For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Further Cryptanalysis of a Password Authentication Scheme with Smart Cards
Hung-Min SUN Her-Tyan YEH
IEICE TRANSACTIONS on Communications
Publication Date: 2003/04/01
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
password authentication, smart card, network security, ID-based scheme, cryptanalysis,
Full Text: PDF>>
Following the developments in the use of ID-based schemes and smart cards, Yang and Shieh proposed two password authentication schemes to achieve two purposes: (1) to allow users to choose and change their passwords freely, and (2) to make it unnecessary for the remote server to maintain a directory of passwords or a verification table to authenticate users. Recently, Chan and Cheng showed that Yang and Shieh's timestamp-based password authentication scheme is insecure against forgery. In this paper, we point out that Chan and Cheng's forgery attack can not work. Thus, we further examine the security of Yang and Shieh's password authentication schemes and find that they are insecure against forgery because one adversary can easily pretend to be a valid user and pass the server's verification which allows the adversary to login to the the remote server.