Abstract
Recently, many user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication process. In 2008, Liu et al. proposed a new mutual authentication scheme using smart cards which is based on nonce and can withstand the existing of forged attack. In this paper, we analyze the security weaknesses of Liu et al.’s scheme. Although Liu et al.’s scheme overcame the vulnerability of Shen et al.’s scheme, we have shown that Liu et al.’s scheme is still insecure against the Impersonation attack and password guessing attack, and does not provide the mutual authentication between the user and the remote server.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Yang, W.H., Shieh, S.P.: Password Authentication with smart cards. Computers and Security 18(8), 727–733 (1999)
Fan, L., Li, L.H., Zhu, H.W.: An Enhancement of timestamp-based password Authentication Scheme. Computers and Security 21(7), 665–667 (2002)
Shen, J.J., Lin, C.W., Hwang, M.S.: Security Enhancement for the timestamp-based password Authentication Scheme Using Smart Cards. Computers and Security 22(7), 591–595 (2003)
Das, M.L., Sxena, A., Gulathi, V.P.: A Dynamic ID-based Remote User Authentication Scheme. IEEE Transactions on Consumer Electronics 50(2), 629–631 (2004)
Chien, H.Y., Chen, C.H.: A Remote Password Authentication Preserving User Anonymity. In: Proceedings of the 19th International Conference on Advanced Information Networking and Applications, AINA 2005 (2005)
Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Attack on the Shen et al.’s Timestamp-based Password Authentication Scheme Using Smart Cards. IEICE Transactions on Fundamentals E88-A(1), 319–321 (2005)
Lin, C.W., Tsai, C.S., Hwang, M.S.: A New Strong-Password Authentication Scheme Using One-Way Hash Functions. Journal of Computer and Systems Sciences International 45(4), 623–626 (2006)
Bindu, C.S., Reddy, P.C.S., Satyanarayana, B.: Improved Remote User Authentication Scheme Preserving User Anonymity. International Journal of Computer Science and Network Security 8(3), 62–66 (2008)
Liu, J.Y., Zhou, A.M., Gao, M.X.: A New Mutual Authentication Scheme based on Nonce and Smart Cards. Computer Communications 31, 2205–2209 (2008)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-Card Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
An, YH., Joo, Y. (2011). Cryptanalysis of Nonce-Based Mutual Authentication Scheme Using Smart Cards. In: Lee, G., Howard, D., Ślęzak, D. (eds) Convergence and Hybrid Information Technology. ICHIT 2011. Lecture Notes in Computer Science, vol 6935. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24082-9_59
Download citation
DOI: https://doi.org/10.1007/978-3-642-24082-9_59
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24081-2
Online ISBN: 978-3-642-24082-9
eBook Packages: Computer ScienceComputer Science (R0)