Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme

Authors

SK Hafizul Islam, Department of Computer Science and Information Systems, Birla Institute of Technology and Science, Pilani, Rajasthan 333031, IndiaFollow
G. P. Biswas, Department of Computer Science and Engineering, Indian School of Mines, Dhanbad, Jharkhand 826004, IndiaFollow
Kim-Kwang Raymond Choo, Information Assurance Research Group, Advanced Computing Research Centre, University of South Australia, AustraliaFollow

Abstract

In recent years, several dynamic identity-based two-factor user authentication using password and smartcard have been proposed to provide mutual authentication between the user and server over unreliable networks. However, the design of secure cryptographic schemes is still notoriously hard, and there have been several instances of detected flaws in published schemes. For example in 2010, Hao and Yu demonstrated thatWang et al.’s user authentication scheme is insecure against off-line password guessing and server masquerade attacks, and proposed an improved scheme. Subsequently in 2012, Chao pointed out that the improved scheme of Hao and Yu is, unfortunately, susceptible to off-line password guessing and server masquerade attacks, and prone to password backward security problem; and proposed an enhanced scheme. In this paper, we demonstrated that Chao’s enhanced scheme is not secure against user masquerade attack, server masquerade attack, insider attack and off-line password guessing attack in violation of its security claim as well as it fails to achieve users’ anonymity.

Recommended Citation

Hafizul Islam, SK; P. Biswas, G.; and Raymond Choo, Kim-Kwang (2014) "Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme," Information Sciences Letters: Vol. 3 : Iss. 1 , PP -.
Available at: https://digitalcommons.aaru.edu.jo/isl/vol3/iss1/5