Further Cryptanalysis of a Password Authentication Scheme with Smart Cards

Hung-Min SUN  Her-Tyan YEH  

IEICE TRANSACTIONS on Communications   Vol.E86-B   No.4   pp.1412-1415
Publication Date: 2003/04/01
Online ISSN: 
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
password authentication,  smart card,  network security,  ID-based scheme,  cryptanalysis,  

Full Text: PDF(125.5KB)>>
Buy this Article

Following the developments in the use of ID-based schemes and smart cards, Yang and Shieh proposed two password authentication schemes to achieve two purposes: (1) to allow users to choose and change their passwords freely, and (2) to make it unnecessary for the remote server to maintain a directory of passwords or a verification table to authenticate users. Recently, Chan and Cheng showed that Yang and Shieh's timestamp-based password authentication scheme is insecure against forgery. In this paper, we point out that Chan and Cheng's forgery attack can not work. Thus, we further examine the security of Yang and Shieh's password authentication schemes and find that they are insecure against forgery because one adversary can easily pretend to be a valid user and pass the server's verification which allows the adversary to login to the the remote server.