Abstract:With the fast growth of Internet infrastructure and the use of large-scale complex applications from industries, transport, logistics, government, health and businesses, there is an increasing need to design and deploy multi-featured networking applications. Important features of such applications include the capability to be self-organized, decentralized, integrate different types of resources (PCs, laptops, mobile and sensor devices), and provide global, transparent and secure access to resources. Moreover, … Show more
“…S first checks the validity of h(ID i ) and T u , computes EID=ID i || m and 2 C ′ =h(h(EID ⊕ x) ⊕ T u ), and then compares the computed 2 C ′ with the received C 2 . If they are equal, S computes C 3 =h(h(EID ⊕ x) ⊕ h(T s )) and session key…”
Section: Verification Phasementioning
confidence: 99%
“…With the development of distributed computer networks, it is easy for user terminals to share information and computing power with hosts [1,2]. The distributed locations of service providers make it efficient and convenient for subscribers to access the resources, and it is of great concern to protect the systems and the users' privacy and security from malicious adversaries.…”
Abstract. Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. Recently, Yeh et al. showed that Hsiang and Shih's password-based remote user authentication scheme is vulnerable to various attacks if the smart card is nontamper resistant, and proposed an improved version which was claimed to be efficient and secure. In this study, however, we find that, although Yeh et al.'s scheme possesses many attractive features, it still cannot achieve the claimed security goals, and we report its following flaws: (1) It cannot withstand offline password guessing attack and key-compromise impersonation attack under their non-tamper resistance assumption of the smart card; (2) It fails to provide user anonymity and forward secrecy; (3) It has some other minor defects. The proposed cryptanalysis discourages any use of the scheme under investigation in practice. Remarkably, rationales for the security analysis of password-based authentication schemes using smart cards are discussed in detail.
“…S first checks the validity of h(ID i ) and T u , computes EID=ID i || m and 2 C ′ =h(h(EID ⊕ x) ⊕ T u ), and then compares the computed 2 C ′ with the received C 2 . If they are equal, S computes C 3 =h(h(EID ⊕ x) ⊕ h(T s )) and session key…”
Section: Verification Phasementioning
confidence: 99%
“…With the development of distributed computer networks, it is easy for user terminals to share information and computing power with hosts [1,2]. The distributed locations of service providers make it efficient and convenient for subscribers to access the resources, and it is of great concern to protect the systems and the users' privacy and security from malicious adversaries.…”
Abstract. Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. Recently, Yeh et al. showed that Hsiang and Shih's password-based remote user authentication scheme is vulnerable to various attacks if the smart card is nontamper resistant, and proposed an improved version which was claimed to be efficient and secure. In this study, however, we find that, although Yeh et al.'s scheme possesses many attractive features, it still cannot achieve the claimed security goals, and we report its following flaws: (1) It cannot withstand offline password guessing attack and key-compromise impersonation attack under their non-tamper resistance assumption of the smart card; (2) It fails to provide user anonymity and forward secrecy; (3) It has some other minor defects. The proposed cryptanalysis discourages any use of the scheme under investigation in practice. Remarkably, rationales for the security analysis of password-based authentication schemes using smart cards are discussed in detail.
“…Object placement is also determined by globally-agreed schemes highly related to overlay networks. Among these systems Distributed Hash Tables (DHTs) have emerged as the most popular scheme in this family [2,3]. CAN implements a distributed hash table, which provides basic operations such as insertion, lookup, and deletion of some objects [4].…”
“…With wide spreading of distributed computer networks, it has become popular to allow users accessing various network services offered by distributed service providers [1], [2]. Consequently, user authentication (also called user identification) [3], [4] plays a crucial role in distributed computer networks to verify if a user is legal and then can be granted to access the services requested.…”
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.