Attacks on the (enhanced) Yang-Shieh authentication

doi:10.1016/S0167-4048(03)00012-9

Computers & Security

Volume 22, Issue 8, December 2003, Pages 725-727

https://doi.org/10.1016/S0167-4048(03)00012-9 Get rights and content

Abstract

The Yang-Shieh authentication is a time-stamp based password authentication scheme that uses smart cards [1]. In [2, 3], various attacks on this scheme are described. However, an enhancement of the scheme is proposed in [3] and enables the scheme to resist these existing attacks. In this paper, we show two new attack that can break the enhanced scheme. We further point out that the fundamental computational assumption of the Yang-Shieh authentication scheme is incorrect.

Introduction

Yang and Shieh present a time-stamp based password authentication scheme that uses smart cards in [1]. In [2], Chan and Cheng show a given-ciphertext attack on this scheme. Later, a direct attack is shown in [3]. However, the authors of [3] also propose an enhancement of the scheme that can resist the existing attacks.

In this paper, we show two new attacks that can break the enhanced scheme The first attack is applicable if e<27 and is very simple and easy to understand. The second attack is more general — applicable for any value of e. It can forge a login request for an arbitrary user identifier and thus cannnot be prevented by adding any restriction on the user identifier. As we will show in Section 3, the second attack implies that the fundamental computational assumption of the Yang-Shieh authentication scheme is incorrect.

The rest of this paper is organized as follows. In Section 2, we review the Yang-Shieh scheme together with existing attacks and the enhancement that resists the existing attacks. In Section 3, we show our new attacks and discuss the implication.

Section snippets

Review of scheme, attacks, and enhancement

A very good summary of the original Yang-Shieh scheme can be found in [2] or [3]. For completeness, we take the following from [3].

In the registration phase, a new user U_i submits his identity ID_i and chosen password PW_i to the key information center (KIC). The KIC the performs the following steps:

1.
Generate two large primes p and q and compute n pq.
2.
Chooses a prime number e and an integer d such that $ed = 1(mod (p − 1)(q − 1)).$
3.
Finds an integer g, which is a primitive element in both GF(p) and GF(q).

New attacks on the enhanced scheme

We first note that if e<27 then a forger can simply choose X_f = 1, Y_f = 2, and ID_f = Y^e_f. The forged request can pass the authentication because $Y^{e}_{f} = ID_{f} = ID_{f} · 1^{f(CID_{i}, T)} (mod n).$

On the other hand, e < 27 guarantees that ID_f = 2^e ϵ[1,2²⁷ −1]. However, this does not work for e≥27 because ID_f would be out of [1,2²⁷ −1].

Then we consider a more complicated attack that is suitable for any value of e. This attack forges a login request for an arbitrary (valid) user identifier as follows. Suppose

References (4)

W.H. Yang et al.
Password authentication schemes with smart cards
Computers & Security
(1999)

There are more references available in the full text version of this article.

Cited by (15)

Robust remote authentication scheme with smart cards
2005, Computers and Security
Citation Excerpt :
For large-scale networks, Yang and Shieh (1999) proposed a remote authentication scheme based on “nonce” instead of timestamps without the problems of clock synchronization and delay-time limitation. Unfortunately, some security weaknesses have been found in Yang and Shieh's scheme (Chen and Zhong, 2003). Malicious parties may catch the information stored in the smart card of some user by some ways, such as the attackers successfully crack the smart card that was lost by the user (Kocher et al., 1999; Messerges et al., 2002) or the attackers obtain the information in the smart card via an illegal card reader or device.
Due to low-computation cost and convenient portability, smart cards are usually adopted to store the personal secret information of users for remote authentication. Although many remote authentication schemes using smart cards have been introduced in the literatures, they still suffer from some possible attacks or cannot guarantee the quality of performance for smart cards. In this paper, we classify the security criteria of remote authentication and propose a new remote login scheme using smart cards to satisfy all of these criteria. Not only does the proposed scheme achieve the low-computation requirement for smart cards, but also it can withstand the replay and the offline dictionary attacks as well. Moreover, our scheme requires neither any password table for verification nor clock synchronization between each user and the server while providing both mutual authentication and the uniqueness of valid cards.
A Review and cryptanalysis of similar timestamp-based password authentication schemes using smart cards
2010, International Journal of Communication Networks and Information Security
Cryptanalysis of Yang-Wang-Chang's password authentication scheme with smart cards
2008, International Conference on Advanced Communication Technology, ICACT
A security enhanced timestamp-based password authentication scheme using smart cards
2007, IEICE Transactions on Information and Systems
Password authentication scheme for mobile computing environment
2007, Tongxin Xuebao/Journal on Communications
Hierarchical multi-party key agreement for wireless networks
2007, Proceedings - IAS 2007 3rd Internationl Symposium on Information Assurance and Security

View all citing articles on Scopus

View full text

Refereed PaperAttacks on the (enhanced) Yang-Shieh authentication