For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Security of a Remote User Authentication Scheme Using Smart Cards
Her-Tyan YEH Hung-Min SUN Bin-Tsan HSIEH
IEICE TRANSACTIONS on Communications
Publication Date: 2004/01/01
Print ISSN: 0916-8516
Type of Manuscript: LETTER
password authentication, smart card, network security, remote login, cryptanalysis,
Full Text: PDF(105KB)>>
Recently, Hwang and Li proposed a smartcard-based remote user authentication scheme. Later, Chan and Cheng showed that Hwang and Li's scheme is insecure against a kind of impersonation attack where a legitimate user can create another valid pair of user identity and password without knowing the secret key of the remote system. However, an assumption under Chan and Cheng's attack is that the attacker must be a legal user. In this paper, we further present a more fundamental and efficient impersonation attack on Hwang and Li's scheme. Using our attack, any users (including legal and illegal users) can easily get a specific legal user's password, impersonate this specific user to login to the remote system, and pass the system authentication.