Journal of information and communication convergence engineering

  • 제9권4호
  • /
  • Pages.431-434
  • /
  • 2011
  • /
  • 2234-8255(pISSN)
  • /
  • 2234-8883(eISSN)
한국정보통신학회 (The Korea Institute of Information and Commucation Engineering)
권호 표지
DOI QR코드

DOI QR Code

Cryptanalysis of Multiple-Server Password-Authenticated Key Agreement Schemes Using Smart Cards

  • Lee, Sang-Gon (Division of Computer & Information Engineering, Dongseo University)
  • 투고 : 2011.05.28
  • 심사 : 2011.07.08
  • 발행 : 2011.08.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Password-based user-authentication schemes have been widely used when users access a server to avail internet services. Multiserver password-authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. In 2008, Jia-Lun Tsai proposed an improved and efficient password-authenticated key agreement scheme for a multiserver architecture based on Chang-Lee's scheme proposed in 2004. However, we found that Tsai's scheme does not provide forward secrecy and is weak to insider impersonation and denial of service attacks. In this article, we describe the drawbacks of Tsai's scheme and provide a countermeasure to satisfy the forward secrecy property.

키워드

참고문헌

  1. C.-C. Chang, J.-S. Lee, "An Efficient and Secure Multi-server Password Authentication Scheme using Smart Cards," International Conference on Cyberworlds (CW '04), pp. 417-422, 2004.
  2. L. Hu, X. Niu, Y. Yang, "An Efficient Multi-server Password Authenticated Key Agreement Scheme using Smart Cards," International Conference on Multimedia and Ubiquitous Engineering (MUE '07), IEEE, pp.903-907, 2007.
  3. W.-S. Juang, "Efficient Multi-server Password Authenticated Key Agreement using Smart Cards," IEEE Trans. on Consumer Electronics, vol. 50, no.1, pp. 251-255, 2004. https://doi.org/10.1109/TCE.2004.1277870
  4. I.-C. Lin, M.-S. Hwang, and L.-H. Li, "New Remote User Authentication Scheme for Multi-server Architecture," Future Generation Computer Systems, vol. 19, pp. 13-22, 2003. https://doi.org/10.1016/S0167-739X(02)00093-6
  5. L.-H. Li, I.-C. Lin and M.-S. Hwang, "A Remote Password Authentication Scheme for Multi-server Architecture using Neural Networks," IEEE Trans. on Neural Networks, vol. 12, pp.1498-1504, 2001. https://doi.org/10.1109/72.963786
  6. J.-L Tsai, "Efficient multi-server authentication schemes based on one-way hash function verification table," Computers & Security, vol. 27, no.3-4, pp. 115-121, 2008. https://doi.org/10.1016/j.cose.2008.04.001

피인용 문헌

  1. A Robust and Anonymous Two Factor Authentication and Key Agreement Protocol for Telecare Medicine Information Systems vol.40, pp.11, 2016, https://doi.org/10.1007/s10916-016-0590-6