CRYPTANALYSIS AND IMPROVEMENT OF USER AUTHENTICATION SCHEME USING SMART CARDS FOR MULTI-SERVER ENVIRONMENTS
For providing the login service in multi-server environments, Fan, Xu, and Li presented a remote user authentication scheme using smart cards. In this paper, we demonstrate that Fan-Xu-Lis scheme is vulnerable to the parallel session attack. That is, when a legal user logs in a server, an adversary without knowing any secret information can easily impersonate the user to log in other authorized servers. It means that a serious security flaw exists in Fan-Xu-Lis scheme. In addition to being practical, it is desirable to avoid relying on timestamps for security in their scheme. We therefore propose an improved scheme to overcome above disadvantages. As a unilateral authentication mechanism, our improved scheme is more suitable for real-life cryptographic applications than Fan-Xu-Lis scheme.
Authentication Multi-server Smart card Parallel session attack Synchronization
ZHEN-FU CAO DA-ZHI SUN
Department of Computer Science and Technology, Shanghai Jiaotong University, Shanghai 200030, China
国际会议
2006 International Conference on Machine Learning and Cybernetics(IEEE第五届机器学习与控制论坛)
大连
英文
2818-2822
2006-08-13(万方平台首次上网日期,不代表论文的发表时间)