Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Wang, Chenyu; Xu, Guizhi

doi:10.1155/2017/1619741

Cited by 24 publications

(18 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…After analyzing their scheme using AVISPA tool, they claimed the new scheme achieves forward security while being resistant to various attacks. However, this section will show that, under the assumptions on adversary capabilities in Section 2.2, their scheme cannot provide forward security while being subject to two kinds of offline dictionary attacks [27] and so on. Thus their scheme is not a truly two-factor scheme.…”

Section: Cryptanalysis Of Amin Et Al's Schemementioning

confidence: 99%

“…It was not until the work of Ma et al [29] and Wang et al [20,30] did such a stagnant situation completely changed. In 2012, Ma et al [29] pointed out that public key algorithm is necessary to design a secure twofactor authentication scheme; in 2015, Wang et al [20] found that there is a conflict between changing password locally and resisting against smart card loss attack under the current technique; therefore, Wang et al [30] put forward a way of "honeywords"+"fuzzy-verifier" to solve the conflict; in 2016, Wang et al [27] further pointed out that there are two offline dictionary attacks and then combined with the results of [29,30] and matched the corresponding solutions for each attack.…”

Section: Off-line Dictionary Attack I (I) E Adversary's Capability: mentioning

confidence: 99%

“…In this paper, we follow the classification method of Wang et al [27] and demonstrate that Amin et al 's scheme [3] cannot resist against the two kinds of dictionary attack. Looking back at the above attack process, we can find that the key to the problem is that A can find the verification value to check the correctness of the guessed result.…”

Section: Off-line Dictionary Attack I (I) E Adversary's Capability: mentioning

confidence: 99%

See 2 more Smart Citations

An Enhanced User Authentication Protocol Based on Elliptic Curve Cryptosystem in Cloud Computing Environment

Wang

Ding

et al. 2018

Wireless Communications and Mobile Computing

Self Cite

View full text Add to dashboard Cite

With the popularity of cloud computing, information security issues in the cloud environment are becoming more and more prominent. As the first line of defense to ensure cloud computing security, user authentication has attracted extensive attention. Though considerable efforts have been paid for a secure and practical authentication scheme in cloud computing environment, most attempts ended in failure. The design of a secure and efficient user authentication scheme for cloud computing remains a challenge on the one hand and user’s smart card or mobile devices are of limited resource; on the other hand, with the combination of cloud computing and the Internet of Things, applications in cloud environments often need to meet various security requirements and are vulnerable to more attacks. In 2018, Amin et al. proposed an enhanced user authentication scheme in cloud computing, hoping to overcome the identified security flaws of two previous schemes. However, after a scrutinization of their scheme, we revealed that it still suffers from the same attacks (such as no user anonymity, no forward secrecy, and being vulnerable to offline dictionary attack) as the two schemes they compromised. Consequently, we take the scheme of Amin et al. (2018) as a study case, we discussed the inherent reason and the corresponding solutions to authentication schemes for cloud computing environment in detail. Next, we not only proposed an enhanced secure and efficient scheme, but also explained the design rationales for a secure cloud environment protocol. Finally, we applied BAN logic and heuristic analysis to show the security of the protocol and compared our scheme with related schemes. The results manifest the superiority of our scheme.

show abstract

Section: Cryptanalysis Of Amin Et Al's Schemementioning

confidence: 99%

Section: Off-line Dictionary Attack I (I) E Adversary's Capability: mentioning

confidence: 99%

Section: Off-line Dictionary Attack I (I) E Adversary's Capability: mentioning

confidence: 99%

See 1 more Smart Citation

An Enhanced User Authentication Protocol Based on Elliptic Curve Cryptosystem in Cloud Computing Environment

Wang

Ding

et al. 2018

Wireless Communications and Mobile Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…Furthermore, in [23] Section 4.2, we can see that even the adversary guesses the password and identity simultaneously and the whole attack can be finished within limited time. Therefore, the adversary can exhaust the password and identity space simultaneously, and many scholars follow this principle [2,[24][25][26][27].…”

Section: Adversary Modelmentioning

confidence: 99%

A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

Wang

2018

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

With the great development of network technology, the multiserver system gets widely used in providing various of services. And the two-factor authentication protocols in multiserver system attract more and more attention. Recently, there are two new schemes for multiserver environment which claimed to be secure against the known attacks. However, after a scrutinization of these two schemes, we found that (1) their description of the adversary's abilities is inaccurate; (2) their schemes suffer from many attacks. Thus, firstly, we corrected their description on the adversary capacities to introduce a widely accepted adversary model and then summarized fourteen security requirements of multiserver based on the works of pioneer contributors. Secondly, we revealed that one of the two schemes fails to preserve forward secrecy and user anonymity and cannot resist stolen-verifier attack and off-line dictionary attack and so forth and also demonstrated that another scheme fails to preserve forward secrecy and user anonymity and is not secure to insider attack and off-line dictionary attack, and so forth. Finally, we designed an enhanced scheme to overcome these identified weaknesses, proved its security via BAN logic and heuristic analysis, and then compared it with other relevant schemes. The comparison results showed the superiority of our scheme.

show abstract

“…A mass of research [1][2][3][4][5] focuses on passwords mechanism and other authentication mechanisms for user authentication in various computer systems. But recently, with the rapid development of microblogging, the scale of users is becoming larger and larger.…”

Section: Introductionmentioning

confidence: 99%

Information Propagation Prediction Based on Key Users Authentication in Microblogging

Zhang

Zang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

In microblogging, key users are a significant factor for information propagation. Key users can affect information propagation size while retweeting the information. In this paper, to predict information propagation, we propose a novel linear model based on key users authentication. This model mines key users to dynamically improve the linear model while predicting information propagation. So our model can not only predict information propagation but also mine key users. Experimental results show that our model can achieve remarkable efficiency on predicting information propagation problem in real microblogging networks. At the same time, our model can find the key users who affect information propagation.

show abstract

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Cited by 24 publications

References 51 publications

An Enhanced User Authentication Protocol Based on Elliptic Curve Cryptosystem in Cloud Computing Environment

An Enhanced User Authentication Protocol Based on Elliptic Curve Cryptosystem in Cloud Computing Environment

A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

Information Propagation Prediction Based on Key Users Authentication in Microblogging

Contact Info

Product

Resources

About