JCP 2013 Vol.8(11): 2838-2843 ISSN: 1796-203X
doi: 10.4304/jcp.8.11.2838-2843
doi: 10.4304/jcp.8.11.2838-2843
Security Analysis on a Timestamp-based Remote User Authentication Scheme
Zuowen Tan1 and Jianfeng Wang2
1
Department of Computer Science & Technology, School of Information Technology,
Jiangxi University of Finance and Economics, Nanchang 330032, Jiangxi Province, P.R. China; Key Laboratory of Mathematics and Interdisciplinary Sciences of Guangdong Higher Education Institutes,
Guangzhou University, Guangzhou 510006, P.R.China
2 Heibei Normal University of Science & Technology, Qinhuangdao, China; Information Security Center, Beijing University of Posts and Telecommunication, Beijing, China
Abstract—In recent years, many password-based remote user authentication schemes have been presented. In 2003, Shen et al. proposed a timestamp-based password authentication scheme using smart cards. In their scheme, the server does not need to maintain any verification table and only stores a secret key. However, Awasthi et al. found that Shen et al.’s scheme is vulnerable to impersonation attacks with the stolen card. Awasthi et al. proposed an improved remote user authentication scheme based smart cards. Unfortunately, the improved version is still insecure. We show that Awasthi et al.’s scheme is vulnerable to offline password guessing attacks, password compromise to the server, impersonation attack and important message leakage attacks. In addition, Awasthi et al.’s scheme has poor reparability.
Index Terms—Authentication, Smart Card, Timestamp, Impersonation Attacks, Password Guessing Attacks
2 Heibei Normal University of Science & Technology, Qinhuangdao, China; Information Security Center, Beijing University of Posts and Telecommunication, Beijing, China
Abstract—In recent years, many password-based remote user authentication schemes have been presented. In 2003, Shen et al. proposed a timestamp-based password authentication scheme using smart cards. In their scheme, the server does not need to maintain any verification table and only stores a secret key. However, Awasthi et al. found that Shen et al.’s scheme is vulnerable to impersonation attacks with the stolen card. Awasthi et al. proposed an improved remote user authentication scheme based smart cards. Unfortunately, the improved version is still insecure. We show that Awasthi et al.’s scheme is vulnerable to offline password guessing attacks, password compromise to the server, impersonation attack and important message leakage attacks. In addition, Awasthi et al.’s scheme has poor reparability.
Index Terms—Authentication, Smart Card, Timestamp, Impersonation Attacks, Password Guessing Attacks
Cite: Zuowen Tan and Jianfeng Wang, " Security Analysis on a Timestamp-based Remote User Authentication Scheme," Journal of Computers vol. 8, no. 11, pp. 2838-2843, 2013.
General Information
ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
-
Nov 14, 2019 News!
Vol 14, No 11 has been published with online version [Click]
-
Mar 20, 2020 News!
Vol 15, No 2 has been published with online version [Click]
-
Dec 16, 2019 News!
Vol 14, No 12 has been published with online version [Click]
-
Sep 16, 2019 News!
Vol 14, No 9 has been published with online version [Click]
-
Aug 16, 2019 News!
Vol 14, No 8 has been published with online version [Click]
- Read more>>