Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments

Zhen Fu Cao; Da Zhi Sun

doi:10.1109/ICMLC.2006.259062

Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments

Zhen Fu Cao, Da Zhi Sun

Shanghai Jiao Tong University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Scopus citations

Abstract

For providing the login service in multi-server environments, Fan, Xu, and Li presented a remote user authentication scheme using smart cards. In this paper, we demonstrate that Fan-Xu-Li's scheme is vulnerable to the parallel session attack. That is, when a legal user logs in a server, an adversary without knowing any secret information can easily impersonate the user to log in other authorized servers. It means that a serious security flaw exists in Fan-Xu-Li's scheme. In addition to being practical, it is desirable to avoid relying on timestamps for security in their scheme. We therefore propose an improved scheme to overcome above disadvantages. As a unilateral authentication mechanism, our improved scheme is more suitable for real-life cryptographic applications than Fan-Xu-Li's scheme.

Original language	English
Title of host publication	Proceedings of the 2006 International Conference on Machine Learning and Cybernetics
Pages	2818-2822
Number of pages	5
DOIs	https://doi.org/10.1109/ICMLC.2006.259062
State	Published - 2006
Externally published	Yes
Event	2006 International Conference on Machine Learning and Cybernetics - Dalian, China Duration: 13 Aug 2006 → 16 Aug 2006

Publication series

Name	Proceedings of the 2006 International Conference on Machine Learning and Cybernetics
Volume	2006

Conference

Conference	2006 International Conference on Machine Learning and Cybernetics
Country/Territory	China
City	Dalian
Period	13/08/06 → 16/08/06

Keywords

Authentication
Multi-server
Parallel session attack
Smart card
Synchronization

Access to Document

10.1109/ICMLC.2006.259062

Cite this

Cao, Z. F., & Sun, D. Z. (2006). Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments. In Proceedings of the 2006 International Conference on Machine Learning and Cybernetics (pp. 2818-2822). Article 4028541 (Proceedings of the 2006 International Conference on Machine Learning and Cybernetics; Vol. 2006). https://doi.org/10.1109/ICMLC.2006.259062

@inproceedings{81dcfe6b0c664d8baf8180159a55dbde,

title = "Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments",

abstract = "For providing the login service in multi-server environments, Fan, Xu, and Li presented a remote user authentication scheme using smart cards. In this paper, we demonstrate that Fan-Xu-Li's scheme is vulnerable to the parallel session attack. That is, when a legal user logs in a server, an adversary without knowing any secret information can easily impersonate the user to log in other authorized servers. It means that a serious security flaw exists in Fan-Xu-Li's scheme. In addition to being practical, it is desirable to avoid relying on timestamps for security in their scheme. We therefore propose an improved scheme to overcome above disadvantages. As a unilateral authentication mechanism, our improved scheme is more suitable for real-life cryptographic applications than Fan-Xu-Li's scheme.",

keywords = "Authentication, Multi-server, Parallel session attack, Smart card, Synchronization",

author = "Cao, \{Zhen Fu\} and Sun, \{Da Zhi\}",

year = "2006",

doi = "10.1109/ICMLC.2006.259062",

language = "英语",

isbn = "1424400619",

series = "Proceedings of the 2006 International Conference on Machine Learning and Cybernetics",

pages = "2818--2822",

booktitle = "Proceedings of the 2006 International Conference on Machine Learning and Cybernetics",

note = "2006 International Conference on Machine Learning and Cybernetics ; Conference date: 13-08-2006 Through 16-08-2006",

}

Cao, ZF & Sun, DZ 2006, Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments. in Proceedings of the 2006 International Conference on Machine Learning and Cybernetics., 4028541, Proceedings of the 2006 International Conference on Machine Learning and Cybernetics, vol. 2006, pp. 2818-2822, 2006 International Conference on Machine Learning and Cybernetics, Dalian, China, 13/08/06. https://doi.org/10.1109/ICMLC.2006.259062

Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments. / Cao, Zhen Fu; Sun, Da Zhi.
Proceedings of the 2006 International Conference on Machine Learning and Cybernetics. 2006. p. 2818-2822 4028541 (Proceedings of the 2006 International Conference on Machine Learning and Cybernetics; Vol. 2006).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments

AU - Cao, Zhen Fu

AU - Sun, Da Zhi

PY - 2006

Y1 - 2006

N2 - For providing the login service in multi-server environments, Fan, Xu, and Li presented a remote user authentication scheme using smart cards. In this paper, we demonstrate that Fan-Xu-Li's scheme is vulnerable to the parallel session attack. That is, when a legal user logs in a server, an adversary without knowing any secret information can easily impersonate the user to log in other authorized servers. It means that a serious security flaw exists in Fan-Xu-Li's scheme. In addition to being practical, it is desirable to avoid relying on timestamps for security in their scheme. We therefore propose an improved scheme to overcome above disadvantages. As a unilateral authentication mechanism, our improved scheme is more suitable for real-life cryptographic applications than Fan-Xu-Li's scheme.

AB - For providing the login service in multi-server environments, Fan, Xu, and Li presented a remote user authentication scheme using smart cards. In this paper, we demonstrate that Fan-Xu-Li's scheme is vulnerable to the parallel session attack. That is, when a legal user logs in a server, an adversary without knowing any secret information can easily impersonate the user to log in other authorized servers. It means that a serious security flaw exists in Fan-Xu-Li's scheme. In addition to being practical, it is desirable to avoid relying on timestamps for security in their scheme. We therefore propose an improved scheme to overcome above disadvantages. As a unilateral authentication mechanism, our improved scheme is more suitable for real-life cryptographic applications than Fan-Xu-Li's scheme.

KW - Authentication

KW - Multi-server

KW - Parallel session attack

KW - Smart card

KW - Synchronization

UR - https://www.scopus.com/pages/publications/33947277991

U2 - 10.1109/ICMLC.2006.259062

DO - 10.1109/ICMLC.2006.259062

M3 - 会议稿件

AN - SCOPUS:33947277991

SN - 1424400619

SN - 9781424400614

T3 - Proceedings of the 2006 International Conference on Machine Learning and Cybernetics

SP - 2818

EP - 2822

BT - Proceedings of the 2006 International Conference on Machine Learning and Cybernetics

T2 - 2006 International Conference on Machine Learning and Cybernetics

Y2 - 13 August 2006 through 16 August 2006

ER -

Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this