By Topic

Cryptanalysis and Security Enhancement of Two Password Authentication Schemes with Smart Cards

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Khan, M.K. ; Res. Group for Biometrics & Security, Bahria Univ., Karachi

Recently, Yang et al. proposed an improvement of two password authentication schemes based on timestamp and nonce. They claimed that their schemes are secure against different kind of attacks. However, we point out that their schemes are vulnerable and can easily be cryptanalyzed. We demonstrate that their schemes perform unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, thus their schemes are susceptible to the server spoofing attack. To fill this security gap, we present an improvement which overcomes the weakness of Yang et al.'s schemes. As a result, our improved security patch establishes trust between client and remote system in the form of mutual authentication.

Published in:

Multitopic Conference, 2007. INMIC 2007. IEEE International

Date of Conference:

28-30 Dec. 2007