Abstract
In 2005, Lee, Kim, and Yoo proposed a nonce-based mu-tual authentication scheme using smart cards. However, this paper demonstrates that Lee-Kim-Yoo's scheme is vulnerable to an impersonation attack that the attacker without knowing the remote user's any secret can mas-querade as him by obtaining the valid authentication mes-sage from any normal session between the remote user and the system. Our purpose is to emphasize that it is danger-ous that the remote user and the system separately imple-ment their authentication operations without any logical relation to achieve the mutual authentication. Further-more, we suggest that the tool of matching conversations would be useful as a sanity check to find this kind of the security breach.
| Original language | English |
|---|---|
| Pages (from-to) | 116-120 |
| Number of pages | 5 |
| Journal | International Journal of Network Security |
| Volume | 6 |
| Issue number | 1 |
| State | Published - 2008 |
| Externally published | Yes |
Keywords
- Impersonation attack
- Matching conversation
- Mutual authentication
- Smart card