On the security of two password authenticated key agreement scheme using smart cards

Jun Zuo Yang; Yong Jian Wang; Hai Feng Qian; Yuan Zhou

doi:10.1016/S1005-8885(11)60455-X

On the security of two password authenticated key agreement scheme using smart cards

Jun Zuo Yang, Yong Jian Wang, Hai Feng Qian, Yuan Zhou

Software Engineering Institute

National Computer Network Emergency Response Technical Team

Research output: Contribution to journal › Article › peer-review

2 Scopus citations

Abstract

After a password authenticated key agreement scheme using smart cards was proposed by Juang et al in 2008. Sun et al and Li et al respectively demonstrated some weaknesses in Juang's scheme and proposed improved schemes. However, although the later two schemes overcome the weaknesses in earlier scheme, we find several weaknesses in them. In Sun's scheme, there are two defects, insecurity under card-compromise attack and weaknesses of password-changing operation. And in Li's scheme we find following defects: vulnerability to denial of server (DoS) attack, server-compromise forward insecurity, complex key setup and session key problems. This paper discussed these problems in detail and our analysis will be helpful to avoid similar mistakes in future works.

Original language	English
Pages (from-to)	137-141
Number of pages	5
Journal	Journal of China Universities of Posts and Telecommunications
Volume	19
Issue number	SUPPL. 1
DOIs	https://doi.org/10.1016/S1005-8885(11)60455-X
State	Published - Jun 2012

Keywords

anonymity
authentication
key agreement
network security
smart card
untraceability

Access to Document

10.1016/S1005-8885(11)60455-X

Cite this

@article{613392ea9bff485cb28a631382b41675,

title = "On the security of two password authenticated key agreement scheme using smart cards",

abstract = "After a password authenticated key agreement scheme using smart cards was proposed by Juang et al in 2008. Sun et al and Li et al respectively demonstrated some weaknesses in Juang's scheme and proposed improved schemes. However, although the later two schemes overcome the weaknesses in earlier scheme, we find several weaknesses in them. In Sun's scheme, there are two defects, insecurity under card-compromise attack and weaknesses of password-changing operation. And in Li's scheme we find following defects: vulnerability to denial of server (DoS) attack, server-compromise forward insecurity, complex key setup and session key problems. This paper discussed these problems in detail and our analysis will be helpful to avoid similar mistakes in future works.",

keywords = "anonymity, authentication, key agreement, network security, smart card, untraceability",

author = "Yang, \{Jun Zuo\} and Wang, \{Yong Jian\} and Qian, \{Hai Feng\} and Yuan Zhou",

year = "2012",

month = jun,

doi = "10.1016/S1005-8885(11)60455-X",

language = "英语",

volume = "19",

pages = "137--141",

journal = "Journal of China Universities of Posts and Telecommunications",

issn = "1005-8885",

publisher = "Beijing University of Posts and Telecommunications",

number = "SUPPL. 1",

}

TY - JOUR

T1 - On the security of two password authenticated key agreement scheme using smart cards

AU - Yang, Jun Zuo

AU - Wang, Yong Jian

AU - Qian, Hai Feng

AU - Zhou, Yuan

PY - 2012/6

Y1 - 2012/6

N2 - After a password authenticated key agreement scheme using smart cards was proposed by Juang et al in 2008. Sun et al and Li et al respectively demonstrated some weaknesses in Juang's scheme and proposed improved schemes. However, although the later two schemes overcome the weaknesses in earlier scheme, we find several weaknesses in them. In Sun's scheme, there are two defects, insecurity under card-compromise attack and weaknesses of password-changing operation. And in Li's scheme we find following defects: vulnerability to denial of server (DoS) attack, server-compromise forward insecurity, complex key setup and session key problems. This paper discussed these problems in detail and our analysis will be helpful to avoid similar mistakes in future works.

AB - After a password authenticated key agreement scheme using smart cards was proposed by Juang et al in 2008. Sun et al and Li et al respectively demonstrated some weaknesses in Juang's scheme and proposed improved schemes. However, although the later two schemes overcome the weaknesses in earlier scheme, we find several weaknesses in them. In Sun's scheme, there are two defects, insecurity under card-compromise attack and weaknesses of password-changing operation. And in Li's scheme we find following defects: vulnerability to denial of server (DoS) attack, server-compromise forward insecurity, complex key setup and session key problems. This paper discussed these problems in detail and our analysis will be helpful to avoid similar mistakes in future works.

KW - anonymity

KW - authentication

KW - key agreement

KW - network security

KW - smart card

KW - untraceability

UR - https://www.scopus.com/pages/publications/84866648645

U2 - 10.1016/S1005-8885(11)60455-X

DO - 10.1016/S1005-8885(11)60455-X

M3 - 文章

AN - SCOPUS:84866648645

SN - 1005-8885

VL - 19

SP - 137

EP - 141

JO - Journal of China Universities of Posts and Telecommunications

JF - Journal of China Universities of Posts and Telecommunications

IS - SUPPL. 1

ER -

On the security of two password authenticated key agreement scheme using smart cards

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this