Cryptanalysis of Timestamp-Based Password Authentication Schemes Using Smart Cards
Password authentication is an important mechanism for remote login systems, where only authorized users can be authenticated via using their passwords and/or some similar secrets. In 1999, Yang and Shieh [14] proposed two password authentication schemes using smart cards. Their schemes are not only...
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Tagungsbericht |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 409 |
|---|---|
| container_issue | |
| container_start_page | 399 |
| container_title | |
| container_volume | |
| creator | Wang, Guilin Bao, Feng |
| description | Password authentication is an important mechanism for remote login systems, where only authorized users can be authenticated via using their passwords and/or some similar secrets. In 1999, Yang and Shieh [14] proposed two password authentication schemes using smart cards. Their schemes are not only very efficient, but also allow users to change their passwords freely and the server has no need to maintain a verification table for authenticating users. However, their schemes are later identified to be flawed. To overcome those security flaws, Shen et al. [9] and Yoon et al. [17] proposed further improvements and claimed their new schemes are secure. In this paper, we first point out that Yang et al.’s attack [15] against Shen et al.’s scheme is actually invalid, since we can show that in a real implementation it is extremely difficult to find two hash values such that one is divisible by the other. After that, we show that both of Shen et al.’ scheme and Yoon et al.’s scheme are insecure by identifying several effective impersonation attacks. Those attacks enable an outsider to be successfully authenticated and then enjoy the resources and/or services provided by the server. |
| doi_str_mv | 10.1007/11935308_28 |
| format | Conference Proceeding |
| fullrecord | <record><control><sourceid>pascalfrancis_sprin</sourceid><recordid>TN_cdi_pascalfrancis_primary_19183293</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>19183293</sourcerecordid><originalsourceid>FETCH-LOGICAL-p219t-3ca16f995020ef7fe3acd7907989a427eb1fdc67518e90e90971681ea2f1e26c3</originalsourceid><addsrcrecordid>eNpVkM1Lw0AUxNcvsNae_Af24sFD9L3dJJt31OAXFBTbnsPrZreNtknIRqT_vZF6UBiYw_wYhhHiAuEaAcwNIulEQ1ao7EBMyGQ6iSGmmIw-FCNMESOtYzr6l6XpsRiBBhWRifWpOAvhHQCUITUSb3m3a3uuebMLVZCNl_Nq60LP2za64-BK-cohfDVdKW8_-7Wr-8pyXzW1nNm1G0i5CFW9krMtd73MuSvDuTjxvAlu8utjsXi4n-dP0fTl8Tm_nUatQuojbRlTT5SAAueNd5ptaQgMZcSxMm6JvrSpSTBzBIPIYJqhY-XRqdTqsbjc97YcLG98x7WtQtF21bBlVyBhphXpgbvac2GI6pXrimXTfIQCofg5tfhzqv4G-O1kLw</addsrcrecordid><sourcetype>Index Database</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Cryptanalysis of Timestamp-Based Password Authentication Schemes Using Smart Cards</title><source>Springer Books</source><creator>Wang, Guilin ; Bao, Feng</creator><contributor>Ning, Peng ; Qing, Sihan ; Li, Ninghui</contributor><creatorcontrib>Wang, Guilin ; Bao, Feng ; Ning, Peng ; Qing, Sihan ; Li, Ninghui</creatorcontrib><description>Password authentication is an important mechanism for remote login systems, where only authorized users can be authenticated via using their passwords and/or some similar secrets. In 1999, Yang and Shieh [14] proposed two password authentication schemes using smart cards. Their schemes are not only very efficient, but also allow users to change their passwords freely and the server has no need to maintain a verification table for authenticating users. However, their schemes are later identified to be flawed. To overcome those security flaws, Shen et al. [9] and Yoon et al. [17] proposed further improvements and claimed their new schemes are secure. In this paper, we first point out that Yang et al.’s attack [15] against Shen et al.’s scheme is actually invalid, since we can show that in a real implementation it is extremely difficult to find two hash values such that one is divisible by the other. After that, we show that both of Shen et al.’ scheme and Yoon et al.’s scheme are insecure by identifying several effective impersonation attacks. Those attacks enable an outsider to be successfully authenticated and then enjoy the resources and/or services provided by the server.</description><identifier>ISSN: 0302-9743</identifier><identifier>ISBN: 9783540494966</identifier><identifier>ISBN: 3540494960</identifier><identifier>EISSN: 1611-3349</identifier><identifier>EISBN: 9783540494973</identifier><identifier>EISBN: 3540494979</identifier><identifier>DOI: 10.1007/11935308_28</identifier><language>eng</language><publisher>Berlin, Heidelberg: Springer Berlin Heidelberg</publisher><subject>Applied sciences ; attack ; Computer science; control theory; systems ; Exact sciences and technology ; hash function ; Memory and file management (including protection and security) ; Memory organisation. Data processing ; password authentication ; smart card ; Software</subject><ispartof>Information and Communications Security, 2006, p.399-409</ispartof><rights>Springer-Verlag Berlin Heidelberg 2006</rights><rights>2007 INIST-CNRS</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/11935308_28$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/11935308_28$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>309,310,775,776,780,785,786,789,4036,4037,27902,38232,41418,42487</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=19183293$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><contributor>Ning, Peng</contributor><contributor>Qing, Sihan</contributor><contributor>Li, Ninghui</contributor><creatorcontrib>Wang, Guilin</creatorcontrib><creatorcontrib>Bao, Feng</creatorcontrib><title>Cryptanalysis of Timestamp-Based Password Authentication Schemes Using Smart Cards</title><title>Information and Communications Security</title><description>Password authentication is an important mechanism for remote login systems, where only authorized users can be authenticated via using their passwords and/or some similar secrets. In 1999, Yang and Shieh [14] proposed two password authentication schemes using smart cards. Their schemes are not only very efficient, but also allow users to change their passwords freely and the server has no need to maintain a verification table for authenticating users. However, their schemes are later identified to be flawed. To overcome those security flaws, Shen et al. [9] and Yoon et al. [17] proposed further improvements and claimed their new schemes are secure. In this paper, we first point out that Yang et al.’s attack [15] against Shen et al.’s scheme is actually invalid, since we can show that in a real implementation it is extremely difficult to find two hash values such that one is divisible by the other. After that, we show that both of Shen et al.’ scheme and Yoon et al.’s scheme are insecure by identifying several effective impersonation attacks. Those attacks enable an outsider to be successfully authenticated and then enjoy the resources and/or services provided by the server.</description><subject>Applied sciences</subject><subject>attack</subject><subject>Computer science; control theory; systems</subject><subject>Exact sciences and technology</subject><subject>hash function</subject><subject>Memory and file management (including protection and security)</subject><subject>Memory organisation. Data processing</subject><subject>password authentication</subject><subject>smart card</subject><subject>Software</subject><issn>0302-9743</issn><issn>1611-3349</issn><isbn>9783540494966</isbn><isbn>3540494960</isbn><isbn>9783540494973</isbn><isbn>3540494979</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2006</creationdate><recordtype>conference_proceeding</recordtype><recordid>eNpVkM1Lw0AUxNcvsNae_Af24sFD9L3dJJt31OAXFBTbnsPrZreNtknIRqT_vZF6UBiYw_wYhhHiAuEaAcwNIulEQ1ao7EBMyGQ6iSGmmIw-FCNMESOtYzr6l6XpsRiBBhWRifWpOAvhHQCUITUSb3m3a3uuebMLVZCNl_Nq60LP2za64-BK-cohfDVdKW8_-7Wr-8pyXzW1nNm1G0i5CFW9krMtd73MuSvDuTjxvAlu8utjsXi4n-dP0fTl8Tm_nUatQuojbRlTT5SAAueNd5ptaQgMZcSxMm6JvrSpSTBzBIPIYJqhY-XRqdTqsbjc97YcLG98x7WtQtF21bBlVyBhphXpgbvac2GI6pXrimXTfIQCofg5tfhzqv4G-O1kLw</recordid><startdate>2006</startdate><enddate>2006</enddate><creator>Wang, Guilin</creator><creator>Bao, Feng</creator><general>Springer Berlin Heidelberg</general><general>Springer</general><scope>IQODW</scope></search><sort><creationdate>2006</creationdate><title>Cryptanalysis of Timestamp-Based Password Authentication Schemes Using Smart Cards</title><author>Wang, Guilin ; Bao, Feng</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-p219t-3ca16f995020ef7fe3acd7907989a427eb1fdc67518e90e90971681ea2f1e26c3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2006</creationdate><topic>Applied sciences</topic><topic>attack</topic><topic>Computer science; control theory; systems</topic><topic>Exact sciences and technology</topic><topic>hash function</topic><topic>Memory and file management (including protection and security)</topic><topic>Memory organisation. Data processing</topic><topic>password authentication</topic><topic>smart card</topic><topic>Software</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Wang, Guilin</creatorcontrib><creatorcontrib>Bao, Feng</creatorcontrib><collection>Pascal-Francis</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Wang, Guilin</au><au>Bao, Feng</au><au>Ning, Peng</au><au>Qing, Sihan</au><au>Li, Ninghui</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Cryptanalysis of Timestamp-Based Password Authentication Schemes Using Smart Cards</atitle><btitle>Information and Communications Security</btitle><date>2006</date><risdate>2006</risdate><spage>399</spage><epage>409</epage><pages>399-409</pages><issn>0302-9743</issn><eissn>1611-3349</eissn><isbn>9783540494966</isbn><isbn>3540494960</isbn><eisbn>9783540494973</eisbn><eisbn>3540494979</eisbn><abstract>Password authentication is an important mechanism for remote login systems, where only authorized users can be authenticated via using their passwords and/or some similar secrets. In 1999, Yang and Shieh [14] proposed two password authentication schemes using smart cards. Their schemes are not only very efficient, but also allow users to change their passwords freely and the server has no need to maintain a verification table for authenticating users. However, their schemes are later identified to be flawed. To overcome those security flaws, Shen et al. [9] and Yoon et al. [17] proposed further improvements and claimed their new schemes are secure. In this paper, we first point out that Yang et al.’s attack [15] against Shen et al.’s scheme is actually invalid, since we can show that in a real implementation it is extremely difficult to find two hash values such that one is divisible by the other. After that, we show that both of Shen et al.’ scheme and Yoon et al.’s scheme are insecure by identifying several effective impersonation attacks. Those attacks enable an outsider to be successfully authenticated and then enjoy the resources and/or services provided by the server.</abstract><cop>Berlin, Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/11935308_28</doi><tpages>11</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0302-9743 |
| ispartof | Information and Communications Security, 2006, p.399-409 |
| issn | 0302-9743 1611-3349 |
| language | eng |
| recordid | cdi_pascalfrancis_primary_19183293 |
| source | Springer Books |
| subjects | Applied sciences attack Computer science control theory systems Exact sciences and technology hash function Memory and file management (including protection and security) Memory organisation. Data processing password authentication smart card Software |
| title | Cryptanalysis of Timestamp-Based Password Authentication Schemes Using Smart Cards |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-01T20%3A35%3A27IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-pascalfrancis_sprin&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Cryptanalysis%20of%20Timestamp-Based%20Password%20Authentication%20Schemes%20Using%20Smart%20Cards&rft.btitle=Information%20and%20Communications%20Security&rft.au=Wang,%20Guilin&rft.date=2006&rft.spage=399&rft.epage=409&rft.pages=399-409&rft.issn=0302-9743&rft.eissn=1611-3349&rft.isbn=9783540494966&rft.isbn_list=3540494960&rft_id=info:doi/10.1007/11935308_28&rft_dat=%3Cpascalfrancis_sprin%3E19183293%3C/pascalfrancis_sprin%3E%3Curl%3E%3C/url%3E&rft.eisbn=9783540494973&rft.eisbn_list=3540494979&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |