI
This paper addresses the problem of designing an unconditionally secure conference system that fulfills the requirements of both traceability and dynamic sender. In a so-called conference system, a common key is shared among all authorized users, and messages are encrypted using the shared key. It is known that a straightforward implementation of such a system may present a number of security weaknesses. Our particular concern lies in the possibility that unauthorized users may be able to acquire the shared key by illegal means, say from one or more authorized but dishonest users (called traitors). An unauthorized user who has successfully obtained the shared key can now decrypt scrambled messages without leaving any evidence on who the traitors were. To solve this problem, in this paper we propose a conference system that admits dynamic sender traceability. The new solution can detect traitors, even if the sender of a message is dynamically determined after a shared key is distributed to authorized users. We also prove that this scheme is unconditionally secure.