On the Security of ``an efficient and complete remote user authentication scheme''
Manik Lal Das
TL;DR
This paper critically analyzes Liaw et al.'s remote user authentication scheme, revealing that it is completely insecure as attackers can easily gain unauthorized access by intercepting login messages.
Contribution
The paper exposes security flaws in Liaw et al.'s scheme, demonstrating its vulnerability to impersonation attacks and invalidating its claimed security features.
Findings
Liaw et al.'s scheme is insecure against interception attacks.
Unauthorized users can login without registration.
The scheme's security claims are invalidated.
Abstract
Recently, Liaw et al. proposed a remote user authentication scheme using smart cards. Their scheme has claimed a number of features e.g. mutual authentication, no clock synchronization, no verifier table, flexible user password change, etc. We show that Liaw et al.'s scheme is completely insecure. By intercepting a valid login message in Liaw et al.'s scheme, any unregistered user or adversary can easily login to the remote system and establish a session key.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Advanced Authentication Protocols Security · Biometric Identification and Security