In 1999, Tan and Zhu proposed a remote password authentication scheme that is the first remote login scheme using smart cards based on cross product of matrixes. The scheme is efficient and flexible as compared with other matrix-based remote authentication schemes. However, Chien, Jan, and Tseng have shown that an attacker can impersonate a legitimate user to login the system in the scheme. This paper will present another possible attack on Tan-Zhu scheme and it may also threaten the security of the scheme. If the format checking for the identities of users is not sufficient in the authentication phase of the protocol, the proposed attack will be valid such that attackers can forge valid authentication messages for the users who have not registered with the system yet and then successfully login the system.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.