会议专题

CRYPTANALYSIS AND IMPROVEMENT OF USER AUTHENTICATION SCHEME USING SMART CARDS FOR MULTI-SERVER ENVIRONMENTS

For providing the login service in multi-server environments, Fan, Xu, and Li presented a remote user authentication scheme using smart cards. In this paper, we demonstrate that Fan-Xu-Lis scheme is vulnerable to the parallel session attack. That is, when a legal user logs in a server, an adversary without knowing any secret information can easily impersonate the user to log in other authorized servers. It means that a serious security flaw exists in Fan-Xu-Lis scheme. In addition to being practical, it is desirable to avoid relying on timestamps for security in their scheme. We therefore propose an improved scheme to overcome above disadvantages. As a unilateral authentication mechanism, our improved scheme is more suitable for real-life cryptographic applications than Fan-Xu-Lis scheme.

Authentication Multi-server Smart card Parallel session attack Synchronization

ZHEN-FU CAO DA-ZHI SUN

Department of Computer Science and Technology, Shanghai Jiaotong University, Shanghai 200030, China

国际会议

2006 International Conference on Machine Learning and Cybernetics(IEEE第五届机器学习与控制论坛)

大连

英文

2818-2822

2006-08-13(万方平台首次上网日期,不代表论文的发表时间)