Cryptanalysis of a Remote User Authentication Protocol Using Smart Cards
Title | Cryptanalysis of a Remote User Authentication Protocol Using Smart Cards |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Madhusudhan, R., Kumar, S.R. |
Conference Name | Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on |
Date Published | April |
Keywords | authentication, Bismuth, computer network security, cryptanalysis, cryptographic protocols, cryptography, denial-of-service attack, dynamic id, insecure channel, insider attacks, legitimacy verification, message authentication, password change phase, Protocols, remote user authentication protocol, server impersonation attack, Servers, session key, Smart card, smart cards, user impersonation attack, verification table, Yung-Cheng-Lee's protocol |
Abstract | Remote user authentication using smart cards is a method of verifying the legitimacy of remote users accessing the server through insecure channel, by using smart cards to increase the efficiency of the system. During last couple of years many protocols to authenticate remote users using smart cards have been proposed. But unfortunately, most of them are proved to be unsecure against various attacks. Recently this year, Yung-Cheng Lee improved Shin et al.'s protocol and claimed that their protocol is more secure. In this article, we have shown that Yung-Cheng-Lee's protocol too has defects. It does not provide user anonymity; it is vulnerable to Denial-of-Service attack, Session key reveal, user impersonation attack, Server impersonation attack and insider attacks. Further it is not efficient in password change phase since it requires communication with server and uses verification table. |
DOI | 10.1109/SOSE.2014.84 |
Citation Key | 6830951 |
- message authentication
- Yung-Cheng-Lee's protocol
- verification table
- user impersonation attack
- smart cards
- Smart card
- session key
- Servers
- server impersonation attack
- remote user authentication protocol
- Protocols
- password change phase
- authentication
- legitimacy verification
- insider attacks
- insecure channel
- dynamic id
- denial-of-service attack
- Cryptography
- Cryptographic Protocols
- cryptanalysis
- computer network security
- Bismuth