Security analysis and improvement of a user-friendly remote authentication protocol

“…This inconvenience was removed by Wu and Chieu's improved method few years later (Wu and Chieu, 2003), with an additional merit that the selection of password can be accomplished locally without the help of the server. Nevertheless, it is found that their method have some weakness (Yang and Wang, 2004;Wu and Chieu, 2004;Wang et al, 2005;Hsu, 2005;Hwang and Liao, 2005;Lee and Chiu, 2005). If the attacker can intercept and forge messages between the user and the remote server, he can login to the server without having the correct password.…”

“…If the attacker can intercept and forge messages between the user and the remote server, he can login to the server without having the correct password. To cope with this problem, a lot of enhanced schemes are proposed later, including Wu himself (Wu and Chieu, 2004;Wang et al, 2005;Hsu, 2005;Lee and Chiu, 2005). Unfortunately, it is found that Wu's own improved version is still risky under stolen smart card attack, forgery attack, privileged insider's attack and off-line password guessing attack (Yoon andYoo, 2007 andKu et al, 2005).…”

On the Improvement of Remote Authentication Scheme With Smart Cards

“…This inconvenience was removed by Wu and Chieu's improved method few years later (Wu and Chieu, 2003), with an additional merit that the selection of password can be accomplished locally without the help of the server. Nevertheless, it is found that their method have some weakness (Yang and Wang, 2004;Wu and Chieu, 2004;Wang et al, 2005;Hsu, 2005;Hwang and Liao, 2005;Lee and Chiu, 2005). If the attacker can intercept and forge messages between the user and the remote server, he can login to the server without having the correct password.…”

“…If the attacker can intercept and forge messages between the user and the remote server, he can login to the server without having the correct password. To cope with this problem, a lot of enhanced schemes are proposed later, including Wu himself (Wu and Chieu, 2004;Wang et al, 2005;Hsu, 2005;Lee and Chiu, 2005). Unfortunately, it is found that Wu's own improved version is still risky under stolen smart card attack, forgery attack, privileged insider's attack and off-line password guessing attack (Yoon andYoo, 2007 andKu et al, 2005).…”

On the Improvement of Remote Authentication Scheme With Smart Cards

Weakness and improvement on Wang–Li–Tie’s user-friendly remote authentication scheme