Weakness and improvement on Wang–Li–Tie’s user-friendly remote authentication scheme |
| |
Authors: | Da-Zhi Sun Ji-Dong Zhong Yu Sun |
| |
Institution: | aDepartment of Computer Science, Shanghai Jiao Tong University, 1954 HuaShan Road, P.O. Box 282, Shanghai 200030, PR China bDepartment of Management, Beijing Normal University, Beijing 100875, PR China |
| |
Abstract: | In an open network environment, the remote authentication scheme using smart cards is a very practical solution to validate the legitimacy of a remote user. In 2003, Wu and Chieu presented a user-friendly remote authentication scheme using smart cards. Recently, Wang, Li, and Tie found that Wu–Chieu’s scheme is vulnerable to the forged login attack, and then presented an improvement to eliminate this vulnerability. In our opinion, the smart card plays an important role in those schemes. Therefore, we demonstrate that Wang–Li–Tie’s scheme is not secure under the smart card loss assumption. If an adversary obtains a legal user’s smart card even without the user’s corresponding password, he can easily use it to impersonate the user to pass the server’s authentication. We further propose an improved scheme to overcome this abuse of the smart card. |
| |
Keywords: | Network security Cryptology Remote authentication Smart card loss assumption Password Impersonation |
本文献已被 ScienceDirect 等数据库收录! |
|