Security Analysis of Two Password Authentication Schemes

Abstract

Recently, Rhee, Kwon and Lee proposed a practical authentication scheme only based on the common storage device. In the scheme the remote user does not need to use smart cards. It is convenient for the users to use a common storage device such as a universal serial bus memory. The scheme is easy to implement. However, this authentication scheme is vulnerable to impersonation attacks and middle man attacks. An attacker could impersonate legitimate users to login and access the remote server. In addition, we analyze the security of Fan-Chan- Zhang’s scheme. The scheme suffers from replay attacks and impersonation attacks.