Cryptanalysis of Ahirwal-Sonwanshi ID-Based Remote User Authentication Scheme

2015 ◽  
Vol 764-765 ◽  
pp. 858-862 ◽  
Author(s):  
Yung Cheng Lee ◽  
Pei Ju Lee
Keyword(s):  
Smart Card ◽  
User Authentication ◽  
Denial Of Service ◽  
Authentication Scheme ◽  
Password Guessing Attack ◽  
Insider Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

Due to the rapid growth of computer and communication technologies, people obtain variety of online services quickly. However, all networks are vulnerable to lots of security threats and attacks. The remote authentication scheme provides an efficient method to validate the remote users and servers. Ahirwal and Sonwanshi proposed a remote user authentication scheme with smart card in 2012. They indicated that Song’s smart card based password authentication protocol cannot resist the offline password guessing attack, insider attack, forward secrecy and denial of service attack. They proposed an ID-based authentication scheme to fix security flaws. The scheme uses one-way hash function and bitwise XOR operation such that the computation complexity is very low. However, in this article, we will show that their scheme cannot withstand the offline password guessing attack as they declared. An adversary can use the intercepted messages of two login sessions to obtain the password.

scholarly journals Revisiting the “An Improved Remote user Authentication Scheme with Key Agreement”

2018 ◽  
Vol 11 (4) ◽  
pp. 190-194
Author(s):  
YALIN CHEN ◽  
JUE-SAM CHOU ◽  
I - CHIUNG LIAO
Keyword(s):  
Smart Card ◽  
Key Agreement ◽  
User Authentication ◽  
Authentication Scheme ◽  
Session Key ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

Recently, Kumari et al., pointed out that Chang et al.’s scheme “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update” has several drawbacks and does not provide any session key agreement. Hence, they proposed an improved remote user authentication scheme with key agreement based on Chang et al.’s protocol. They claimed that the improved method is secure. However, we found that their improvement still has both anonymity breach and smart card loss password guessing attack which cannot be violated in the ten basic requirements advocated for a secure identity authentication using smart card by Liao et al. Thus, we modify their protocol to encompass these security functionalities which are needed in a user authentication system using smart card.

Attacks on Young-Hwa An’s Improved Dynamic ID-Based Remote User Authentication Scheme

2014 ◽  
Vol 556-562 ◽  
pp. 5235-5238
Author(s):  
Cheng Qiang Xu ◽  
Zhen Li Zhang
Keyword(s):  
User Authentication ◽  
Authentication Scheme ◽  
Session Key ◽  
Forgery Attack ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
Dynamic Id ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

In 2011, Khan et al. analyzed and improved an enhanced secure dynamic ID-based remote user authentication scheme to overcome the weakness of Wang et al.’s scheme. In 2013, Young-Hwa An showed that Khan et al.’s scheme is not secure because Khan et al.’s scheme can not resist password guessing attack, forgery attack and does not provide user anonymity. After that he proposed a security improvement of dynamic ID-based remote user authentication scheme with session key agreement to remedy the weakness in Khan et al.’s scheme. Recently, through our study, we have found that Young-Hwa An’s mechanism is not secure enough. There still exists insider user’s attack, anonymity attack and forgery attack.

Cryptanalysis of a Remote User Authentication Scheme

2013 ◽  
Vol 433-435 ◽  
pp. 1699-1701
Author(s):  
Bang Ju Wang ◽  
Huan Guo Zhang
Keyword(s):  
Smart Card ◽  
User Authentication ◽  
Authentication Scheme ◽  
Password Authentication ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Remote User

Among many user authentications over insecure networks, password authentication is simple, convenient and widely adopted one. Chen and Lee proposed a new hash-based password authentication using smart card and claimed that their scheme could resist seven attacks as listed in their paper. However, in this paper, it is pointed out that Chen-Lee’s scheme is vulnerable to off-line password guessing, replay and impersonation attacks when the smart card is lost or stolen.

Sign in / Sign up

Export Citation Format

Share Document