Skip to Main Content
With the popularity of computer network, smart card based remote user authentication is receiving more and more attention than ever. Recently, Liaw et al. proposed an efficient and complete remote user authentication scheme using smart cards. Its security depends on the one-way hash function and is nonce-based. They claim that it achieves more functionality and satisfies all criteria and can withstand the replay attack. Nevertheless, there still exist several security flaws in their scheme. In this paper, we give a cryptanalysis of the scheme and present that the scheme is vulnerable and insecure against at least four kinds of attack, including the offline password guessing attack, two impersonation attacks, the intruder-in-the-middle attack and the denial-of-service attack.
Date of Conference: 24-26 Sept. 2009