Further Cryptanalysis of a Password Authentication Scheme with Smart Cards
Summary :
Following the developments in the use of ID-based schemes and smart cards, Yang and Shieh proposed two password authentication schemes to achieve two purposes: (1) to allow users to choose and change their passwords freely, and (2) to make it unnecessary for the remote server to maintain a directory of passwords or a verification table to authenticate users. Recently, Chan and Cheng showed that Yang and Shieh's timestamp-based password authentication scheme is insecure against forgery. In this paper, we point out that Chan and Cheng's forgery attack can not work. Thus, we further examine the security of Yang and Shieh's password authentication schemes and find that they are insecure against forgery because one adversary can easily pretend to be a valid user and pass the server's verification which allows the adversary to login to the the remote server.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E86-B No.4 pp.1412-1415
- Publication Date
- 2003/04/01
- Publicized
- Online ISSN
- DOI
- Type of Manuscript
- LETTER
- Category
- Fundamental Theories
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Hung-Min SUN, Her-Tyan YEH, "Further Cryptanalysis of a Password Authentication Scheme with Smart Cards" in IEICE TRANSACTIONS on Communications,
vol. E86-B, no. 4, pp. 1412-1415, April 2003, doi: .
Abstract: Following the developments in the use of ID-based schemes and smart cards, Yang and Shieh proposed two password authentication schemes to achieve two purposes: (1) to allow users to choose and change their passwords freely, and (2) to make it unnecessary for the remote server to maintain a directory of passwords or a verification table to authenticate users. Recently, Chan and Cheng showed that Yang and Shieh's timestamp-based password authentication scheme is insecure against forgery. In this paper, we point out that Chan and Cheng's forgery attack can not work. Thus, we further examine the security of Yang and Shieh's password authentication schemes and find that they are insecure against forgery because one adversary can easily pretend to be a valid user and pass the server's verification which allows the adversary to login to the the remote server.
URL: https://global.ieice.org/en_transactions/communications/10.1587/e86-b_4_1412/_p
Copy
@ARTICLE{e86-b_4_1412,
author={Hung-Min SUN, Her-Tyan YEH, },
journal={IEICE TRANSACTIONS on Communications},
title={Further Cryptanalysis of a Password Authentication Scheme with Smart Cards},
year={2003},
volume={E86-B},
number={4},
pages={1412-1415},
abstract={Following the developments in the use of ID-based schemes and smart cards, Yang and Shieh proposed two password authentication schemes to achieve two purposes: (1) to allow users to choose and change their passwords freely, and (2) to make it unnecessary for the remote server to maintain a directory of passwords or a verification table to authenticate users. Recently, Chan and Cheng showed that Yang and Shieh's timestamp-based password authentication scheme is insecure against forgery. In this paper, we point out that Chan and Cheng's forgery attack can not work. Thus, we further examine the security of Yang and Shieh's password authentication schemes and find that they are insecure against forgery because one adversary can easily pretend to be a valid user and pass the server's verification which allows the adversary to login to the the remote server.},
keywords={},
doi={},
ISSN={},
month={April},}
Copy
TY - JOUR
TI - Further Cryptanalysis of a Password Authentication Scheme with Smart Cards
T2 - IEICE TRANSACTIONS on Communications
SP - 1412
EP - 1415
AU - Hung-Min SUN
AU - Her-Tyan YEH
PY - 2003
DO -
JO - IEICE TRANSACTIONS on Communications
SN -
VL - E86-B
IS - 4
JA - IEICE TRANSACTIONS on Communications
Y1 - April 2003
AB - Following the developments in the use of ID-based schemes and smart cards, Yang and Shieh proposed two password authentication schemes to achieve two purposes: (1) to allow users to choose and change their passwords freely, and (2) to make it unnecessary for the remote server to maintain a directory of passwords or a verification table to authenticate users. Recently, Chan and Cheng showed that Yang and Shieh's timestamp-based password authentication scheme is insecure against forgery. In this paper, we point out that Chan and Cheng's forgery attack can not work. Thus, we further examine the security of Yang and Shieh's password authentication schemes and find that they are insecure against forgery because one adversary can easily pretend to be a valid user and pass the server's verification which allows the adversary to login to the the remote server.
ER -
English
