Weakness and improvement on Wang–Li–Tie’s user-friendly remote authentication scheme
作者:
Highlights:
•
摘要
In an open network environment, the remote authentication scheme using smart cards is a very practical solution to validate the legitimacy of a remote user. In 2003, Wu and Chieu presented a user-friendly remote authentication scheme using smart cards. Recently, Wang, Li, and Tie found that Wu–Chieu’s scheme is vulnerable to the forged login attack, and then presented an improvement to eliminate this vulnerability. In our opinion, the smart card plays an important role in those schemes. Therefore, we demonstrate that Wang–Li–Tie’s scheme is not secure under the smart card loss assumption. If an adversary obtains a legal user’s smart card even without the user’s corresponding password, he can easily use it to impersonate the user to pass the server’s authentication. We further propose an improved scheme to overcome this abuse of the smart card.
论文关键词:Network security,Cryptology,Remote authentication,Smart card loss assumption,Password,Impersonation
论文评审过程:Available online 21 February 2005.
论文官网地址:https://doi.org/10.1016/j.amc.2005.01.013