Cryptanalysis of "A Robust Smart-Card-Based Remote User Password Authentication Scheme"

2013 International Symposium on Biometrics and Security Technologies Pub Date : 2013-07-02 DOI:10.1109/ISBAST.2013.43

S. Kumari, F. B. Muhaya, M. Khan, R. Kumar

{"title":"Cryptanalysis of \"A Robust Smart-Card-Based Remote User Password Authentication Scheme\"","authors":"S. Kumari, F. B. Muhaya, M. Khan, R. Kumar","doi":"10.1109/ISBAST.2013.43","DOIUrl":null,"url":null,"abstract":"Smart card is a widely accepted user authentication tool to ensure only authorized access to resources available via open networks. In 2010, Sood et al. and Song independently examined a smart card based authentication scheme proposed by Xu et al. They showed that in Xu et al.'s scheme an internal user of the system could turn hostile to impersonate other users of the system. Sood et al. and Song also proposed schemes in order to improve scheme proposed by Xu et al.'s. Recently, Chen et al. identified some security problems in the improvements proposed by Sood et al. and Song. To fix these problems Chen et al. presented another scheme, which they claimed to provide mutual authentication and withstand, lost smart card attack. Undoubtedly, in their scheme user can also verify the legitimacy of server but we find that the scheme fails to resist impersonation attacks and privileged insider attack. We also show that the scheme does not provide user anonymity and confidentiality to air messages. In addition, an attacker can guess a user's password from his lost/stolen smart card.","PeriodicalId":336156,"journal":{"name":"2013 International Symposium on Biometrics and Security Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 International Symposium on Biometrics and Security Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISBAST.2013.43","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Smart card is a widely accepted user authentication tool to ensure only authorized access to resources available via open networks. In 2010, Sood et al. and Song independently examined a smart card based authentication scheme proposed by Xu et al. They showed that in Xu et al.'s scheme an internal user of the system could turn hostile to impersonate other users of the system. Sood et al. and Song also proposed schemes in order to improve scheme proposed by Xu et al.'s. Recently, Chen et al. identified some security problems in the improvements proposed by Sood et al. and Song. To fix these problems Chen et al. presented another scheme, which they claimed to provide mutual authentication and withstand, lost smart card attack. Undoubtedly, in their scheme user can also verify the legitimacy of server but we find that the scheme fails to resist impersonation attacks and privileged insider attack. We also show that the scheme does not provide user anonymity and confidentiality to air messages. In addition, an attacker can guess a user's password from his lost/stolen smart card.

查看原文本刊更多论文

“基于智能卡的鲁棒远程用户密码认证方案”的密码分析

智能卡是一种被广泛接受的用户身份验证工具，用于确保只有经过授权才能通过开放网络访问可用的资源。2010年，ood等人和Song独立研究了Xu等人提出的基于智能卡的认证方案。他们表明，在Xu等人的方案中，系统的内部用户可以转为敌对，以冒充系统的其他用户。为了改进Xu等人提出的方案，ood等人和Song也提出了方案。最近，Chen等人在ood等人和Song提出的改进中发现了一些安全问题。为了解决这些问题，Chen等人提出了另一种方案，他们声称该方案提供相互认证并抵御丢失智能卡攻击。毫无疑问，在他们的方案中，用户也可以验证服务器的合法性，但我们发现该方案无法抵抗冒充攻击和特权内部攻击。我们还证明了该方案不提供用户匿名性和空中消息的机密性。此外，攻击者可以从用户丢失/被盗的智能卡中猜出用户的密码。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 International Symposium on Biometrics and Security Technologies

自引率

0.00%

发文量