Michael Scott
Abstract
In a paper recently published in the ACM Operating Systems Review, Kim, Lee and Yoo [1] describe two ID-based password authentication schemes for logging onto a remote network server using smart cards, passwords and fingerprints. Various claims are made regarding the security of the schemes, but no proof is offered. Here we show how a passive eavesdropper, without access to any smart card, password or fingerprint, and after passively eavesdropping only one legitimate log-on, can subsequently log-on to the server claiming any identity.
- H. S. Kim, S. W. Lee and K. Y. Yoo. "ID-based Password Authentication Scheme using Smart Cards and Fingerprints", ACM Operating Systems Review, Vol. 37, No. 4, pp. 32--41, October 2003. Google Scholar
Digital Library
Index Terms
- Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints
Recommendations
ID-based password authentication scheme using smart cards and fingerprints
This paper proposes two ID-based password authentication schemes, which does not require a dictionary of passwords or verification tables, with smart card and fingerprint. In these schemes, users can change their passwords freely. For a network without ...
A hash-based strong-password authentication scheme without using smart cards
So far, many strong-password authentication schemes have been proposed, however, none is secure enough. In 2003, Lin, Shen, and Hwang proposed a strong-password authentication scheme using smart cards, and claimed that their scheme can resist the ...
Cryptanalysis of nonce-based mutual authentication scheme using smart cards
ICHIT'11: Proceedings of the 5th international conference on Convergence and hybrid information technologyRecently, many user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication process. In 2008, Liu et al. proposed a new mutual authentication scheme using smart cards which is based on nonce ...
Comments