2017
DOI: 10.1155/2017/1619741
|View full text |Cite
|
Sign up to set email alerts
|

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Abstract: Remote user authentication is the first step to guarantee the security of online services. Online services grow rapidly and numerous remote user authentication schemes were proposed with high capability and efficiency. Recently, there are three new improved remote user authentication schemes which claim to be resistant to various attacks. Unfortunately, according to our analysis, these schemes all fail to achieve some critical security goals. This paper demonstrates that they all suffer from offline dictionary… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
19
0

Year Published

2018
2018
2024
2024

Publication Types

Select...
7
1

Relationship

2
6

Authors

Journals

citations
Cited by 24 publications
(19 citation statements)
references
References 51 publications
0
19
0
Order By: Relevance
“…After analyzing their scheme using AVISPA tool, they claimed the new scheme achieves forward security while being resistant to various attacks. However, this section will show that, under the assumptions on adversary capabilities in Section 2.2, their scheme cannot provide forward security while being subject to two kinds of offline dictionary attacks [27] and so on. Thus their scheme is not a truly two-factor scheme.…”
Section: Cryptanalysis Of Amin Et Al's Schemementioning
confidence: 99%
See 2 more Smart Citations
“…After analyzing their scheme using AVISPA tool, they claimed the new scheme achieves forward security while being resistant to various attacks. However, this section will show that, under the assumptions on adversary capabilities in Section 2.2, their scheme cannot provide forward security while being subject to two kinds of offline dictionary attacks [27] and so on. Thus their scheme is not a truly two-factor scheme.…”
Section: Cryptanalysis Of Amin Et Al's Schemementioning
confidence: 99%
“…It was not until the work of Ma et al [29] and Wang et al [20,30] did such a stagnant situation completely changed. In 2012, Ma et al [29] pointed out that public key algorithm is necessary to design a secure twofactor authentication scheme; in 2015, Wang et al [20] found that there is a conflict between changing password locally and resisting against smart card loss attack under the current technique; therefore, Wang et al [30] put forward a way of "honeywords"+"fuzzy-verifier" to solve the conflict; in 2016, Wang et al [27] further pointed out that there are two offline dictionary attacks and then combined with the results of [29,30] and matched the corresponding solutions for each attack.…”
Section: Off-line Dictionary Attack I (I) E Adversary's Capability: mentioning
confidence: 99%
See 1 more Smart Citation
“…Furthermore, in [23] Section 4.2, we can see that even the adversary guesses the password and identity simultaneously and the whole attack can be finished within limited time. Therefore, the adversary can exhaust the password and identity space simultaneously, and many scholars follow this principle [2,[24][25][26][27].…”
Section: Adversary Modelmentioning
confidence: 99%
“…A mass of research [1][2][3][4][5] focuses on passwords mechanism and other authentication mechanisms for user authentication in various computer systems. But recently, with the rapid development of microblogging, the scale of users is becoming larger and larger.…”
Section: Introductionmentioning
confidence: 99%