Open AccessSmart-card-loss-attack and Improvement of Hsiang et al.’s Authentication Scheme
Author(s) -
Y. C. Lee
Publication year - 2013
Publication title -
journal of applied research and technology
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.364
H-Index - 30
ISSN - 1665-6423
DOI - 10.1016/s1665-6423(13)71567-0
Subject(s) - smart card , computer science , computer security , password , password cracking , authentication (law) , multos , scheme (mathematics) , mutual authentication , smart card application protocol data unit , login , dictionary attack , multi factor authentication , openpgp card , challenge–response authentication , computer network , authentication protocol , card security code , credit card , world wide web , mathematical analysis , mathematics , payment
Due to the open environment, all network systems suffer from various security threats. The remote user authentication scheme is a secure mechanism to allow users obtaining a variety of information services through insecure channels. For efficiency and security, many remote user authentication schemes identify users with smart cards. However, many smart card based schemes are vulnerable to lots of attacks. Recently, Hsiang et al. proposed a smart card based remote authentication scheme. In this article, we show that their scheme is vulnerable to the smart-card-loss-attack. That is, if an unauthorized person obtains the smart card, he/she can guess the correct password to masquerade as a legitimate user to login the system. The attack is caused by the smart card outputs fixed message for the same inputs. We propose an improved scheme to fix the flaw. The improved scheme withstands the off-line password guessing attack, parallel session attack and smart-card-loss-attack. Moreover, it also has the merits of providing mutual authentication, no verification table and users can freely update their passwords