Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’

Kumari, Saru; Khan, Muhammad Khurram

doi:10.1002/dac.2590

Cited by 90 publications

(67 citation statements)

References 26 publications

(114 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…So Chen et al designed an enhanced remote user authentication scheme. While this scheme was also proved by Kumari and Khan [34] it suffered from insider attack and impersonation attack. Li et al [35], in 2013, reanalyzed Chen et al 's scheme and then indicated that it cannot promise forward secrecy.…”

Section: Introductionmentioning

confidence: 90%

“…In 2016, Kang et al [44] showed that Djellali et al 's scheme [45] suffers from offline dictionary attack, impersonation attack, and replay attack and then developed an enhanced scheme that achieves user anonymity with a Markov chain; and Kaul et al [46] also designed an improved authentication scheme based on Kumari et al 's scheme [34]. These schemes all claim to be resistant to various attacks, such as offline dictionary attack and impersonation attack.…”

Section: Our Contributionsmentioning

confidence: 99%

See 1 more Smart Citation

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Wang¹,

Xu²

2017

Security and Communication Networks

View full text Add to dashboard Cite

Remote user authentication is the first step to guarantee the security of online services. Online services grow rapidly and numerous remote user authentication schemes were proposed with high capability and efficiency. Recently, there are three new improved remote user authentication schemes which claim to be resistant to various attacks. Unfortunately, according to our analysis, these schemes all fail to achieve some critical security goals. This paper demonstrates that they all suffer from offline dictionary attack or fail to achieve forward secrecy and user anonymity. It is worth mentioning that we divide offline dictionary attacks into two categories: (1) the ones using the verification from smart cards and (2) the ones using the verification from the open channel. The second is more complicated and intractable than the first type. Such distinction benefits the exploration of better design principles. We also discuss some practical solutions to the two kinds of attacks, respectively. Furthermore, we proposed a reference model to deal with the first kind of attack and proved its effectiveness by taking one of our cryptanalysis schemes as an example.

show abstract

Section: Introductionmentioning

confidence: 90%

Section: Our Contributionsmentioning

confidence: 99%

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Wang¹,

Xu²

2017

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…While cryptanalysis of Hao et al [12] scheme, we will follow the below mentioned well practiced techniques [29,30,31,32,33,34,35,36] in the literature:…”

Section: Assumptionsmentioning

confidence: 99%

Cryptanalysis of “a time-bound ticket-based mutual authentication scheme for cloud computing”

Sarvabhatla

Giri²,

Vorugunti

2014

2014 International Conference on Embedded Systems (ICES)

View full text Add to dashboard Cite

With the advent of cloud computing, drastic growth of Internet and mobile technologies, there is an exponential growth of ubiquitous users, who are trying to access the cloud server for critical data and resources over an insecure communication channel called Internet. Remote cloud servers need to authenticate the remote users upfront to offer data storage, scheduling and processing services. Hence, secure authentication or verification protocols have been designed to assure authenticity of the remote user and reliability of the outsourced data. In 2011, Hao et alfrom SUNY Buffalo, have proposed a time-bound ticket-based mutual verification scheme and claimed that their proposal is completely resistant to major cryptographic attacks. In this paper, we will show that Hao et al scheme is susceptible to all major cryptographic vulnerabilities like user impersonation attack, server masquerade attack etc.

show abstract

“…Since then a considerable amount of research [1][2][3][4][5][6][7][8][9][10] has been carried out in this field. In 2009, Hsiang and Shih [1] showed that Liao-Wang [2] scheme cannot resist insider attack, masquerade attack, and server spoofing attack, meanwhile, the scheme cannot achieve mutual authentication.…”

Section: Introductionmentioning

confidence: 99%

“…Chen et al [5] proposed a robust smart-card based remote user password authentication scheme. Unfortunately, Saru et al [6] pointed out that Chen's scheme fails to resist impersonation attacks and insider attack and does not provide important features such as user anonymity, confidentiality to air messages. Later, Li et al [7] also showed that Chen et al's scheme cannot ensure forward secrecy and the password change phase of the scheme is unfriendly and inefficient when the users update their passwords, in order to eliminate these problems, they proposed a modified smart card based user authentication scheme and claim it is more secure.…”

Section: Introductionmentioning

confidence: 99%

Security Weaknesses of Li's Remote User Password Authentication Scheme Using Smart Card

Ling¹,

Zhao²,

Liu³

2015

Proceedings of the 2015 International Conference on Materials Engineering and Information Technology Applications

View full text Add to dashboard Cite

Abstract. User authentication is an important technology to guarantee that only the legal users can access resources from the remote server. The advantages of smart cards are storage and computation abilities. Recently, Li et al. pointed out the security problems of Chen et al's password authentication scheme and they proposed an enhanced smart card based remote user password authentication scheme and claimed it is secure, However, We find that Li scheme is still vulnerable. It cannot resist user impersonation attack and insider attack. Besides, it also suffers from user anonymity violation and clock synchronization problem.

show abstract

Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’

Cited by 90 publications

References 26 publications

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Cryptanalysis of “a time-bound ticket-based mutual authentication scheme for cloud computing”

Security Weaknesses of Li's Remote User Password Authentication Scheme Using Smart Card

Contact Info

Product

Resources

About

Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’

Cited by 90 publications

References 26 publications

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Cryptanalysis of &#x201C;a time-bound ticket-based mutual authentication scheme for cloud computing&#x201D;

Security Weaknesses of Li's Remote User Password Authentication Scheme Using Smart Card

Contact Info

Product

Resources

About

Cryptanalysis of “a time-bound ticket-based mutual authentication scheme for cloud computing”