Skip to Main Content
Recently smart card authentication scheme based on symmetric key encryption is proposed. It provides mutual authentication between user and server and generates a session key. Its security depends on the one-way hash function and symmetric cryptosystem. It has been claimed that the scheme is secure and provides mutual authentication. In addition, it withstands replay attack, impersonation attack and parallel session attack. This paper shows that the scheme is vulnerable to perfect forward secrecy and Denial-of-Service attack.