A Note on a User Friendly Remote Authentication Scheme with Smart Cards
Summary :
In this letter, we indicate that a proposed user-friendly remote authentication scheme with smart card is insecure. The authentication scheme suffers from the replay attack. An adversity can eavesdrop valid authentication information from the communicating data, modify it, and impersonate the legitimate user to login the remote system. We also present a modified scheme to overcome this vulnerability and improve the robustness. In the modified scheme, the replay attack cannot work successfully. To crack the password from the communicating message is infeasible. Even if the password is compromised, the attacker still cannot pass the authentication and gain the authority of the legitimate user.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E87-A No.8 pp.2180-2181
- Publication Date
- 2004/08/01
- Publicized
- Online ISSN
- DOI
- Type of Manuscript
- LETTER
- Category
- Information Security
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Shyi-Tsong WU, Bin-Chang CHIEU, "A Note on a User Friendly Remote Authentication Scheme with Smart Cards" in IEICE TRANSACTIONS on Fundamentals,
vol. E87-A, no. 8, pp. 2180-2181, August 2004, doi: .
Abstract: In this letter, we indicate that a proposed user-friendly remote authentication scheme with smart card is insecure. The authentication scheme suffers from the replay attack. An adversity can eavesdrop valid authentication information from the communicating data, modify it, and impersonate the legitimate user to login the remote system. We also present a modified scheme to overcome this vulnerability and improve the robustness. In the modified scheme, the replay attack cannot work successfully. To crack the password from the communicating message is infeasible. Even if the password is compromised, the attacker still cannot pass the authentication and gain the authority of the legitimate user.
URL: https://globals.ieice.org/en_transactions/fundamentals/10.1587/e87-a_8_2180/_p
Copy
@ARTICLE{e87-a_8_2180,
author={Shyi-Tsong WU, Bin-Chang CHIEU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={A Note on a User Friendly Remote Authentication Scheme with Smart Cards},
year={2004},
volume={E87-A},
number={8},
pages={2180-2181},
abstract={In this letter, we indicate that a proposed user-friendly remote authentication scheme with smart card is insecure. The authentication scheme suffers from the replay attack. An adversity can eavesdrop valid authentication information from the communicating data, modify it, and impersonate the legitimate user to login the remote system. We also present a modified scheme to overcome this vulnerability and improve the robustness. In the modified scheme, the replay attack cannot work successfully. To crack the password from the communicating message is infeasible. Even if the password is compromised, the attacker still cannot pass the authentication and gain the authority of the legitimate user.},
keywords={},
doi={},
ISSN={},
month={August},}
Copy
TY - JOUR
TI - A Note on a User Friendly Remote Authentication Scheme with Smart Cards
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 2180
EP - 2181
AU - Shyi-Tsong WU
AU - Bin-Chang CHIEU
PY - 2004
DO -
JO - IEICE TRANSACTIONS on Fundamentals
SN -
VL - E87-A
IS - 8
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - August 2004
AB - In this letter, we indicate that a proposed user-friendly remote authentication scheme with smart card is insecure. The authentication scheme suffers from the replay attack. An adversity can eavesdrop valid authentication information from the communicating data, modify it, and impersonate the legitimate user to login the remote system. We also present a modified scheme to overcome this vulnerability and improve the robustness. In the modified scheme, the replay attack cannot work successfully. To crack the password from the communicating message is infeasible. Even if the password is compromised, the attacker still cannot pass the authentication and gain the authority of the legitimate user.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
