A Review and Cryptanalysis of Similar Timestamp-Based Password Authentication Schemes Using Smart Cards

Pathan, Al-Sakib Khan
April 2010
International Journal of Communication Networks & Information Se;Apr2010, Vol. 2 Issue 1, p15
Academic Journal
The intent of this paper is to review some timestamp-based password authentication schemes using smart cards which have similar working principles. Many of the proposed timestampbased password authentication schemes were subsequently found to be insecure. Here, we investigate three schemes with similar working principles, show that they are vulnerable to tricky forgery attacks, and thus they fail to ensure the level of security that is needed for remote login procedure using smart cards. Though there are numerous works available in this field, to the best of our knowledge this is the first time we have found some critical flaws in these schemes that were not detected previously. Along with the proofs of their flaws and inefficiencies, we note down our solution which could surmount all sorts of known attacks and thus reduces the probability of intelligent forgery attacks. We provide a detailed literature review how the schemes have been developed and modified throughout years. We prove that some of the schemes which so far have been thought to be intractable are still flawed, in spite of their later improvements.


Related Articles

  • Dynamic Identity Based Authentication Protocol for Two-Server Architecture. Sood, Sandeep K. // Journal of Information Security;Oct2012, Vol. 3 Issue 4, p326 

    Most of the password based authentication protocols make use of the single authentication server for user's authentication. User's verifier information stored on the single server is a main point of susceptibility and remains an attractive target for the attacker. On the other hand, multi-server...

  • A Novel Time Variant Authentication Technique of Remote User using Smart Card. Koner, Chandan; Bhunia, Chandan Tilak; Maulik, Ujjwal // International Journal on Recent Trends in Engineering & Technolo;May2010, Vol. 3 Issue 2, p128 

    Authentication of remote user needs research due to increasing security threats and attacks with the increasing volume of wired and wireless traffic. All of the password-based remote user authentication technique checks the authenticity of remote user for only one time at the time of user login....

  • Enabling Distributed Corba Access to Smart Card Applications. Chan, Alvin T.S.; Tse, Florine; Cao, Jiannong; Leong, HongVa // IEEE Internet Computing;May/Jun2002, Vol. 6 Issue 3, p27 

    Discusses the application of common object request broker architecture wrapper technology by the OrbCard framework to extend smart card services to a distributed computing environment. Role of smart card technology in providing security and access control mechanisms for processing online...

  • Weakness and Improvement of the Smart Card Based Remote User Authentication Scheme with Anonymity. YUNG-CHENG LEE // Journal of Information Science & Engineering;Nov2013, Vol. 29 Issue 6, p1121 

    Today, people benefit various services through networks. However, due to the open environment of communications, networks are vulnerable to variety of security risks. Remote access capability is one of the critical functions for network systems. The remote user authentication scheme provides the...

  • PASSWORD POLICIES. De Clercq, Jan // Windows IT Pro;Jan2008, Vol. 14 Issue 1, p53 

    The article discusses the Windows Server 2008 password policies. It states that a significant restriction of the password policies in Windows 2003 and 2004 is that administrators can specify only one password policy that applies to all user accounts in a domain. Windows Server 2008 defines...

  • Keeping track of all your user IDs and passwords. LeClair, Lee // Inside Tucson Business;2/16/2009, Vol. 18 Issue 38, p15 

    The article reports on how to keep track of several user identifications and passwords in Arizona. It states that one way of keeping track of accounts and passwords is to use a password management utility. The author suggests to use a utility if is convenient and helps the user but be careful...

  • Microsoft warns of DNS server flaw.  // Network World;4/16/2007, Vol. 24 Issue 15, p5 

    The article reports on the issues that computer users are taking advantage to the newly disclosed vulnerability in several of Microsoft's server products that could let them run unauthorized code on affected computers, according to Microsoft Corp. The report noted that the vulnerability lies in...

  • Microsoft airs virtualization test program. Fontana, John // Network World;11/13/2006, Vol. 23 Issue 44, p34 

    The article reports on the announcement of Microsoft Corp.'s one possible plan software distribution offerings along with the introduction of a program that allows users test server applications within a virtualized environment. The Virtual Test Drive Program which is named for Microsoft's...

  • Password-authenticated key exchange based on RSA. MacKenzie, Philip; Patel, Sarvar; Swaminathan, Ram // International Journal of Information Security;Dec2010, Vol. 9 Issue 6, p387 

    There have been many proposals in recent years for password-authenticated key exchange protocols, i.e., protocols in which two parties who share only a short secret password perform a key exchange authenticated with the password. However, the only ones that have been proven secured against...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics