Browse > Article

Cryptanalysis of Hu-Niu-Yang's Multi-server Password Authenticated Key Agreement Schemes Using Smart Card  

Lee, Sang-Gon (Division of Computer & Information Engineering, Dongseo University)
Lim, Meng-Hui (School of Electrical and Electronics Engineering in Yonsei University)
Lee, Hoon-Jae (Division of Computer & Information Engineering, Dongseo University)
Publication Information
Journal of information and communication convergence engineering / v.7, no.3, 2009 , pp. 340-344 More about this Journal
Abstract
Multi-server password authentication schemes enable remote users to obtain service from multiple servers with single password without separately registering to each server. In 2007, Hu-Niu-Yang proposed an improved efficient password authenticated key agreement scheme for multi-server architecture based on Chang-Lee's scheme proposed in 2004. This scheme is claimed to be more efficient and is able to overcome a few existing deficiencies in Chang-Lee's scheme. However, we find false claim of forward secrecy property and some potential threats such as offline dictionary attack, key-compromise attack, and poor reparability in their scheme. In this paper, we will discuss these issues in depth.
Keywords
Multi-server password authentication; forward Secrecy; cryptography; key agreement;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Y. Yang, R. H. Deng, and F. Bao, "A Practical password-based two-server authentication and key exchange system," IEEE Trans. On Dependable and Secure Computing, vol.3, no.3 pp. 105-114, 2006   DOI   ScienceOn
2 T.S. Messerges, E.A. Dabbish, and R.H. Sloan, "Examining Smart-Card Security Under the Threat of Power Analysis Attacks," IEEE Trans. on Computers, vol. 51, no. 5, pp. 541-552, 2002   DOI   ScienceOn
3 S. Halevi and H. Krawczyk, "Public-Key Cryptography and Password Protocols," Proc. ACM Conf Computer and Comm. Security, pp. 122-131,1998   DOI
4 L.-H. Li, I.-C. Lin, and M.-S. Hwang, "A Remote Password Authentication Scheme for Multi-server Architecture using Neural Networks," IEEE Trans. on Neural Networks, vol. 12, no. 6, pp. 1498-1504, 200l   DOI   ScienceOn
5 T. Hwang and W.-C. Ku, "Reparable Key distribution protocols for Internet environments," IEEE Trans. Commun., vol.43, no.5 pp.l947-1949, May 1995   DOI   ScienceOn
6 I.-C. Lin, M.-S. Hwang, and L.-H. Li, "A New Remote User Authentication Scheme for Multiserver Architecture," Future Generation Computer Systems, vol. 19, pp. 13-22,2003   DOI   ScienceOn
7 C.-L. Lin and T. Hwang, "A Password Authentication Scheme with Secure Password Updating," Computer and Security, vol. 22, no. 1, pp. 68-72 , 2003   DOI   ScienceOn
8 W.-C. Ku, H.-M Chuang, and M.-H Chiang, "Cryptanalysis of a Multi-Server Authenticated Key Agreement Scheme Using Smart Cards," IEICE Trans. Fundamentals, vol. E88-A, no.11 Nov. 2005
9 L. Hu, X. Niu, and Y. Yang, "An Efficient Multiserver Password Authenticated Key Agreement Scheme using Smart Cards," International Conference on Multimedia and Ubiquitous Engineering (MUE '07), IEEE, pp. 903-907, 2007   DOI
10 P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Advances in Cryptology (CRYPTO '99), LNCS 1666, pp. 388-397,1999   DOI
11 C.C. Chang and lS. Lee, "An Efficient and Secure Multi-server Password Authentication Scheme using Smart Cards," International Conference on Cyberworlds(CW '04), pp. 417-422, 2004   DOI
12 S. B. Wilson, and A. Menezes, "Authenticated Diffie-Hellman key agreement protocols," Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography (SAC 98), LNCS, vol. 1556, pp. 339-361,1998   DOI   ScienceOn
13 W.S. Juang, "Efficient Multi-server Password Authenticated Key Agreement using Smart Cards," IEEE Trans. on Consumer Electronics vol. 50, no. 1, pp. 251-255, 2004   DOI   ScienceOn